aws
diff --git a/‎CHANGELOG.md
+20 b/‎CHANGELOG.md
+20
diff --git a/‎aws/version.go
+1-1 b/‎aws/version.go
+1-1
diff --git a/‎models/apis/cloudformation/2010-05-15/api-2.json
+24-3 b/‎models/apis/cloudformation/2010-05-15/api-2.json
+24-3
diff --git a/‎models/apis/cloudformation/2010-05-15/docs-2.json
+43-1 b/‎models/apis/cloudformation/2010-05-15/docs-2.json
+43-1
diff --git a/‎models/apis/config/2014-11-12/docs-2.json
+5-5 b/‎models/apis/config/2014-11-12/docs-2.json
+5-5
diff --git a/‎models/apis/glue/2017-03-31/api-2.json
+2 b/‎models/apis/glue/2017-03-31/api-2.json
+2
diff --git a/‎models/apis/glue/2017-03-31/docs-2.json
+6-4 b/‎models/apis/glue/2017-03-31/docs-2.json
+6-4
@@ -1,3 +1,23 @@
+Release v1.51.21 (2024-04-12)
+===
+
+### Service Client Updates
+* `service/cloudformation`: Updates service API and documentation
+  * Adding support for the new parameter "IncludePropertyValues" in the CloudFormation DescribeChangeSet API. When this parameter is included, the DescribeChangeSet response will include more detailed information such as before and after values for the resource properties that will change.
+* `service/config`: Updates service documentation
+* `service/glue`: Updates service API and documentation
+  * Modifying request for GetUnfilteredTableMetadata for view-related fields.
+* `service/healthlake`: Updates service API and documentation
+* `service/iotfleethub`: Updates service documentation
+* `service/kms`: Updates service API, documentation, paginators, and examples
+  * This feature supports the ability to specify a custom rotation period for automatic key rotations, the ability to perform on-demand key rotations, and visibility into your key material rotations.
+* `service/mediatailor`: Updates service API and documentation
+* `service/outposts`: Updates service API
+* `service/redshift`: Updates service API and documentation
+  * Adds support for Amazon Redshift DescribeClusterSnapshots API to include Snapshot ARN response field.
+* `service/transfer`: Updates service API and documentation
+  * This change releases support for importing self signed certificates to the Transfer Family for sending outbound file transfers over TLS/HTTPS.
+
 Release v1.51.20 (2024-04-11)
 ===
 
 
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.51.20"
+const SDKVersion = "1.51.21"
@@ -1318,6 +1318,8 @@
         "Arn":{"shape":"PrivateTypeArn"}
       }
     },
+    "AfterContext":{"type":"string"},
+    "AfterValue":{"type":"string"},
     "AllowedValue":{"type":"string"},
     "AllowedValues":{
       "type":"list",
@@ -1335,6 +1337,14 @@
       "exception":true
     },
     "Arn":{"type":"string"},
+    "AttributeChangeType":{
+      "type":"string",
+      "enum":[
+        "Add",
+        "Remove",
+        "Modify"
+      ]
+    },
     "AutoDeployment":{
       "type":"structure",
       "members":{
@@ -1371,6 +1381,8 @@
         "TypeConfigurations":{"shape":"TypeConfigurationDetailsList"}
       }
     },
+    "BeforeContext":{"type":"string"},
+    "BeforeValue":{"type":"string"},
     "BoxedInteger":{
       "type":"integer",
       "box":true
@@ -1947,7 +1959,8 @@
       "members":{
         "ChangeSetName":{"shape":"ChangeSetNameOrId"},
         "StackName":{"shape":"StackNameOrId"},
-        "NextToken":{"shape":"NextToken"}
+        "NextToken":{"shape":"NextToken"},
+        "IncludePropertyValues":{"shape":"IncludePropertyValues"}
       }
     },
     "DescribeChangeSetOutput":{
@@ -2686,6 +2699,7 @@
       "min":0
     },
     "IncludeNestedStacks":{"type":"boolean"},
+    "IncludePropertyValues":{"type":"boolean"},
     "InsufficientCapabilitiesException":{
       "type":"structure",
       "members":{
@@ -3609,7 +3623,9 @@
         "Scope":{"shape":"Scope"},
         "Details":{"shape":"ResourceChangeDetails"},
         "ChangeSetId":{"shape":"ChangeSetId"},
-        "ModuleInfo":{"shape":"ModuleInfo"}
+        "ModuleInfo":{"shape":"ModuleInfo"},
+        "BeforeContext":{"shape":"BeforeContext"},
+        "AfterContext":{"shape":"AfterContext"}
       }
     },
     "ResourceChangeDetail":{
@@ -3700,6 +3716,7 @@
       "min":1
     },
     "ResourceProperties":{"type":"string"},
+    "ResourcePropertyPath":{"type":"string"},
     "ResourceScanId":{"type":"string"},
     "ResourceScanInProgressException":{
       "type":"structure",
@@ -3808,7 +3825,11 @@
       "members":{
         "Attribute":{"shape":"ResourceAttribute"},
         "Name":{"shape":"PropertyName"},
-        "RequiresRecreation":{"shape":"RequiresRecreation"}
+        "RequiresRecreation":{"shape":"RequiresRecreation"},
+        "Path":{"shape":"ResourcePropertyPath"},
+        "BeforeValue":{"shape":"BeforeValue"},
+        "AfterValue":{"shape":"AfterValue"},
+        "AttributeChangeType":{"shape":"AttributeChangeType"}
       }
     },
     "ResourceToImport":{
 
@@ -176,6 +176,18 @@
       "refs": {
       }
     },
+    "AfterContext": {
+      "base": null,
+      "refs": {
+        "ResourceChange$AfterContext": "<p>An encoded JSON string containing the context of the resource after the change is executed.</p>"
+      }
+    },
+    "AfterValue": {
+      "base": null,
+      "refs": {
+        "ResourceTargetDefinition$AfterValue": "<p>The value of the property after the change is executed. Large values can be truncated.</p>"
+      }
+    },
     "AllowedValue": {
       "base": null,
       "refs": {
@@ -199,6 +211,12 @@
         "RollbackTrigger$Arn": "<p>The Amazon Resource Name (ARN) of the rollback trigger.</p> <p>If a specified trigger is missing, the entire stack operation fails and is rolled back.</p>"
       }
     },
+    "AttributeChangeType": {
+      "base": null,
+      "refs": {
+        "ResourceTargetDefinition$AttributeChangeType": "<p>The type of change to be made to the property if the change is executed.</p> <ul> <li> <p> <code>Add</code> The item will be added.</p> </li> <li> <p> <code>Remove</code> The item will be removed.</p> </li> <li> <p> <code>Modify</code> The item will be modified.</p> </li> </ul>"
+      }
+    },
     "AutoDeployment": {
       "base": "<p>[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).</p>",
       "refs": {
@@ -243,6 +261,18 @@
       "refs": {
       }
     },
+    "BeforeContext": {
+      "base": null,
+      "refs": {
+        "ResourceChange$BeforeContext": "<p>An encoded JSON string containing the context of the resource before the change is executed.</p>"
+      }
+    },
+    "BeforeValue": {
+      "base": null,
+      "refs": {
+        "ResourceTargetDefinition$BeforeValue": "<p>The value of the property before the change is executed. Large values can be truncated.</p>"
+      }
+    },
     "BoxedInteger": {
       "base": null,
       "refs": {
@@ -454,7 +484,7 @@
     "ChangeType": {
       "base": null,
       "refs": {
-        "Change$Type": "<p>The type of entity that CloudFormation changes. Currently, the only entity type is <code>Resource</code>.</p>"
+        "Change$Type": "<p>The type of entity that CloudFormation changes.</p> <ul> <li> <p> <code>Resource</code> This change is for a resource.</p> </li> </ul>"
       }
     },
     "Changes": {
@@ -1294,6 +1324,12 @@
         "DescribeChangeSetOutput$IncludeNestedStacks": "<p>Verifies if <code>IncludeNestedStacks</code> is set to <code>True</code>.</p>"
       }
     },
+    "IncludePropertyValues": {
+      "base": null,
+      "refs": {
+        "DescribeChangeSetInput$IncludePropertyValues": "<p>If <code>true</code>, the returned changes include detailed changes in the property values.</p>"
+      }
+    },
     "InsufficientCapabilitiesException": {
       "base": "<p>The template contains resources with capabilities that weren't specified in the Capabilities parameter.</p>",
       "refs": {
@@ -2394,6 +2430,12 @@
         "StackEvent$ResourceProperties": "<p>BLOB of the properties used to create the resource.</p>"
       }
     },
+    "ResourcePropertyPath": {
+      "base": null,
+      "refs": {
+        "ResourceTargetDefinition$Path": "<p>The property path of the property.</p>"
+      }
+    },
     "ResourceScanId": {
       "base": null,
       "refs": {
 
@@ -713,8 +713,8 @@
     "ConfigurationItemDeliveryTime": {
       "base": null,
       "refs": {
-        "BaseConfigurationItem$configurationItemDeliveryTime": "<p>The time when configuration changes for the resource were delivered.</p>",
-        "ConfigurationItem$configurationItemDeliveryTime": "<p>The time when configuration changes for the resource were delivered.</p>"
+        "BaseConfigurationItem$configurationItemDeliveryTime": "<p>The time when configuration changes for the resource were delivered.</p> <note> <p>This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency\">Recording Frequency</a> in the <i>Config Developer Guide</i>.</p> </note>",
+        "ConfigurationItem$configurationItemDeliveryTime": "<p>The time when configuration changes for the resource were delivered.</p> <note> <p>This field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording, this field will be populated. However, if you are using continuous recording, this field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-recording-frequency\">Recording Frequency</a> in the <i>Config Developer Guide</i>.</p> </note>"
       }
     },
     "ConfigurationItemList": {
@@ -1544,7 +1544,7 @@
         "EvaluationResultQualifier$EvaluationMode": "<p>The mode of an evaluation. The valid values are Detective or Proactive.</p>",
         "GetResourceEvaluationSummaryResponse$EvaluationMode": "<p>Lists results of the mode that you requested to retrieve the resource evaluation summary. The valid values are Detective or Proactive.</p>",
         "ResourceEvaluation$EvaluationMode": "<p>The mode of an evaluation. The valid values are Detective or Proactive.</p>",
-        "ResourceEvaluationFilters$EvaluationMode": "<p>Filters all resource evaluations results based on an evaluation mode. the valid value for this API is <code>Proactive</code>.</p>",
+        "ResourceEvaluationFilters$EvaluationMode": "<p>Filters all resource evaluations results based on an evaluation mode.</p> <important> <p>Currently, <code>DECTECTIVE</code> is not supported as a valid value. Ignore other documentation stating otherwise.</p> </important>",
         "StartResourceEvaluationRequest$EvaluationMode": "<p>The mode of an evaluation. The valid values for this API are <code>DETECTIVE</code> and <code>PROACTIVE</code>.</p>"
       }
     },
@@ -2135,7 +2135,7 @@
       }
     },
     "MaxNumberOfConfigRulesExceededException": {
-      "base": "<p>Failed to add the Config rule because the account already contains the maximum number of 150 rules. Consider deleting any deactivated rules before you add new rules.</p>",
+      "base": "<p>Failed to add the Config rule because the account already contains the maximum number of 1000 rules. Consider deleting any deactivated rules before you add new rules.</p>",
       "refs": {
       }
     },
@@ -3279,7 +3279,7 @@
     "RuleLimit": {
       "base": null,
       "refs": {
-        "DescribeConfigRuleEvaluationStatusRequest$Limit": "<p>The number of rule evaluation results that you want returned.</p> <p>This parameter is required if the rule limit for your account is more than the default of 150 rules.</p> <p>For information about requesting a rule limit increase, see <a href=\"http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_config\">Config Limits</a> in the <i>Amazon Web Services General Reference Guide</i>.</p>"
+        "DescribeConfigRuleEvaluationStatusRequest$Limit": "<p>The number of rule evaluation results that you want returned.</p> <p>This parameter is required if the rule limit for your account is more than the default of 1000 rules.</p> <p>For information about requesting a rule limit increase, see <a href=\"http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_config\">Config Limits</a> in the <i>Amazon Web Services General Reference Guide</i>.</p>"
       }
     },
     "SSMDocumentName": {
 
@@ -8429,6 +8429,8 @@
         "Name":{"shape":"NameString"},
         "AuditContext":{"shape":"AuditContext"},
         "SupportedPermissionTypes":{"shape":"PermissionTypeList"},
+        "ParentResourceArn":{"shape":"ArnString"},
+        "RootResourceArn":{"shape":"ArnString"},
         "SupportedDialect":{"shape":"SupportedDialect"},
         "Permissions":{"shape":"PermissionList"},
         "QuerySessionContext":{"shape":"QuerySessionContext"}
 
@@ -133,7 +133,7 @@
     "GetTriggers": "<p>Gets all the triggers associated with a job.</p>",
     "GetUnfilteredPartitionMetadata": "<p>Retrieves partition metadata from the Data Catalog that contains unfiltered metadata.</p> <p>For IAM authorization, the public IAM action associated with this API is <code>glue:GetPartition</code>.</p>",
     "GetUnfilteredPartitionsMetadata": "<p>Retrieves partition metadata from the Data Catalog that contains unfiltered metadata.</p> <p>For IAM authorization, the public IAM action associated with this API is <code>glue:GetPartitions</code>.</p>",
-    "GetUnfilteredTableMetadata": "<p>Retrieves table metadata from the Data Catalog that contains unfiltered metadata.</p> <p>For IAM authorization, the public IAM action associated with this API is <code>glue:GetTable</code>.</p>",
+    "GetUnfilteredTableMetadata": "<p>Allows a third-party analytical engine to retrieve unfiltered table metadata from the Data Catalog.</p> <p>For IAM authorization, the public IAM action associated with this API is <code>glue:GetTable</code>.</p>",
     "GetUserDefinedFunction": "<p>Retrieves a specified function definition from the Data Catalog.</p>",
     "GetUserDefinedFunctions": "<p>Retrieves multiple function definitions from the Data Catalog.</p>",
     "GetWorkflow": "<p>Retrieves resource metadata for a workflow.</p>",
@@ -349,6 +349,8 @@
     "ArnString": {
       "base": null,
       "refs": {
+        "GetUnfilteredTableMetadataRequest$ParentResourceArn": "<p>The resource ARN of the view.</p>",
+        "GetUnfilteredTableMetadataRequest$RootResourceArn": "<p>The resource ARN of the root view in a chain of nested views.</p>",
         "GetUnfilteredTableMetadataResponse$ResourceArn": "<p>The resource ARN of the parent resource extracted from the request.</p>",
         "TableOptimizerConfiguration$roleArn": "<p>A role passed by the caller which gives the service permission to update the resources associated with the optimizer on the caller's behalf.</p>",
         "ViewDefinition$Definer": "<p>The definer of a view in SQL.</p>",
@@ -926,8 +928,8 @@
         "KafkaStreamingSourceOptions$PollTimeoutMs": "<p>The timeout in milliseconds to poll data from Kafka in Spark job executors. The default value is <code>512</code>.</p>",
         "KafkaStreamingSourceOptions$RetryIntervalMs": "<p>The time in milliseconds to wait before retrying to fetch Kafka offsets. The default value is <code>10</code>.</p>",
         "KafkaStreamingSourceOptions$MaxOffsetsPerTrigger": "<p>The rate limit on the maximum number of offsets that are processed per trigger interval. The specified total number of offsets is proportionally split across <code>topicPartitions</code> of different volumes. The default value is null, which means that the consumer reads all offsets until the known latest offset.</p>",
-        "KinesisStreamingSourceOptions$MaxFetchTimeInMs": "<p>The maximum time spent in the job executor to fetch a record from the Kinesis data stream per shard, specified in milliseconds (ms). The default value is <code>1000</code>.</p>",
-        "KinesisStreamingSourceOptions$MaxFetchRecordsPerShard": "<p>The maximum number of records to fetch per shard in the Kinesis data stream. The default value is <code>100000</code>.</p>",
+        "KinesisStreamingSourceOptions$MaxFetchTimeInMs": "<p>The maximum time spent for the job executor to read records for the current batch from the Kinesis data stream, specified in milliseconds (ms). Multiple <code>GetRecords</code> API calls may be made within this time. The default value is <code>1000</code>.</p>",
+        "KinesisStreamingSourceOptions$MaxFetchRecordsPerShard": "<p>The maximum number of records to fetch per shard in the Kinesis data stream per microbatch. Note: The client can exceed this limit if the streaming job has already read extra records from Kinesis (in the same get-records call). If <code>MaxFetchRecordsPerShard</code> needs to be strict then it needs to be a multiple of <code>MaxRecordPerRead</code>. The default value is <code>100000</code>.</p>",
         "KinesisStreamingSourceOptions$MaxRecordPerRead": "<p>The maximum number of records to fetch from the Kinesis data stream in each getRecords operation. The default value is <code>10000</code>.</p>",
         "KinesisStreamingSourceOptions$IdleTimeBetweenReadsInMs": "<p>The minimum time delay between two consecutive getRecords operations, specified in ms. The default value is <code>1000</code>. This option is only configurable for Glue version 2.0 and above.</p>",
         "KinesisStreamingSourceOptions$DescribeShardInterval": "<p>The minimum time interval between two ListShards API calls for your script to consider resharding. The default value is <code>1s</code>.</p>",
@@ -6766,7 +6768,7 @@
       "refs": {
         "GetUnfilteredPartitionMetadataRequest$SupportedPermissionTypes": "<p>(Required) A list of supported permission types. </p>",
         "GetUnfilteredPartitionsMetadataRequest$SupportedPermissionTypes": "<p>A list of supported permission types. </p>",
-        "GetUnfilteredTableMetadataRequest$SupportedPermissionTypes": "<p>(Required) A list of supported permission types. </p>"
+        "GetUnfilteredTableMetadataRequest$SupportedPermissionTypes": "<p>Indicates the level of filtering a third-party analytical engine is capable of enforcing when calling the <code>GetUnfilteredTableMetadata</code> API operation. Accepted values are:</p> <ul> <li> <p> <code>COLUMN_PERMISSION</code> - Column permissions ensure that users can access only specific columns in the table. If there are particular columns contain sensitive data, data lake administrators can define column filters that exclude access to specific columns.</p> </li> <li> <p> <code>CELL_FILTER_PERMISSION</code> - Cell-level filtering combines column filtering (include or exclude columns) and row filter expressions to restrict access to individual elements in the table.</p> </li> <li> <p> <code>NESTED_PERMISSION</code> - Nested permissions combines cell-level filtering and nested column filtering to restrict access to columns and/or nested columns in specific rows based on row filter expressions.</p> </li> <li> <p> <code>NESTED_CELL_PERMISSION</code> - Nested cell permissions combines nested permission with nested cell-level filtering. This allows different subsets of nested columns to be restricted based on an array of row filter expressions. </p> </li> </ul> <p>Note: Each of these permission types follows a hierarchical order where each subsequent permission type includes all permission of the previous type.</p> <p>Important: If you provide a supported permission type that doesn't match the user's level of permissions on the table, then Lake Formation raises an exception. For example, if the third-party engine calling the <code>GetUnfilteredTableMetadata</code> operation can enforce only column-level filtering, and the user has nested cell filtering applied on the table, Lake Formation throws an exception, and will not return unfiltered table metadata and data access credentials.</p>"
       }
     },
     "PermissionTypeMismatchException": {