From 5d00c7e9bfaf02d39eac9fa9065abc88e23afe7d Mon Sep 17 00:00:00 2001
From: awstools <awstools@amazon.com>
Date: Fri, 14 Jun 2024 18:20:30 +0000
Subject: [PATCH] feat(client-macie2): This release adds support for managing
 the status of automated sensitive data discovery for individual accounts in
 an organization, and determining whether individual S3 buckets are included
 in the scope of the analyses.

---
 clients/client-macie2/README.md               |  16 +
 clients/client-macie2/src/Macie2.ts           |  48 ++
 clients/client-macie2/src/Macie2Client.ts     |  12 +
 ...UpdateAutomatedDiscoveryAccountsCommand.ts | 116 +++++
 .../src/commands/DescribeBucketsCommand.ts    |   1 +
 ...tAutomatedDiscoveryConfigurationCommand.ts |   3 +-
 .../ListAutomatedDiscoveryAccountsCommand.ts  | 112 +++++
 .../commands/ListClassificationJobsCommand.ts |   2 +-
 .../ListClassificationScopesCommand.ts        |   2 +-
 .../ListCustomDataIdentifiersCommand.ts       |   2 +-
 .../src/commands/ListFindingsCommand.ts       |   2 +-
 .../src/commands/ListInvitationsCommand.ts    |   2 +-
 .../ListResourceProfileArtifactsCommand.ts    |   2 +-
 ...lassificationExportConfigurationCommand.ts |   2 +-
 .../src/commands/SearchResourcesCommand.ts    |   5 +-
 .../TestCustomDataIdentifierCommand.ts        |   2 +-
 ...eAutomatedDiscoveryConfigurationCommand.ts |   3 +-
 clients/client-macie2/src/commands/index.ts   |   2 +
 clients/client-macie2/src/models/models_0.ts  | 411 ++++++++--------
 clients/client-macie2/src/models/models_1.ts  | 232 ++++++++-
 ...ListAutomatedDiscoveryAccountsPaginator.ts |  24 +
 clients/client-macie2/src/pagination/index.ts |   1 +
 .../src/protocols/Aws_restJson1.ts            | 179 ++++++-
 codegen/sdk-codegen/aws-models/macie2.json    | 460 ++++++++++++++++--
 24 files changed, 1362 insertions(+), 279 deletions(-)
 create mode 100644 clients/client-macie2/src/commands/BatchUpdateAutomatedDiscoveryAccountsCommand.ts
 create mode 100644 clients/client-macie2/src/commands/ListAutomatedDiscoveryAccountsCommand.ts
 create mode 100644 clients/client-macie2/src/pagination/ListAutomatedDiscoveryAccountsPaginator.ts

diff --git a/clients/client-macie2/README.md b/clients/client-macie2/README.md
index ce12d3e7aba5..9f6a063f2c2d 100644
--- a/clients/client-macie2/README.md
+++ b/clients/client-macie2/README.md
@@ -218,6 +218,14 @@ BatchGetCustomDataIdentifiers
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/macie2/command/BatchGetCustomDataIdentifiersCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/BatchGetCustomDataIdentifiersCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/BatchGetCustomDataIdentifiersCommandOutput/)
 
+</details>
+<details>
+<summary>
+BatchUpdateAutomatedDiscoveryAccounts
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/macie2/command/BatchUpdateAutomatedDiscoveryAccountsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/BatchUpdateAutomatedDiscoveryAccountsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/BatchUpdateAutomatedDiscoveryAccountsCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -586,6 +594,14 @@ ListAllowLists
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/macie2/command/ListAllowListsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/ListAllowListsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/ListAllowListsCommandOutput/)
 
+</details>
+<details>
+<summary>
+ListAutomatedDiscoveryAccounts
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/macie2/command/ListAutomatedDiscoveryAccountsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/ListAutomatedDiscoveryAccountsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-macie2/Interface/ListAutomatedDiscoveryAccountsCommandOutput/)
+
 </details>
 <details>
 <summary>
diff --git a/clients/client-macie2/src/Macie2.ts b/clients/client-macie2/src/Macie2.ts
index 08f2b9e42e23..8d4a99b13724 100644
--- a/clients/client-macie2/src/Macie2.ts
+++ b/clients/client-macie2/src/Macie2.ts
@@ -12,6 +12,11 @@ import {
   BatchGetCustomDataIdentifiersCommandInput,
   BatchGetCustomDataIdentifiersCommandOutput,
 } from "./commands/BatchGetCustomDataIdentifiersCommand";
+import {
+  BatchUpdateAutomatedDiscoveryAccountsCommand,
+  BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+  BatchUpdateAutomatedDiscoveryAccountsCommandOutput,
+} from "./commands/BatchUpdateAutomatedDiscoveryAccountsCommand";
 import {
   CreateAllowListCommand,
   CreateAllowListCommandInput,
@@ -230,6 +235,11 @@ import {
   ListAllowListsCommandInput,
   ListAllowListsCommandOutput,
 } from "./commands/ListAllowListsCommand";
+import {
+  ListAutomatedDiscoveryAccountsCommand,
+  ListAutomatedDiscoveryAccountsCommandInput,
+  ListAutomatedDiscoveryAccountsCommandOutput,
+} from "./commands/ListAutomatedDiscoveryAccountsCommand";
 import {
   ListClassificationJobsCommand,
   ListClassificationJobsCommandInput,
@@ -382,6 +392,7 @@ import { Macie2Client, Macie2ClientConfig } from "./Macie2Client";
 const commands = {
   AcceptInvitationCommand,
   BatchGetCustomDataIdentifiersCommand,
+  BatchUpdateAutomatedDiscoveryAccountsCommand,
   CreateAllowListCommand,
   CreateClassificationJobCommand,
   CreateCustomDataIdentifierCommand,
@@ -428,6 +439,7 @@ const commands = {
   GetUsageStatisticsCommand,
   GetUsageTotalsCommand,
   ListAllowListsCommand,
+  ListAutomatedDiscoveryAccountsCommand,
   ListClassificationJobsCommand,
   ListClassificationScopesCommand,
   ListCustomDataIdentifiersCommand,
@@ -497,6 +509,24 @@ export interface Macie2 {
     cb: (err: any, data?: BatchGetCustomDataIdentifiersCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link BatchUpdateAutomatedDiscoveryAccountsCommand}
+   */
+  batchUpdateAutomatedDiscoveryAccounts(): Promise<BatchUpdateAutomatedDiscoveryAccountsCommandOutput>;
+  batchUpdateAutomatedDiscoveryAccounts(
+    args: BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<BatchUpdateAutomatedDiscoveryAccountsCommandOutput>;
+  batchUpdateAutomatedDiscoveryAccounts(
+    args: BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+    cb: (err: any, data?: BatchUpdateAutomatedDiscoveryAccountsCommandOutput) => void
+  ): void;
+  batchUpdateAutomatedDiscoveryAccounts(
+    args: BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: BatchUpdateAutomatedDiscoveryAccountsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link CreateAllowListCommand}
    */
@@ -1238,6 +1268,24 @@ export interface Macie2 {
     cb: (err: any, data?: ListAllowListsCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link ListAutomatedDiscoveryAccountsCommand}
+   */
+  listAutomatedDiscoveryAccounts(): Promise<ListAutomatedDiscoveryAccountsCommandOutput>;
+  listAutomatedDiscoveryAccounts(
+    args: ListAutomatedDiscoveryAccountsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListAutomatedDiscoveryAccountsCommandOutput>;
+  listAutomatedDiscoveryAccounts(
+    args: ListAutomatedDiscoveryAccountsCommandInput,
+    cb: (err: any, data?: ListAutomatedDiscoveryAccountsCommandOutput) => void
+  ): void;
+  listAutomatedDiscoveryAccounts(
+    args: ListAutomatedDiscoveryAccountsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListAutomatedDiscoveryAccountsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ListClassificationJobsCommand}
    */
diff --git a/clients/client-macie2/src/Macie2Client.ts b/clients/client-macie2/src/Macie2Client.ts
index 5691e9b12bba..7b2e0daf55b8 100644
--- a/clients/client-macie2/src/Macie2Client.ts
+++ b/clients/client-macie2/src/Macie2Client.ts
@@ -58,6 +58,10 @@ import {
   BatchGetCustomDataIdentifiersCommandInput,
   BatchGetCustomDataIdentifiersCommandOutput,
 } from "./commands/BatchGetCustomDataIdentifiersCommand";
+import {
+  BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+  BatchUpdateAutomatedDiscoveryAccountsCommandOutput,
+} from "./commands/BatchUpdateAutomatedDiscoveryAccountsCommand";
 import { CreateAllowListCommandInput, CreateAllowListCommandOutput } from "./commands/CreateAllowListCommand";
 import {
   CreateClassificationJobCommandInput,
@@ -179,6 +183,10 @@ import {
 import { GetUsageStatisticsCommandInput, GetUsageStatisticsCommandOutput } from "./commands/GetUsageStatisticsCommand";
 import { GetUsageTotalsCommandInput, GetUsageTotalsCommandOutput } from "./commands/GetUsageTotalsCommand";
 import { ListAllowListsCommandInput, ListAllowListsCommandOutput } from "./commands/ListAllowListsCommand";
+import {
+  ListAutomatedDiscoveryAccountsCommandInput,
+  ListAutomatedDiscoveryAccountsCommandOutput,
+} from "./commands/ListAutomatedDiscoveryAccountsCommand";
 import {
   ListClassificationJobsCommandInput,
   ListClassificationJobsCommandOutput,
@@ -296,6 +304,7 @@ export { __Client };
 export type ServiceInputTypes =
   | AcceptInvitationCommandInput
   | BatchGetCustomDataIdentifiersCommandInput
+  | BatchUpdateAutomatedDiscoveryAccountsCommandInput
   | CreateAllowListCommandInput
   | CreateClassificationJobCommandInput
   | CreateCustomDataIdentifierCommandInput
@@ -342,6 +351,7 @@ export type ServiceInputTypes =
   | GetUsageStatisticsCommandInput
   | GetUsageTotalsCommandInput
   | ListAllowListsCommandInput
+  | ListAutomatedDiscoveryAccountsCommandInput
   | ListClassificationJobsCommandInput
   | ListClassificationScopesCommandInput
   | ListCustomDataIdentifiersCommandInput
@@ -380,6 +390,7 @@ export type ServiceInputTypes =
 export type ServiceOutputTypes =
   | AcceptInvitationCommandOutput
   | BatchGetCustomDataIdentifiersCommandOutput
+  | BatchUpdateAutomatedDiscoveryAccountsCommandOutput
   | CreateAllowListCommandOutput
   | CreateClassificationJobCommandOutput
   | CreateCustomDataIdentifierCommandOutput
@@ -426,6 +437,7 @@ export type ServiceOutputTypes =
   | GetUsageStatisticsCommandOutput
   | GetUsageTotalsCommandOutput
   | ListAllowListsCommandOutput
+  | ListAutomatedDiscoveryAccountsCommandOutput
   | ListClassificationJobsCommandOutput
   | ListClassificationScopesCommandOutput
   | ListCustomDataIdentifiersCommandOutput
diff --git a/clients/client-macie2/src/commands/BatchUpdateAutomatedDiscoveryAccountsCommand.ts b/clients/client-macie2/src/commands/BatchUpdateAutomatedDiscoveryAccountsCommand.ts
new file mode 100644
index 000000000000..d3fb9ec94a01
--- /dev/null
+++ b/clients/client-macie2/src/commands/BatchUpdateAutomatedDiscoveryAccountsCommand.ts
@@ -0,0 +1,116 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { commonParams } from "../endpoint/EndpointParameters";
+import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
+import {
+  BatchUpdateAutomatedDiscoveryAccountsRequest,
+  BatchUpdateAutomatedDiscoveryAccountsResponse,
+} from "../models/models_0";
+import {
+  de_BatchUpdateAutomatedDiscoveryAccountsCommand,
+  se_BatchUpdateAutomatedDiscoveryAccountsCommand,
+} from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link BatchUpdateAutomatedDiscoveryAccountsCommand}.
+ */
+export interface BatchUpdateAutomatedDiscoveryAccountsCommandInput
+  extends BatchUpdateAutomatedDiscoveryAccountsRequest {}
+/**
+ * @public
+ *
+ * The output of {@link BatchUpdateAutomatedDiscoveryAccountsCommand}.
+ */
+export interface BatchUpdateAutomatedDiscoveryAccountsCommandOutput
+  extends BatchUpdateAutomatedDiscoveryAccountsResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Changes the status of automated sensitive data discovery for one or more accounts.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { Macie2Client, BatchUpdateAutomatedDiscoveryAccountsCommand } from "@aws-sdk/client-macie2"; // ES Modules import
+ * // const { Macie2Client, BatchUpdateAutomatedDiscoveryAccountsCommand } = require("@aws-sdk/client-macie2"); // CommonJS import
+ * const client = new Macie2Client(config);
+ * const input = { // BatchUpdateAutomatedDiscoveryAccountsRequest
+ *   accounts: [ // __listOfAutomatedDiscoveryAccountUpdate
+ *     { // AutomatedDiscoveryAccountUpdate
+ *       accountId: "STRING_VALUE",
+ *       status: "ENABLED" || "DISABLED",
+ *     },
+ *   ],
+ * };
+ * const command = new BatchUpdateAutomatedDiscoveryAccountsCommand(input);
+ * const response = await client.send(command);
+ * // { // BatchUpdateAutomatedDiscoveryAccountsResponse
+ * //   errors: [ // __listOfAutomatedDiscoveryAccountUpdateError
+ * //     { // AutomatedDiscoveryAccountUpdateError
+ * //       accountId: "STRING_VALUE",
+ * //       errorCode: "ACCOUNT_PAUSED" || "ACCOUNT_NOT_FOUND",
+ * //     },
+ * //   ],
+ * // };
+ *
+ * ```
+ *
+ * @param BatchUpdateAutomatedDiscoveryAccountsCommandInput - {@link BatchUpdateAutomatedDiscoveryAccountsCommandInput}
+ * @returns {@link BatchUpdateAutomatedDiscoveryAccountsCommandOutput}
+ * @see {@link BatchUpdateAutomatedDiscoveryAccountsCommandInput} for command's `input` shape.
+ * @see {@link BatchUpdateAutomatedDiscoveryAccountsCommandOutput} for command's `response` shape.
+ * @see {@link Macie2ClientResolvedConfig | config} for Macie2Client's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>Provides information about an error that occurred due to insufficient access to a specified resource.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>Provides information about an error that occurred due to a versioning conflict for a specified resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Provides information about an error that occurred due to an unknown internal server error, exception, or failure.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Provides information about an error that occurred because too many requests were sent during a certain amount of time.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Provides information about an error that occurred due to a syntax error in a request.</p>
+ *
+ * @throws {@link Macie2ServiceException}
+ * <p>Base exception class for all service exceptions from Macie2 service.</p>
+ *
+ * @public
+ */
+export class BatchUpdateAutomatedDiscoveryAccountsCommand extends $Command
+  .classBuilder<
+    BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+    BatchUpdateAutomatedDiscoveryAccountsCommandOutput,
+    Macie2ClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep({
+    ...commonParams,
+  })
+  .m(function (this: any, Command: any, cs: any, config: Macie2ClientResolvedConfig, o: any) {
+    return [
+      getSerdePlugin(config, this.serialize, this.deserialize),
+      getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+  })
+  .s("Macie2", "BatchUpdateAutomatedDiscoveryAccounts", {})
+  .n("Macie2Client", "BatchUpdateAutomatedDiscoveryAccountsCommand")
+  .f(void 0, void 0)
+  .ser(se_BatchUpdateAutomatedDiscoveryAccountsCommand)
+  .de(de_BatchUpdateAutomatedDiscoveryAccountsCommand)
+  .build() {}
diff --git a/clients/client-macie2/src/commands/DescribeBucketsCommand.ts b/clients/client-macie2/src/commands/DescribeBucketsCommand.ts
index a3867448759b..4753739e946c 100644
--- a/clients/client-macie2/src/commands/DescribeBucketsCommand.ts
+++ b/clients/client-macie2/src/commands/DescribeBucketsCommand.ts
@@ -65,6 +65,7 @@ export interface DescribeBucketsCommandOutput extends DescribeBucketsResponse, _
  * //     { // BucketMetadata
  * //       accountId: "STRING_VALUE",
  * //       allowsUnencryptedObjectUploads: "TRUE" || "FALSE" || "UNKNOWN",
+ * //       automatedDiscoveryMonitoringStatus: "MONITORED" || "NOT_MONITORED",
  * //       bucketArn: "STRING_VALUE",
  * //       bucketCreatedAt: new Date("TIMESTAMP"),
  * //       bucketName: "STRING_VALUE",
diff --git a/clients/client-macie2/src/commands/GetAutomatedDiscoveryConfigurationCommand.ts b/clients/client-macie2/src/commands/GetAutomatedDiscoveryConfigurationCommand.ts
index 6219a51d95bb..2539456b80df 100644
--- a/clients/client-macie2/src/commands/GetAutomatedDiscoveryConfigurationCommand.ts
+++ b/clients/client-macie2/src/commands/GetAutomatedDiscoveryConfigurationCommand.ts
@@ -36,7 +36,7 @@ export interface GetAutomatedDiscoveryConfigurationCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Retrieves the configuration settings and status of automated sensitive data discovery for an account.</p>
+ * <p>Retrieves the configuration settings and status of automated sensitive data discovery for an organization or standalone account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -47,6 +47,7 @@ export interface GetAutomatedDiscoveryConfigurationCommandOutput
  * const command = new GetAutomatedDiscoveryConfigurationCommand(input);
  * const response = await client.send(command);
  * // { // GetAutomatedDiscoveryConfigurationResponse
+ * //   autoEnableOrganizationMembers: "ALL" || "NEW" || "NONE",
  * //   classificationScopeId: "STRING_VALUE",
  * //   disabledAt: new Date("TIMESTAMP"),
  * //   firstEnabledAt: new Date("TIMESTAMP"),
diff --git a/clients/client-macie2/src/commands/ListAutomatedDiscoveryAccountsCommand.ts b/clients/client-macie2/src/commands/ListAutomatedDiscoveryAccountsCommand.ts
new file mode 100644
index 000000000000..863d7b35d543
--- /dev/null
+++ b/clients/client-macie2/src/commands/ListAutomatedDiscoveryAccountsCommand.ts
@@ -0,0 +1,112 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { commonParams } from "../endpoint/EndpointParameters";
+import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
+import { ListAutomatedDiscoveryAccountsRequest, ListAutomatedDiscoveryAccountsResponse } from "../models/models_0";
+import {
+  de_ListAutomatedDiscoveryAccountsCommand,
+  se_ListAutomatedDiscoveryAccountsCommand,
+} from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link ListAutomatedDiscoveryAccountsCommand}.
+ */
+export interface ListAutomatedDiscoveryAccountsCommandInput extends ListAutomatedDiscoveryAccountsRequest {}
+/**
+ * @public
+ *
+ * The output of {@link ListAutomatedDiscoveryAccountsCommand}.
+ */
+export interface ListAutomatedDiscoveryAccountsCommandOutput
+  extends ListAutomatedDiscoveryAccountsResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Retrieves the status of automated sensitive data discovery for one or more accounts.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { Macie2Client, ListAutomatedDiscoveryAccountsCommand } from "@aws-sdk/client-macie2"; // ES Modules import
+ * // const { Macie2Client, ListAutomatedDiscoveryAccountsCommand } = require("@aws-sdk/client-macie2"); // CommonJS import
+ * const client = new Macie2Client(config);
+ * const input = { // ListAutomatedDiscoveryAccountsRequest
+ *   accountIds: [ // __listOf__string
+ *     "STRING_VALUE",
+ *   ],
+ *   maxResults: Number("int"),
+ *   nextToken: "STRING_VALUE",
+ * };
+ * const command = new ListAutomatedDiscoveryAccountsCommand(input);
+ * const response = await client.send(command);
+ * // { // ListAutomatedDiscoveryAccountsResponse
+ * //   items: [ // __listOfAutomatedDiscoveryAccount
+ * //     { // AutomatedDiscoveryAccount
+ * //       accountId: "STRING_VALUE",
+ * //       status: "ENABLED" || "DISABLED",
+ * //     },
+ * //   ],
+ * //   nextToken: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param ListAutomatedDiscoveryAccountsCommandInput - {@link ListAutomatedDiscoveryAccountsCommandInput}
+ * @returns {@link ListAutomatedDiscoveryAccountsCommandOutput}
+ * @see {@link ListAutomatedDiscoveryAccountsCommandInput} for command's `input` shape.
+ * @see {@link ListAutomatedDiscoveryAccountsCommandOutput} for command's `response` shape.
+ * @see {@link Macie2ClientResolvedConfig | config} for Macie2Client's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>Provides information about an error that occurred due to insufficient access to a specified resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Provides information about an error that occurred due to an unknown internal server error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>Provides information about an error that occurred because a specified resource wasn't found.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Provides information about an error that occurred because too many requests were sent during a certain amount of time.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Provides information about an error that occurred due to a syntax error in a request.</p>
+ *
+ * @throws {@link Macie2ServiceException}
+ * <p>Base exception class for all service exceptions from Macie2 service.</p>
+ *
+ * @public
+ */
+export class ListAutomatedDiscoveryAccountsCommand extends $Command
+  .classBuilder<
+    ListAutomatedDiscoveryAccountsCommandInput,
+    ListAutomatedDiscoveryAccountsCommandOutput,
+    Macie2ClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep({
+    ...commonParams,
+  })
+  .m(function (this: any, Command: any, cs: any, config: Macie2ClientResolvedConfig, o: any) {
+    return [
+      getSerdePlugin(config, this.serialize, this.deserialize),
+      getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+  })
+  .s("Macie2", "ListAutomatedDiscoveryAccounts", {})
+  .n("Macie2Client", "ListAutomatedDiscoveryAccountsCommand")
+  .f(void 0, void 0)
+  .ser(se_ListAutomatedDiscoveryAccountsCommand)
+  .de(de_ListAutomatedDiscoveryAccountsCommand)
+  .build() {}
diff --git a/clients/client-macie2/src/commands/ListClassificationJobsCommand.ts b/clients/client-macie2/src/commands/ListClassificationJobsCommand.ts
index d6ee0b2b4ead..04e6c8ad331c 100644
--- a/clients/client-macie2/src/commands/ListClassificationJobsCommand.ts
+++ b/clients/client-macie2/src/commands/ListClassificationJobsCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
-import { ListClassificationJobsRequest, ListClassificationJobsResponse } from "../models/models_0";
+import { ListClassificationJobsRequest, ListClassificationJobsResponse } from "../models/models_1";
 import { de_ListClassificationJobsCommand, se_ListClassificationJobsCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-macie2/src/commands/ListClassificationScopesCommand.ts b/clients/client-macie2/src/commands/ListClassificationScopesCommand.ts
index 14a13235b527..79d9316c14f6 100644
--- a/clients/client-macie2/src/commands/ListClassificationScopesCommand.ts
+++ b/clients/client-macie2/src/commands/ListClassificationScopesCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
-import { ListClassificationScopesRequest, ListClassificationScopesResponse } from "../models/models_0";
+import { ListClassificationScopesRequest, ListClassificationScopesResponse } from "../models/models_1";
 import { de_ListClassificationScopesCommand, se_ListClassificationScopesCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-macie2/src/commands/ListCustomDataIdentifiersCommand.ts b/clients/client-macie2/src/commands/ListCustomDataIdentifiersCommand.ts
index 1a65257b8f43..647c07b75ccb 100644
--- a/clients/client-macie2/src/commands/ListCustomDataIdentifiersCommand.ts
+++ b/clients/client-macie2/src/commands/ListCustomDataIdentifiersCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
-import { ListCustomDataIdentifiersRequest, ListCustomDataIdentifiersResponse } from "../models/models_0";
+import { ListCustomDataIdentifiersRequest, ListCustomDataIdentifiersResponse } from "../models/models_1";
 import { de_ListCustomDataIdentifiersCommand, se_ListCustomDataIdentifiersCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-macie2/src/commands/ListFindingsCommand.ts b/clients/client-macie2/src/commands/ListFindingsCommand.ts
index 831a568ab56e..9f1181fd0292 100644
--- a/clients/client-macie2/src/commands/ListFindingsCommand.ts
+++ b/clients/client-macie2/src/commands/ListFindingsCommand.ts
@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { Macie2ClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../Macie2Client";
-import { ListFindingsRequest, ListFindingsResponse } from "../models/models_0";
+import { ListFindingsRequest, ListFindingsResponse } from "../models/models_1";
 import { de_ListFindingsCommand, se_ListFindingsCommand } from "../protocols/Aws_restJson1";
 
 /**
diff --git a/clients/client-macie2/src/commands/ListInvitationsCommand.ts b/clients/client-macie2/src/commands/ListInvitationsCommand.ts
index 70803b6eac59..b32c1098ffe0 100644
--- a/clients/client-macie2/src/commands/ListInvitationsCommand.ts
+++ b/clients/client-macie2/src/commands/ListInvitationsCommand.ts
@@ -28,7 +28,7 @@ export interface ListInvitationsCommandInput extends ListInvitationsRequest {}
 export interface ListInvitationsCommandOutput extends ListInvitationsResponse, __MetadataBearer {}
 
 /**
- * <p>Retrieves information about the Amazon Macie membership invitations that were received by an account.</p>
+ * <p>Retrieves information about Amazon Macie membership invitations that were received by an account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-macie2/src/commands/ListResourceProfileArtifactsCommand.ts b/clients/client-macie2/src/commands/ListResourceProfileArtifactsCommand.ts
index 5351bac17c2d..48c78059e5dc 100644
--- a/clients/client-macie2/src/commands/ListResourceProfileArtifactsCommand.ts
+++ b/clients/client-macie2/src/commands/ListResourceProfileArtifactsCommand.ts
@@ -33,7 +33,7 @@ export interface ListResourceProfileArtifactsCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Retrieves information about objects that were selected from an S3 bucket for automated sensitive data discovery.</p>
+ * <p>Retrieves information about objects that Amazon Macie selected from an S3 bucket for automated sensitive data discovery.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-macie2/src/commands/PutClassificationExportConfigurationCommand.ts b/clients/client-macie2/src/commands/PutClassificationExportConfigurationCommand.ts
index 999966287fea..e3cfd0ac9656 100644
--- a/clients/client-macie2/src/commands/PutClassificationExportConfigurationCommand.ts
+++ b/clients/client-macie2/src/commands/PutClassificationExportConfigurationCommand.ts
@@ -36,7 +36,7 @@ export interface PutClassificationExportConfigurationCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Creates or updates the configuration settings for storing data classification results.</p>
+ * <p>Adds or updates the configuration settings for storing data classification results.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-macie2/src/commands/SearchResourcesCommand.ts b/clients/client-macie2/src/commands/SearchResourcesCommand.ts
index 986f973b2019..ec228604a3c6 100644
--- a/clients/client-macie2/src/commands/SearchResourcesCommand.ts
+++ b/clients/client-macie2/src/commands/SearchResourcesCommand.ts
@@ -42,7 +42,7 @@ export interface SearchResourcesCommandOutput extends SearchResourcesResponse, _
  *         { // SearchResourcesCriteria
  *           simpleCriterion: { // SearchResourcesSimpleCriterion
  *             comparator: "EQ" || "NE",
- *             key: "ACCOUNT_ID" || "S3_BUCKET_NAME" || "S3_BUCKET_EFFECTIVE_PERMISSION" || "S3_BUCKET_SHARED_ACCESS",
+ *             key: "ACCOUNT_ID" || "S3_BUCKET_NAME" || "S3_BUCKET_EFFECTIVE_PERMISSION" || "S3_BUCKET_SHARED_ACCESS" || "AUTOMATED_DISCOVERY_MONITORING_STATUS",
  *             values: [ // __listOf__string
  *               "STRING_VALUE",
  *             ],
@@ -64,7 +64,7 @@ export interface SearchResourcesCommandOutput extends SearchResourcesResponse, _
  *         {
  *           simpleCriterion: {
  *             comparator: "EQ" || "NE",
- *             key: "ACCOUNT_ID" || "S3_BUCKET_NAME" || "S3_BUCKET_EFFECTIVE_PERMISSION" || "S3_BUCKET_SHARED_ACCESS",
+ *             key: "ACCOUNT_ID" || "S3_BUCKET_NAME" || "S3_BUCKET_EFFECTIVE_PERMISSION" || "S3_BUCKET_SHARED_ACCESS" || "AUTOMATED_DISCOVERY_MONITORING_STATUS",
  *             values: [
  *               "STRING_VALUE",
  *             ],
@@ -96,6 +96,7 @@ export interface SearchResourcesCommandOutput extends SearchResourcesResponse, _
  * //     { // MatchingResource
  * //       matchingBucket: { // MatchingBucket
  * //         accountId: "STRING_VALUE",
+ * //         automatedDiscoveryMonitoringStatus: "MONITORED" || "NOT_MONITORED",
  * //         bucketName: "STRING_VALUE",
  * //         classifiableObjectCount: Number("long"),
  * //         classifiableSizeInBytes: Number("long"),
diff --git a/clients/client-macie2/src/commands/TestCustomDataIdentifierCommand.ts b/clients/client-macie2/src/commands/TestCustomDataIdentifierCommand.ts
index 5c1683d186e2..7983de9d499a 100644
--- a/clients/client-macie2/src/commands/TestCustomDataIdentifierCommand.ts
+++ b/clients/client-macie2/src/commands/TestCustomDataIdentifierCommand.ts
@@ -28,7 +28,7 @@ export interface TestCustomDataIdentifierCommandInput extends TestCustomDataIden
 export interface TestCustomDataIdentifierCommandOutput extends TestCustomDataIdentifierResponse, __MetadataBearer {}
 
 /**
- * <p>Tests a custom data identifier.</p>
+ * <p>Tests criteria for a custom data identifier.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-macie2/src/commands/UpdateAutomatedDiscoveryConfigurationCommand.ts b/clients/client-macie2/src/commands/UpdateAutomatedDiscoveryConfigurationCommand.ts
index d099c3a4fa9e..7df32ecf80ba 100644
--- a/clients/client-macie2/src/commands/UpdateAutomatedDiscoveryConfigurationCommand.ts
+++ b/clients/client-macie2/src/commands/UpdateAutomatedDiscoveryConfigurationCommand.ts
@@ -37,7 +37,7 @@ export interface UpdateAutomatedDiscoveryConfigurationCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Enables or disables automated sensitive data discovery for an account.</p>
+ * <p>Changes the configuration settings and status of automated sensitive data discovery for an organization or standalone account.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -45,6 +45,7 @@ export interface UpdateAutomatedDiscoveryConfigurationCommandOutput
  * // const { Macie2Client, UpdateAutomatedDiscoveryConfigurationCommand } = require("@aws-sdk/client-macie2"); // CommonJS import
  * const client = new Macie2Client(config);
  * const input = { // UpdateAutomatedDiscoveryConfigurationRequest
+ *   autoEnableOrganizationMembers: "ALL" || "NEW" || "NONE",
  *   status: "ENABLED" || "DISABLED", // required
  * };
  * const command = new UpdateAutomatedDiscoveryConfigurationCommand(input);
diff --git a/clients/client-macie2/src/commands/index.ts b/clients/client-macie2/src/commands/index.ts
index e4476f0a219d..7f88e00cc286 100644
--- a/clients/client-macie2/src/commands/index.ts
+++ b/clients/client-macie2/src/commands/index.ts
@@ -1,6 +1,7 @@
 // smithy-typescript generated code
 export * from "./AcceptInvitationCommand";
 export * from "./BatchGetCustomDataIdentifiersCommand";
+export * from "./BatchUpdateAutomatedDiscoveryAccountsCommand";
 export * from "./CreateAllowListCommand";
 export * from "./CreateClassificationJobCommand";
 export * from "./CreateCustomDataIdentifierCommand";
@@ -47,6 +48,7 @@ export * from "./GetSensitivityInspectionTemplateCommand";
 export * from "./GetUsageStatisticsCommand";
 export * from "./GetUsageTotalsCommand";
 export * from "./ListAllowListsCommand";
+export * from "./ListAutomatedDiscoveryAccountsCommand";
 export * from "./ListClassificationJobsCommand";
 export * from "./ListClassificationScopesCommand";
 export * from "./ListCustomDataIdentifiersCommand";
diff --git a/clients/client-macie2/src/models/models_0.ts b/clients/client-macie2/src/models/models_0.ts
index 833395154cdf..7239a8e5224f 100644
--- a/clients/client-macie2/src/models/models_0.ts
+++ b/clients/client-macie2/src/models/models_0.ts
@@ -77,6 +77,90 @@ export interface AllowListSummary {
   updatedAt?: Date;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const AutomatedDiscoveryAccountStatus = {
+  DISABLED: "DISABLED",
+  ENABLED: "ENABLED",
+} as const;
+
+/**
+ * @public
+ */
+export type AutomatedDiscoveryAccountStatus =
+  (typeof AutomatedDiscoveryAccountStatus)[keyof typeof AutomatedDiscoveryAccountStatus];
+
+/**
+ * <p>Provides information about the status of automated sensitive data discovery for an Amazon Macie account.</p>
+ * @public
+ */
+export interface AutomatedDiscoveryAccount {
+  /**
+   * <p>The Amazon Web Services account ID for the account.</p>
+   * @public
+   */
+  accountId?: string;
+
+  /**
+   * <p>The current status of automated sensitive data discovery for the account. Possible values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>
+   * @public
+   */
+  status?: AutomatedDiscoveryAccountStatus;
+}
+
+/**
+ * <p>Changes the status of automated sensitive data discovery for an Amazon Macie account.</p>
+ * @public
+ */
+export interface AutomatedDiscoveryAccountUpdate {
+  /**
+   * <p>The Amazon Web Services account ID for the account.</p>
+   * @public
+   */
+  accountId?: string;
+
+  /**
+   * <p>The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>
+   * @public
+   */
+  status?: AutomatedDiscoveryAccountStatus;
+}
+
+/**
+ * @public
+ * @enum
+ */
+export const AutomatedDiscoveryAccountUpdateErrorCode = {
+  ACCOUNT_NOT_FOUND: "ACCOUNT_NOT_FOUND",
+  ACCOUNT_PAUSED: "ACCOUNT_PAUSED",
+} as const;
+
+/**
+ * @public
+ */
+export type AutomatedDiscoveryAccountUpdateErrorCode =
+  (typeof AutomatedDiscoveryAccountUpdateErrorCode)[keyof typeof AutomatedDiscoveryAccountUpdateErrorCode];
+
+/**
+ * <p>Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.</p>
+ * @public
+ */
+export interface AutomatedDiscoveryAccountUpdateError {
+  /**
+   * <p>The Amazon Web Services account ID for the account that the request applied to.</p>
+   * @public
+   */
+  accountId?: string;
+
+  /**
+   * <p>The error code for the error that caused the request to fail for the account (accountId). Possible values are: ACCOUNT_NOT_FOUND, the account doesn’t exist or you're not the Amazon Macie administrator for the account; and, ACCOUNT_PAUSED, Macie isn’t enabled for the account in the current Amazon Web Services Region.</p>
+   * @public
+   */
+  errorCode?: AutomatedDiscoveryAccountUpdateErrorCode;
+}
+
 /**
  * <p>Provides information about a custom data identifier.</p>
  * @public
@@ -135,6 +219,21 @@ export const AllowsUnencryptedObjectUploads = {
 export type AllowsUnencryptedObjectUploads =
   (typeof AllowsUnencryptedObjectUploads)[keyof typeof AllowsUnencryptedObjectUploads];
 
+/**
+ * @public
+ * @enum
+ */
+export const AutomatedDiscoveryMonitoringStatus = {
+  MONITORED: "MONITORED",
+  NOT_MONITORED: "NOT_MONITORED",
+} as const;
+
+/**
+ * @public
+ */
+export type AutomatedDiscoveryMonitoringStatus =
+  (typeof AutomatedDiscoveryMonitoringStatus)[keyof typeof AutomatedDiscoveryMonitoringStatus];
+
 /**
  * @public
  * @enum
@@ -179,24 +278,24 @@ export const IsMonitoredByJob = {
 export type IsMonitoredByJob = (typeof IsMonitoredByJob)[keyof typeof IsMonitoredByJob];
 
 /**
- * <p>Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.</p>
+ * <p>Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.</p>
  * @public
  */
 export interface JobDetails {
   /**
-   * <p>Specifies whether any one-time or recurring jobs are configured to analyze data in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>
+   * <p>Specifies whether any one-time or recurring jobs are configured to analyze objects in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>
    * @public
    */
   isDefinedInJob?: IsDefinedInJob;
 
   /**
-   * <p>Specifies whether any recurring jobs are configured to analyze data in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>
+   * <p>Specifies whether any recurring jobs are configured to analyze objects in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>
    * @public
    */
   isMonitoredByJob?: IsMonitoredByJob;
 
   /**
-   * <p>The unique identifier for the job that ran most recently and is configured to analyze data in the bucket, either the latest run of a recurring job or the only run of a one-time job.</p> <p>This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.</p>
+   * <p>The unique identifier for the job that ran most recently and is configured to analyze objects in the bucket, either the latest run of a recurring job or the only run of a one-time job.</p> <p>This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.</p>
    * @public
    */
   lastJobId?: string;
@@ -530,6 +629,12 @@ export interface BucketMetadata {
    */
   allowsUnencryptedObjectUploads?: AllowsUnencryptedObjectUploads;
 
+  /**
+   * <p>Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.</p>
+   * @public
+   */
+  automatedDiscoveryMonitoringStatus?: AutomatedDiscoveryMonitoringStatus;
+
   /**
    * <p>The Amazon Resource Name (ARN) of the bucket.</p>
    * @public
@@ -573,13 +678,13 @@ export interface BucketMetadata {
   errorMessage?: string;
 
   /**
-   * <p>Specifies whether any one-time or recurring classification jobs are configured to analyze data in the bucket, and, if so, the details of the job that ran most recently.</p>
+   * <p>Specifies whether any one-time or recurring classification jobs are configured to analyze objects in the bucket, and, if so, the details of the job that ran most recently.</p>
    * @public
    */
   jobDetails?: JobDetails;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if automated sensitive data discovery is disabled for your account.</p>
    * @public
    */
   lastAutomatedDiscoveryTime?: Date;
@@ -621,7 +726,7 @@ export interface BucketMetadata {
   replicationDetails?: ReplicationDetails;
 
   /**
-   * <p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.</p>
+   * <p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).</p><p>If automated sensitive data discovery has never been enabled for your account or it’s been disabled for your organization or your standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it’s been excluded from recent analyses.</p>
    * @public
    */
   sensitivityScore?: number;
@@ -870,7 +975,7 @@ export const DataIdentifierType = {
 export type DataIdentifierType = (typeof DataIdentifierType)[keyof typeof DataIdentifierType];
 
 /**
- * <p>Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for the bucket. The information also specifies the custom data identifier or managed data identifier that detected the data. This information is available only if automated sensitive data discovery is currently enabled for your account.</p>
+ * <p>Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for an account. The information also specifies the custom or managed data identifier that detected the data. This information is available only if automated sensitive data discovery has been enabled for the account.</p>
  * @public
  */
 export interface Detection {
@@ -1772,13 +1877,13 @@ export interface FindingActor {
   domainDetails?: DomainDetails;
 
   /**
-   * <p>The IP address of the device that the entity used to perform the action on the affected resource. This object also provides information such as the owner and geographic location for the IP address.</p>
+   * <p>The IP address and related details about the device that the entity used to perform the action on the affected resource. The details can include information such as the owner and geographic location of the IP address.</p>
    * @public
    */
   ipAddressDetails?: IpAddressDetails;
 
   /**
-   * <p>The type and other characteristics of the entity that performed the action on the affected resource.</p>
+   * <p>The type and other characteristics of the entity that performed the action on the affected resource. This value is null if the action was performed by an anonymous (unauthenticated) entity.</p>
    * @public
    */
   userIdentity?: UserIdentity;
@@ -2694,6 +2799,12 @@ export interface MatchingBucket {
    */
   accountId?: string;
 
+  /**
+   * <p>Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.</p>
+   * @public
+   */
+  automatedDiscoveryMonitoringStatus?: AutomatedDiscoveryMonitoringStatus;
+
   /**
    * <p>The name of the bucket.</p>
    * @public
@@ -2731,7 +2842,7 @@ export interface MatchingBucket {
   jobDetails?: JobDetails;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if automated sensitive data discovery is disabled for your account.</p>
    * @public
    */
   lastAutomatedDiscoveryTime?: Date;
@@ -2749,7 +2860,7 @@ export interface MatchingBucket {
   objectCountByEncryptionType?: ObjectCountByEncryptionType;
 
   /**
-   * <p>The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.</p>
+   * <p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).</p><p>If automated sensitive data discovery has never been enabled for your account or it’s been disabled for your organization or your standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it’s been excluded from recent analyses.</p>
    * @public
    */
   sensitivityScore?: number;
@@ -2852,7 +2963,7 @@ export interface Member {
 }
 
 /**
- * <p>Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an S3 bucket, and the status and results of the analysis. This information is available only if automated sensitive data discovery is currently enabled for your account.</p>
+ * <p>Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an account, and the status and results of the analysis. This information is available only if automated sensitive data discovery has been enabled for the account.</p>
  * @public
  */
 export interface ResourceProfileArtifact {
@@ -2895,6 +3006,7 @@ export type SearchResourcesComparator = (typeof SearchResourcesComparator)[keyof
  */
 export const SearchResourcesSimpleCriterionKey = {
   ACCOUNT_ID: "ACCOUNT_ID",
+  AUTOMATED_DISCOVERY_MONITORING_STATUS: "AUTOMATED_DISCOVERY_MONITORING_STATUS",
   S3_BUCKET_EFFECTIVE_PERMISSION: "S3_BUCKET_EFFECTIVE_PERMISSION",
   S3_BUCKET_NAME: "S3_BUCKET_NAME",
   S3_BUCKET_SHARED_ACCESS: "S3_BUCKET_SHARED_ACCESS",
@@ -2924,7 +3036,7 @@ export interface SearchResourcesSimpleCriterion {
   key?: SearchResourcesSimpleCriterionKey;
 
   /**
-   * <p>An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are:</p> <ul><li><p>ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource.</p></li> <li><p>S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the <a href="https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission">BucketPublicAccess.effectivePermission</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_NAME - A string that represents the name of an S3 bucket.</p></li> <li><p>S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the <a href="https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess">BucketMetadata.sharedAccess</a> property of an S3 bucket.</p></li></ul> <p>Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.</p>
+   * <p>An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are:</p> <ul><li><p>ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource.</p></li> <li><p>AUTOMATED_DISCOVERY_MONITORING_STATUS - A string that represents an enumerated value that Macie defines for the <a href="https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-automateddiscoverymonitoringstatus">BucketMetadata.automatedDiscoveryMonitoringStatus</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the <a href="https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission">BucketPublicAccess.effectivePermission</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_NAME - A string that represents the name of an S3 bucket.</p></li> <li><p>S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the <a href="https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess">BucketMetadata.sharedAccess</a> property of an S3 bucket.</p></li></ul> <p>Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.</p>
    * @public
    */
   values?: string[];
@@ -2985,7 +3097,7 @@ export interface SearchResourcesCriteria {
 }
 
 /**
- * <p>Provides information about the sensitivity inspection template for an Amazon Macie account. Macie uses the template's settings when it performs automated sensitive data discovery for the account.</p>
+ * <p>Provides information about the sensitivity inspection template for an Amazon Macie account.</p>
  * @public
  */
 export interface SensitivityInspectionTemplatesEntry {
@@ -3189,7 +3301,7 @@ export interface UsageRecord {
   accountId?: string;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. If the account is a member account in an organization, this value is the same as the value for the organization's Amazon Macie administrator account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. This value is null if automated sensitive data discovery hasn't been enabled for the account.</p>
    * @public
    */
   automatedDiscoveryFreeTrialStartDate?: Date;
@@ -3551,6 +3663,21 @@ export interface AllowListStatus {
   description?: string;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const AutoEnableMode = {
+  ALL: "ALL",
+  NEW: "NEW",
+  NONE: "NONE",
+} as const;
+
+/**
+ * @public
+ */
+export type AutoEnableMode = (typeof AutoEnableMode)[keyof typeof AutoEnableMode];
+
 /**
  * @public
  * @enum
@@ -3607,6 +3734,28 @@ export interface BatchGetCustomDataIdentifiersResponse {
   notFoundIdentifierIds?: string[];
 }
 
+/**
+ * @public
+ */
+export interface BatchUpdateAutomatedDiscoveryAccountsRequest {
+  /**
+   * <p>An array of objects, one for each account to change the status of automated sensitive data discovery for. Each object specifies the Amazon Web Services account ID for an account and a new status for that account.</p>
+   * @public
+   */
+  accounts?: AutomatedDiscoveryAccountUpdate[];
+}
+
+/**
+ * @public
+ */
+export interface BatchUpdateAutomatedDiscoveryAccountsResponse {
+  /**
+   * <p>An array of objects, one for each account whose status wasn’t changed. Each object identifies the account and explains why the status of automated sensitive data discovery wasn’t changed for the account. This value is null if the request succeeded for all specified accounts.</p>
+   * @public
+   */
+  errors?: AutomatedDiscoveryAccountUpdateError[];
+}
+
 /**
  * <p>Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.</p>
  * @public
@@ -3867,7 +4016,7 @@ export interface BucketStatisticsBySensitivity {
  */
 export interface S3Destination {
   /**
-   * <p>The name of the bucket.</p>
+   * <p>The name of the bucket. This must be the name of an existing general purpose bucket.</p>
    * @public
    */
   bucketName: string | undefined;
@@ -3886,7 +4035,7 @@ export interface S3Destination {
 }
 
 /**
- * <p>Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.</p>
+ * <p>Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.</p>
  * @public
  */
 export interface ClassificationExportConfiguration {
@@ -4145,7 +4294,7 @@ export interface CreateClassificationJobRequest {
   initialRun?: boolean;
 
   /**
-   * <p>The schedule for running the job. Valid values are:</p> <ul><li><p>ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property.</p></li> <li><p>SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to define the recurrence pattern for the job.</p></li></ul>
+   * <p>The schedule for running the job. Valid values are:</p> <ul><li><p>ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property.</p></li> <li><p>SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to specify the recurrence pattern for the job.</p></li></ul>
    * @public
    */
   jobType: JobType | undefined;
@@ -4157,7 +4306,7 @@ export interface CreateClassificationJobRequest {
   managedDataIdentifierIds?: string[];
 
   /**
-   * <p>The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are:</p> <ul><li><p>ALL - Use all managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. If you specify this value, specify at least one value for the customDataIdentifierIds property and don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li></ul> <p>If you don't specify a value for this property, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and you specify ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If you don't specify a value for this property or you specify RECOMMENDED for a recurring job, each job run automatically uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>For information about individual managed data identifiers or to determine which ones are in the recommended set, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> and <a href="https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
+   * <p>The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are:</p> <ul><li><p>ALL - Use all managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. If you specify this value, specify at least one value for the customDataIdentifierIds property and don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li></ul> <p>If you don't specify a value for this property, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and you specify ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If you don't specify a value for this property or you specify RECOMMENDED for a recurring job, each job run automatically uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>To learn about individual managed data identifiers or determine which ones are in the recommended set, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> or <a href="https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
    * @public
    */
   managedDataIdentifierSelector?: ManagedDataIdentifierSelector;
@@ -4709,7 +4858,7 @@ export interface Statistics {
  */
 export interface DescribeClassificationJobResponse {
   /**
-   * <p>An array of unique identifiers, one for each allow list that the job uses when it analyzes data.</p>
+   * <p>An array of unique identifiers, one for each allow list that the job is configured to use when it analyzes data.</p>
    * @public
    */
   allowListIds?: string[];
@@ -4727,7 +4876,7 @@ export interface DescribeClassificationJobResponse {
   createdAt?: Date;
 
   /**
-   * <p>An array of unique identifiers, one for each custom data identifier that the job uses when it analyzes data. This value is null if the job uses only managed data identifiers to analyze data.</p>
+   * <p>An array of unique identifiers, one for each custom data identifier that the job is configured to use when it analyzes data. This value is null if the job is configured to use only managed data identifiers to analyze data.</p>
    * @public
    */
   customDataIdentifierIds?: string[];
@@ -4787,7 +4936,7 @@ export interface DescribeClassificationJobResponse {
   managedDataIdentifierIds?: string[];
 
   /**
-   * <p>The selection type that determines which managed data identifiers the job uses when it analyzes data. Possible values are:</p> <ul><li><p>ALL - Use all managed data identifiers.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. Use only custom data identifiers (customDataIdentifierIds).</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers.</p></li></ul> <p>If this value is null, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and this value is ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If this value is null or RECOMMENDED for a recurring job, each job run uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>For information about individual managed data identifiers or to determine which ones are in the recommended set, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> and <a href="https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
+   * <p>The selection type that determines which managed data identifiers the job uses when it analyzes data. Possible values are:</p> <ul><li><p>ALL - Use all managed data identifiers.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. Use only custom data identifiers (customDataIdentifierIds).</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers.</p></li></ul> <p>If this value is null, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and this value is ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If this value is null or RECOMMENDED for a recurring job, each job run uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>To learn about individual managed data identifiers or determine which ones are in the recommended set, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> or <a href="https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
    * @public
    */
   managedDataIdentifierSelector?: ManagedDataIdentifierSelector;
@@ -4823,7 +4972,7 @@ export interface DescribeClassificationJobResponse {
   statistics?: Statistics;
 
   /**
-   * <p>A map of key-value pairs that specifies which tags (keys and values) are associated with the classification job.</p>
+   * <p>A map of key-value pairs that specifies which tags (keys and values) are associated with the job.</p>
    * @public
    */
   tags?: Record<string, string>;
@@ -5127,37 +5276,43 @@ export interface GetAutomatedDiscoveryConfigurationRequest {}
  */
 export interface GetAutomatedDiscoveryConfigurationResponse {
   /**
-   * <p>The unique identifier for the classification scope that's used when performing automated sensitive data discovery for the account. The classification scope specifies S3 buckets to exclude from automated sensitive data discovery.</p>
+   * <p>Specifies whether automated sensitive data discovery is enabled automatically for accounts in the organization. Possible values are: ALL, enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts.</p>
+   * @public
+   */
+  autoEnableOrganizationMembers?: AutoEnableMode;
+
+  /**
+   * <p>The unique identifier for the classification scope that's used when performing automated sensitive data discovery. The classification scope specifies S3 buckets to exclude from analyses.</p>
    * @public
    */
   classificationScopeId?: string;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled for the account. This value is null if automated sensitive data discovery wasn't enabled and subsequently disabled for the account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled. This value is null if automated sensitive data discovery is currently enabled.</p>
    * @public
    */
   disabledAt?: Date;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled for the account. This value is null if automated sensitive data discovery has never been enabled for the account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled. This value is null if automated sensitive data discovery has never been enabled.</p>
    * @public
    */
   firstEnabledAt?: Date;
 
   /**
-   * <p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently enabled or disabled for the account.</p>
+   * <p>The date and time, in UTC and extended ISO 8601 format, when the configuration settings or status of automated sensitive data discovery was most recently changed.</p>
    * @public
    */
   lastUpdatedAt?: Date;
 
   /**
-   * <p>The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery for the account. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.</p>
+   * <p>The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.</p>
    * @public
    */
   sensitivityInspectionTemplateId?: string;
 
   /**
-   * <p>The current status of the automated sensitive data discovery configuration for the account. Possible values are: ENABLED, use the specified settings to perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>
+   * <p>The current status of automated sensitive data discovery for the organization or account. Possible values are: ENABLED, use the specified settings to perform automated sensitive data discovery activities; and, DISABLED, don't perform automated sensitive data discovery activities.</p>
    * @public
    */
   status?: AutomatedDiscoveryStatus;
@@ -5779,7 +5934,7 @@ export interface GetResourceProfileRequest {
 }
 
 /**
- * <p>Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for your account. The statistics capture the results of automated sensitive data discovery activities that Macie has performed for the bucket. The data is available only if automated sensitive data discovery is currently enabled for your account.</p>
+ * <p>Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.</p>
  * @public
  */
 export interface ResourceStatistics {
@@ -6068,7 +6223,7 @@ export interface GetSensitivityInspectionTemplateRequest {
 }
 
 /**
- * <p>Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery for an Amazon Macie account. For information about the managed data identifiers that Amazon Macie currently provides, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
+ * <p>Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
  * @public
  */
 export interface SensitivityInspectionTemplateExcludes {
@@ -6080,7 +6235,7 @@ export interface SensitivityInspectionTemplateExcludes {
 }
 
 /**
- * <p>Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery for an Amazon Macie account. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
+ * <p>Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see <a href="https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>
  * @public
  */
 export interface SensitivityInspectionTemplateIncludes {
@@ -6114,13 +6269,13 @@ export interface GetSensitivityInspectionTemplateResponse {
   description?: string;
 
   /**
-   * <p>The managed data identifiers that are explicitly excluded (not used) when analyzing data.</p>
+   * <p>The managed data identifiers that are explicitly excluded (not used) when performing automated sensitive data discovery.</p>
    * @public
    */
   excludes?: SensitivityInspectionTemplateExcludes;
 
   /**
-   * <p>The allow lists, custom data identifiers, and managed data identifiers that are explicitly included (used) when analyzing data.</p>
+   * <p>The allow lists, custom data identifiers, and managed data identifiers that are explicitly included (used) when performing automated sensitive data discovery.</p>
    * @public
    */
   includes?: SensitivityInspectionTemplateIncludes;
@@ -6306,184 +6461,18 @@ export interface ListAllowListsResponse {
   nextToken?: string;
 }
 
-/**
- * <p>Specifies criteria for filtering the results of a request for information about classification jobs.</p>
- * @public
- */
-export interface ListJobsFilterCriteria {
-  /**
-   * <p>An array of objects, one for each condition that determines which jobs to exclude from the results.</p>
-   * @public
-   */
-  excludes?: ListJobsFilterTerm[];
-
-  /**
-   * <p>An array of objects, one for each condition that determines which jobs to include in the results.</p>
-   * @public
-   */
-  includes?: ListJobsFilterTerm[];
-}
-
-/**
- * @public
- * @enum
- */
-export const ListJobsSortAttributeName = {
-  createdAt: "createdAt",
-  jobStatus: "jobStatus",
-  jobType: "jobType",
-  name: "name",
-} as const;
-
-/**
- * @public
- */
-export type ListJobsSortAttributeName = (typeof ListJobsSortAttributeName)[keyof typeof ListJobsSortAttributeName];
-
-/**
- * <p>Specifies criteria for sorting the results of a request for information about classification jobs.</p>
- * @public
- */
-export interface ListJobsSortCriteria {
-  /**
-   * <p>The property to sort the results by.</p>
-   * @public
-   */
-  attributeName?: ListJobsSortAttributeName;
-
-  /**
-   * <p>The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.</p>
-   * @public
-   */
-  orderBy?: OrderBy;
-}
-
-/**
- * @public
- */
-export interface ListClassificationJobsRequest {
-  /**
-   * <p>The criteria to use to filter the results.</p>
-   * @public
-   */
-  filterCriteria?: ListJobsFilterCriteria;
-
-  /**
-   * <p>The maximum number of items to include in each page of the response.</p>
-   * @public
-   */
-  maxResults?: number;
-
-  /**
-   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
-   * @public
-   */
-  nextToken?: string;
-
-  /**
-   * <p>The criteria to use to sort the results.</p>
-   * @public
-   */
-  sortCriteria?: ListJobsSortCriteria;
-}
-
-/**
- * @public
- */
-export interface ListClassificationJobsResponse {
-  /**
-   * <p>An array of objects, one for each job that matches the filter criteria specified in the request.</p>
-   * @public
-   */
-  items?: JobSummary[];
-
-  /**
-   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
-   * @public
-   */
-  nextToken?: string;
-}
-
-/**
- * @public
- */
-export interface ListClassificationScopesRequest {
-  /**
-   * <p>The name of the classification scope to retrieve the unique identifier for.</p>
-   * @public
-   */
-  name?: string;
-
-  /**
-   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
-   * @public
-   */
-  nextToken?: string;
-}
-
-/**
- * @public
- */
-export interface ListClassificationScopesResponse {
-  /**
-   * <p>An array that specifies the unique identifier and name of the classification scope for the account.</p>
-   * @public
-   */
-  classificationScopes?: ClassificationScopeSummary[];
-
-  /**
-   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
-   * @public
-   */
-  nextToken?: string;
-}
-
 /**
  * @public
  */
-export interface ListCustomDataIdentifiersRequest {
+export interface ListAutomatedDiscoveryAccountsRequest {
   /**
-   * <p>The maximum number of items to include in each page of the response.</p>
+   * <p>The Amazon Web Services account ID for each account, for as many as 50 accounts. To retrieve the status for multiple accounts, append the accountIds parameter and argument for each account, separated by an ampersand (&amp;). To retrieve the status for all the accounts in an organization, omit this parameter.</p>
    * @public
    */
-  maxResults?: number;
+  accountIds?: string[];
 
   /**
-   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
-   * @public
-   */
-  nextToken?: string;
-}
-
-/**
- * @public
- */
-export interface ListCustomDataIdentifiersResponse {
-  /**
-   * <p>An array of objects, one for each custom data identifier.</p>
-   * @public
-   */
-  items?: CustomDataIdentifierSummary[];
-
-  /**
-   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
-   * @public
-   */
-  nextToken?: string;
-}
-
-/**
- * @public
- */
-export interface ListFindingsRequest {
-  /**
-   * <p>The criteria to use to filter the results.</p>
-   * @public
-   */
-  findingCriteria?: FindingCriteria;
-
-  /**
-   * <p>The maximum number of items to include in each page of the response.</p>
+   * <p>The maximum number of items to include in each page of a paginated response.</p>
    * @public
    */
   maxResults?: number;
@@ -6493,23 +6482,17 @@ export interface ListFindingsRequest {
    * @public
    */
   nextToken?: string;
-
-  /**
-   * <p>The criteria to use to sort the results.</p>
-   * @public
-   */
-  sortCriteria?: SortCriteria;
 }
 
 /**
  * @public
  */
-export interface ListFindingsResponse {
+export interface ListAutomatedDiscoveryAccountsResponse {
   /**
-   * <p>An array of strings, where each string is the unique identifier for a finding that matches the filter criteria specified in the request.</p>
+   * <p>An array of objects, one for each account specified in the request. Each object specifies the Amazon Web Services account ID for an account and the current status of automated sensitive data discovery for that account.</p>
    * @public
    */
-  findingIds?: string[];
+  items?: AutomatedDiscoveryAccount[];
 
   /**
    * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
diff --git a/clients/client-macie2/src/models/models_1.ts b/clients/client-macie2/src/models/models_1.ts
index 475dc249e034..8d0a81968012 100644
--- a/clients/client-macie2/src/models/models_1.ts
+++ b/clients/client-macie2/src/models/models_1.ts
@@ -2,9 +2,12 @@
 import {
   AdminAccount,
   AllowListCriteria,
+  AutoEnableMode,
   AutomatedDiscoveryStatus,
   ClassificationExportConfiguration,
+  ClassificationScopeSummary,
   ClassificationScopeUpdateOperation,
+  CustomDataIdentifierSummary,
   Detection,
   FindingCriteria,
   FindingPublishingFrequency,
@@ -12,6 +15,8 @@ import {
   FindingsFilterListItem,
   Invitation,
   JobStatus,
+  JobSummary,
+  ListJobsFilterTerm,
   MacieStatus,
   ManagedDataIdentifierSummary,
   MatchingResource,
@@ -26,9 +31,222 @@ import {
   SensitivityInspectionTemplateExcludes,
   SensitivityInspectionTemplateIncludes,
   SensitivityInspectionTemplatesEntry,
+  SortCriteria,
   SuppressDataIdentifier,
 } from "./models_0";
 
+/**
+ * <p>Specifies criteria for filtering the results of a request for information about classification jobs.</p>
+ * @public
+ */
+export interface ListJobsFilterCriteria {
+  /**
+   * <p>An array of objects, one for each condition that determines which jobs to exclude from the results.</p>
+   * @public
+   */
+  excludes?: ListJobsFilterTerm[];
+
+  /**
+   * <p>An array of objects, one for each condition that determines which jobs to include in the results.</p>
+   * @public
+   */
+  includes?: ListJobsFilterTerm[];
+}
+
+/**
+ * @public
+ * @enum
+ */
+export const ListJobsSortAttributeName = {
+  createdAt: "createdAt",
+  jobStatus: "jobStatus",
+  jobType: "jobType",
+  name: "name",
+} as const;
+
+/**
+ * @public
+ */
+export type ListJobsSortAttributeName = (typeof ListJobsSortAttributeName)[keyof typeof ListJobsSortAttributeName];
+
+/**
+ * <p>Specifies criteria for sorting the results of a request for information about classification jobs.</p>
+ * @public
+ */
+export interface ListJobsSortCriteria {
+  /**
+   * <p>The property to sort the results by.</p>
+   * @public
+   */
+  attributeName?: ListJobsSortAttributeName;
+
+  /**
+   * <p>The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.</p>
+   * @public
+   */
+  orderBy?: OrderBy;
+}
+
+/**
+ * @public
+ */
+export interface ListClassificationJobsRequest {
+  /**
+   * <p>The criteria to use to filter the results.</p>
+   * @public
+   */
+  filterCriteria?: ListJobsFilterCriteria;
+
+  /**
+   * <p>The maximum number of items to include in each page of the response.</p>
+   * @public
+   */
+  maxResults?: number;
+
+  /**
+   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
+   * @public
+   */
+  nextToken?: string;
+
+  /**
+   * <p>The criteria to use to sort the results.</p>
+   * @public
+   */
+  sortCriteria?: ListJobsSortCriteria;
+}
+
+/**
+ * @public
+ */
+export interface ListClassificationJobsResponse {
+  /**
+   * <p>An array of objects, one for each job that matches the filter criteria specified in the request.</p>
+   * @public
+   */
+  items?: JobSummary[];
+
+  /**
+   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListClassificationScopesRequest {
+  /**
+   * <p>The name of the classification scope to retrieve the unique identifier for.</p>
+   * @public
+   */
+  name?: string;
+
+  /**
+   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListClassificationScopesResponse {
+  /**
+   * <p>An array that specifies the unique identifier and name of the classification scope for the account.</p>
+   * @public
+   */
+  classificationScopes?: ClassificationScopeSummary[];
+
+  /**
+   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListCustomDataIdentifiersRequest {
+  /**
+   * <p>The maximum number of items to include in each page of the response.</p>
+   * @public
+   */
+  maxResults?: number;
+
+  /**
+   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListCustomDataIdentifiersResponse {
+  /**
+   * <p>An array of objects, one for each custom data identifier.</p>
+   * @public
+   */
+  items?: CustomDataIdentifierSummary[];
+
+  /**
+   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
+/**
+ * @public
+ */
+export interface ListFindingsRequest {
+  /**
+   * <p>The criteria to use to filter the results.</p>
+   * @public
+   */
+  findingCriteria?: FindingCriteria;
+
+  /**
+   * <p>The maximum number of items to include in each page of the response.</p>
+   * @public
+   */
+  maxResults?: number;
+
+  /**
+   * <p>The nextToken string that specifies which page of results to return in a paginated response.</p>
+   * @public
+   */
+  nextToken?: string;
+
+  /**
+   * <p>The criteria to use to sort the results.</p>
+   * @public
+   */
+  sortCriteria?: SortCriteria;
+}
+
+/**
+ * @public
+ */
+export interface ListFindingsResponse {
+  /**
+   * <p>An array of strings, where each string is the unique identifier for a finding that matches the filter criteria specified in the request.</p>
+   * @public
+   */
+  findingIds?: string[];
+
+  /**
+   * <p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>
+   * @public
+   */
+  nextToken?: string;
+}
+
 /**
  * @public
  */
@@ -625,7 +843,13 @@ export interface UpdateAllowListResponse {
  */
 export interface UpdateAutomatedDiscoveryConfigurationRequest {
   /**
-   * <p>The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, start or resume automated sensitive data discovery activities for the account; and, DISABLED, stop performing automated sensitive data discovery activities for the account.</p> <p>When you enable automated sensitive data discovery for the first time, Amazon Macie uses default configuration settings to determine which data sources to analyze and which managed data identifiers to use. To change these settings, use the UpdateClassificationScope and UpdateSensitivityInspectionTemplate operations, respectively. If you change the settings and subsequently disable the configuration, Amazon Macie retains your changes.</p>
+   * <p>Specifies whether to automatically enable automated sensitive data discovery for accounts in the organization. Valid values are: ALL (default), enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts.</p> <p>If you specify NEW or NONE, automated sensitive data discovery continues to be enabled for any existing accounts that it's currently enabled for. To enable or disable it for individual member accounts, specify NEW or NONE, and then enable or disable it for each account by using the BatchUpdateAutomatedDiscoveryAccounts operation.</p>
+   * @public
+   */
+  autoEnableOrganizationMembers?: AutoEnableMode;
+
+  /**
+   * <p>The new status of automated sensitive data discovery for the organization or account. Valid values are: ENABLED, start or resume all automated sensitive data discovery activities; and, DISABLED, stop performing all automated sensitive data discovery activities.</p> <p>If you specify DISABLED for an administrator account, you also disable automated sensitive data discovery for all member accounts in the organization.</p>
    * @public
    */
   status: AutomatedDiscoveryStatus | undefined;
@@ -823,7 +1047,7 @@ export interface UpdateMemberSessionResponse {}
  */
 export interface UpdateOrganizationConfigurationRequest {
   /**
-   * <p>Specifies whether to enable Amazon Macie automatically for an account when the account is added to the organization in Organizations.</p>
+   * <p>Specifies whether to enable Amazon Macie automatically for accounts that are added to the organization in Organizations.</p>
    * @public
    */
   autoEnable: boolean | undefined;
@@ -941,7 +1165,7 @@ export interface UpdateSensitivityInspectionTemplateRequest {
   description?: string;
 
   /**
-   * <p>The managed data identifiers to explicitly exclude (not use) when analyzing data.</p> <p>To exclude an allow list or custom data identifier that's currently included by the template, update the values for the SensitivityInspectionTemplateIncludes.allowListIds and SensitivityInspectionTemplateIncludes.customDataIdentifierIds properties, respectively.</p>
+   * <p>The managed data identifiers to explicitly exclude (not use) when performing automated sensitive data discovery.</p> <p>To exclude an allow list or custom data identifier that's currently included by the template, update the values for the SensitivityInspectionTemplateIncludes.allowListIds and SensitivityInspectionTemplateIncludes.customDataIdentifierIds properties, respectively.</p>
    * @public
    */
   excludes?: SensitivityInspectionTemplateExcludes;
@@ -953,7 +1177,7 @@ export interface UpdateSensitivityInspectionTemplateRequest {
   id: string | undefined;
 
   /**
-   * <p>The allow lists, custom data identifiers, and managed data identifiers to explicitly include (use) when analyzing data.</p>
+   * <p>The allow lists, custom data identifiers, and managed data identifiers to explicitly include (use) when performing automated sensitive data discovery.</p>
    * @public
    */
   includes?: SensitivityInspectionTemplateIncludes;
diff --git a/clients/client-macie2/src/pagination/ListAutomatedDiscoveryAccountsPaginator.ts b/clients/client-macie2/src/pagination/ListAutomatedDiscoveryAccountsPaginator.ts
new file mode 100644
index 000000000000..7994a6294daf
--- /dev/null
+++ b/clients/client-macie2/src/pagination/ListAutomatedDiscoveryAccountsPaginator.ts
@@ -0,0 +1,24 @@
+// smithy-typescript generated code
+import { createPaginator } from "@smithy/core";
+import { Paginator } from "@smithy/types";
+
+import {
+  ListAutomatedDiscoveryAccountsCommand,
+  ListAutomatedDiscoveryAccountsCommandInput,
+  ListAutomatedDiscoveryAccountsCommandOutput,
+} from "../commands/ListAutomatedDiscoveryAccountsCommand";
+import { Macie2Client } from "../Macie2Client";
+import { Macie2PaginationConfiguration } from "./Interfaces";
+
+/**
+ * @public
+ */
+export const paginateListAutomatedDiscoveryAccounts: (
+  config: Macie2PaginationConfiguration,
+  input: ListAutomatedDiscoveryAccountsCommandInput,
+  ...rest: any[]
+) => Paginator<ListAutomatedDiscoveryAccountsCommandOutput> = createPaginator<
+  Macie2PaginationConfiguration,
+  ListAutomatedDiscoveryAccountsCommandInput,
+  ListAutomatedDiscoveryAccountsCommandOutput
+>(Macie2Client, ListAutomatedDiscoveryAccountsCommand, "nextToken", "nextToken", "maxResults");
diff --git a/clients/client-macie2/src/pagination/index.ts b/clients/client-macie2/src/pagination/index.ts
index 154d649663c1..30cf7bf64a43 100644
--- a/clients/client-macie2/src/pagination/index.ts
+++ b/clients/client-macie2/src/pagination/index.ts
@@ -4,6 +4,7 @@ export * from "./GetUsageStatisticsPaginator";
 // smithy-typescript generated code
 export * from "./Interfaces";
 export * from "./ListAllowListsPaginator";
+export * from "./ListAutomatedDiscoveryAccountsPaginator";
 export * from "./ListClassificationJobsPaginator";
 export * from "./ListClassificationScopesPaginator";
 export * from "./ListCustomDataIdentifiersPaginator";
diff --git a/clients/client-macie2/src/protocols/Aws_restJson1.ts b/clients/client-macie2/src/protocols/Aws_restJson1.ts
index 2ffc2b3c83f9..150100249de9 100644
--- a/clients/client-macie2/src/protocols/Aws_restJson1.ts
+++ b/clients/client-macie2/src/protocols/Aws_restJson1.ts
@@ -32,6 +32,10 @@ import {
   BatchGetCustomDataIdentifiersCommandInput,
   BatchGetCustomDataIdentifiersCommandOutput,
 } from "../commands/BatchGetCustomDataIdentifiersCommand";
+import {
+  BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+  BatchUpdateAutomatedDiscoveryAccountsCommandOutput,
+} from "../commands/BatchUpdateAutomatedDiscoveryAccountsCommand";
 import { CreateAllowListCommandInput, CreateAllowListCommandOutput } from "../commands/CreateAllowListCommand";
 import {
   CreateClassificationJobCommandInput,
@@ -153,6 +157,10 @@ import {
 import { GetUsageStatisticsCommandInput, GetUsageStatisticsCommandOutput } from "../commands/GetUsageStatisticsCommand";
 import { GetUsageTotalsCommandInput, GetUsageTotalsCommandOutput } from "../commands/GetUsageTotalsCommand";
 import { ListAllowListsCommandInput, ListAllowListsCommandOutput } from "../commands/ListAllowListsCommand";
+import {
+  ListAutomatedDiscoveryAccountsCommandInput,
+  ListAutomatedDiscoveryAccountsCommandOutput,
+} from "../commands/ListAutomatedDiscoveryAccountsCommand";
 import {
   ListClassificationJobsCommandInput,
   ListClassificationJobsCommandOutput,
@@ -266,6 +274,9 @@ import {
   AllowListSummary,
   ApiCallDetails,
   AssumedRole,
+  AutomatedDiscoveryAccount,
+  AutomatedDiscoveryAccountUpdate,
+  AutomatedDiscoveryAccountUpdateError,
   AwsAccount,
   AwsService,
   BatchGetCustomDataIdentifierSummary,
@@ -325,9 +336,7 @@ import {
   JobSummary,
   KeyValuePair,
   LastRunErrorStatus,
-  ListJobsFilterCriteria,
   ListJobsFilterTerm,
-  ListJobsSortCriteria,
   ManagedDataIdentifierSummary,
   MatchingBucket,
   MatchingResource,
@@ -399,6 +408,8 @@ import {
   WeeklySchedule,
 } from "../models/models_0";
 import {
+  ListJobsFilterCriteria,
+  ListJobsSortCriteria,
   S3ClassificationScopeExclusionUpdate,
   S3ClassificationScopeUpdate,
   SearchResourcesBucketCriteria,
@@ -453,6 +464,28 @@ export const se_BatchGetCustomDataIdentifiersCommand = async (
   return b.build();
 };
 
+/**
+ * serializeAws_restJson1BatchUpdateAutomatedDiscoveryAccountsCommand
+ */
+export const se_BatchUpdateAutomatedDiscoveryAccountsCommand = async (
+  input: BatchUpdateAutomatedDiscoveryAccountsCommandInput,
+  context: __SerdeContext
+): Promise<__HttpRequest> => {
+  const b = rb(input, context);
+  const headers: any = {
+    "content-type": "application/json",
+  };
+  b.bp("/automated-discovery/accounts");
+  let body: any;
+  body = JSON.stringify(
+    take(input, {
+      accounts: [, (_) => se___listOfAutomatedDiscoveryAccountUpdate(_, context), `accounts`],
+    })
+  );
+  b.m("PATCH").h(headers).b(body);
+  return b.build();
+};
+
 /**
  * serializeAws_restJson1CreateAllowListCommand
  */
@@ -1368,6 +1401,26 @@ export const se_ListAllowListsCommand = async (
   return b.build();
 };
 
+/**
+ * serializeAws_restJson1ListAutomatedDiscoveryAccountsCommand
+ */
+export const se_ListAutomatedDiscoveryAccountsCommand = async (
+  input: ListAutomatedDiscoveryAccountsCommandInput,
+  context: __SerdeContext
+): Promise<__HttpRequest> => {
+  const b = rb(input, context);
+  const headers: any = {};
+  b.bp("/automated-discovery/accounts");
+  const query: any = map({
+    [_aI]: [() => input.accountIds !== void 0, () => (input[_aI]! || []).map((_entry) => _entry as any)],
+    [_mR]: [() => input.maxResults !== void 0, () => input[_mR]!.toString()],
+    [_nT]: [, input[_nT]!],
+  });
+  let body: any;
+  b.m("GET").h(headers).q(query).b(body);
+  return b.build();
+};
+
 /**
  * serializeAws_restJson1ListClassificationJobsCommand
  */
@@ -1814,6 +1867,7 @@ export const se_UpdateAutomatedDiscoveryConfigurationCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      autoEnableOrganizationMembers: [, , `autoEnableOrganizationMembers`],
       status: [, , `status`],
     })
   );
@@ -2104,6 +2158,27 @@ export const de_BatchGetCustomDataIdentifiersCommand = async (
   return contents;
 };
 
+/**
+ * deserializeAws_restJson1BatchUpdateAutomatedDiscoveryAccountsCommand
+ */
+export const de_BatchUpdateAutomatedDiscoveryAccountsCommand = async (
+  output: __HttpResponse,
+  context: __SerdeContext
+): Promise<BatchUpdateAutomatedDiscoveryAccountsCommandOutput> => {
+  if (output.statusCode !== 200 && output.statusCode >= 300) {
+    return de_CommandError(output, context);
+  }
+  const contents: any = map({
+    $metadata: deserializeMetadata(output),
+  });
+  const data: Record<string, any> = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
+  const doc = take(data, {
+    errors: [, (_) => de___listOfAutomatedDiscoveryAccountUpdateError(_, context), `errors`],
+  });
+  Object.assign(contents, doc);
+  return contents;
+};
+
 /**
  * deserializeAws_restJson1CreateAllowListCommand
  */
@@ -2629,6 +2704,7 @@ export const de_GetAutomatedDiscoveryConfigurationCommand = async (
   });
   const data: Record<string, any> = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
   const doc = take(data, {
+    autoEnableOrganizationMembers: [, __expectString, `autoEnableOrganizationMembers`],
     classificationScopeId: [, __expectString, `classificationScopeId`],
     disabledAt: [, (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), `disabledAt`],
     firstEnabledAt: [, (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), `firstEnabledAt`],
@@ -3136,6 +3212,28 @@ export const de_ListAllowListsCommand = async (
   return contents;
 };
 
+/**
+ * deserializeAws_restJson1ListAutomatedDiscoveryAccountsCommand
+ */
+export const de_ListAutomatedDiscoveryAccountsCommand = async (
+  output: __HttpResponse,
+  context: __SerdeContext
+): Promise<ListAutomatedDiscoveryAccountsCommandOutput> => {
+  if (output.statusCode !== 200 && output.statusCode >= 300) {
+    return de_CommandError(output, context);
+  }
+  const contents: any = map({
+    $metadata: deserializeMetadata(output),
+  });
+  const data: Record<string, any> = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
+  const doc = take(data, {
+    items: [, (_) => de___listOfAutomatedDiscoveryAccount(_, context), `items`],
+    nextToken: [, __expectString, `nextToken`],
+  });
+  Object.assign(contents, doc);
+  return contents;
+};
+
 /**
  * deserializeAws_restJson1ListClassificationJobsCommand
  */
@@ -3957,6 +4055,20 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont
 
 // se___listOf__string omitted.
 
+/**
+ * serializeAws_restJson1__listOfAutomatedDiscoveryAccountUpdate
+ */
+const se___listOfAutomatedDiscoveryAccountUpdate = (
+  input: AutomatedDiscoveryAccountUpdate[],
+  context: __SerdeContext
+): any => {
+  return input
+    .filter((e: any) => e != null)
+    .map((entry) => {
+      return se_AutomatedDiscoveryAccountUpdate(entry, context);
+    });
+};
+
 /**
  * serializeAws_restJson1__listOfCriteriaForJob
  */
@@ -4094,6 +4206,16 @@ const se_AllowListCriteria = (input: AllowListCriteria, context: __SerdeContext)
   });
 };
 
+/**
+ * serializeAws_restJson1AutomatedDiscoveryAccountUpdate
+ */
+const se_AutomatedDiscoveryAccountUpdate = (input: AutomatedDiscoveryAccountUpdate, context: __SerdeContext): any => {
+  return take(input, {
+    accountId: [, , `accountId`],
+    status: [, , `status`],
+  });
+};
+
 /**
  * serializeAws_restJson1BucketCriteria
  */
@@ -4658,6 +4780,33 @@ const de___listOfAllowListSummary = (output: any, context: __SerdeContext): Allo
   return retVal;
 };
 
+/**
+ * deserializeAws_restJson1__listOfAutomatedDiscoveryAccount
+ */
+const de___listOfAutomatedDiscoveryAccount = (output: any, context: __SerdeContext): AutomatedDiscoveryAccount[] => {
+  const retVal = (output || [])
+    .filter((e: any) => e != null)
+    .map((entry: any) => {
+      return de_AutomatedDiscoveryAccount(entry, context);
+    });
+  return retVal;
+};
+
+/**
+ * deserializeAws_restJson1__listOfAutomatedDiscoveryAccountUpdateError
+ */
+const de___listOfAutomatedDiscoveryAccountUpdateError = (
+  output: any,
+  context: __SerdeContext
+): AutomatedDiscoveryAccountUpdateError[] => {
+  const retVal = (output || [])
+    .filter((e: any) => e != null)
+    .map((entry: any) => {
+      return de_AutomatedDiscoveryAccountUpdateError(entry, context);
+    });
+  return retVal;
+};
+
 /**
  * deserializeAws_restJson1__listOfBatchGetCustomDataIdentifierSummary
  */
@@ -5074,6 +5223,29 @@ const de_AssumedRole = (output: any, context: __SerdeContext): AssumedRole => {
   }) as any;
 };
 
+/**
+ * deserializeAws_restJson1AutomatedDiscoveryAccount
+ */
+const de_AutomatedDiscoveryAccount = (output: any, context: __SerdeContext): AutomatedDiscoveryAccount => {
+  return take(output, {
+    accountId: [, __expectString, `accountId`],
+    status: [, __expectString, `status`],
+  }) as any;
+};
+
+/**
+ * deserializeAws_restJson1AutomatedDiscoveryAccountUpdateError
+ */
+const de_AutomatedDiscoveryAccountUpdateError = (
+  output: any,
+  context: __SerdeContext
+): AutomatedDiscoveryAccountUpdateError => {
+  return take(output, {
+    accountId: [, __expectString, `accountId`],
+    errorCode: [, __expectString, `errorCode`],
+  }) as any;
+};
+
 /**
  * deserializeAws_restJson1AwsAccount
  */
@@ -5193,6 +5365,7 @@ const de_BucketMetadata = (output: any, context: __SerdeContext): BucketMetadata
   return take(output, {
     accountId: [, __expectString, `accountId`],
     allowsUnencryptedObjectUploads: [, __expectString, `allowsUnencryptedObjectUploads`],
+    automatedDiscoveryMonitoringStatus: [, __expectString, `automatedDiscoveryMonitoringStatus`],
     bucketArn: [, __expectString, `bucketArn`],
     bucketCreatedAt: [, (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)), `bucketCreatedAt`],
     bucketName: [, __expectString, `bucketName`],
@@ -5797,6 +5970,7 @@ const de_ManagedDataIdentifierSummary = (output: any, context: __SerdeContext):
 const de_MatchingBucket = (output: any, context: __SerdeContext): MatchingBucket => {
   return take(output, {
     accountId: [, __expectString, `accountId`],
+    automatedDiscoveryMonitoringStatus: [, __expectString, `automatedDiscoveryMonitoringStatus`],
     bucketName: [, __expectString, `bucketName`],
     classifiableObjectCount: [, __expectLong, `classifiableObjectCount`],
     classifiableSizeInBytes: [, __expectLong, `classifiableSizeInBytes`],
@@ -6547,6 +6721,7 @@ const isSerializableHeaderValue = (value: any): boolean =>
   (!Object.getOwnPropertyNames(value).includes("size") || value.size != 0);
 
 const _aAI = "adminAccountId";
+const _aI = "accountIds";
 const _iJC = "ignoreJobChecks";
 const _mR = "maxResults";
 const _n = "name";
diff --git a/codegen/sdk-codegen/aws-models/macie2.json b/codegen/sdk-codegen/aws-models/macie2.json
index 5189bcc73372..9997c84d25ad 100644
--- a/codegen/sdk-codegen/aws-models/macie2.json
+++ b/codegen/sdk-codegen/aws-models/macie2.json
@@ -483,6 +483,158 @@
         "smithy.api#documentation": "<p>Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.</p>"
       }
     },
+    "com.amazonaws.macie2#AutoEnableMode": {
+      "type": "enum",
+      "members": {
+        "ALL": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ALL"
+          }
+        },
+        "NEW": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "NEW"
+          }
+        },
+        "NONE": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "NONE"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Specifies whether to automatically enable automated sensitive data discovery for accounts that are part of an organization in Amazon Macie. Valid values are:</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryAccount": {
+      "type": "structure",
+      "members": {
+        "accountId": {
+          "target": "com.amazonaws.macie2#__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Web Services account ID for the account.</p>",
+            "smithy.api#jsonName": "accountId"
+          }
+        },
+        "status": {
+          "target": "com.amazonaws.macie2#AutomatedDiscoveryAccountStatus",
+          "traits": {
+            "smithy.api#documentation": "<p>The current status of automated sensitive data discovery for the account. Possible values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>",
+            "smithy.api#jsonName": "status"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Provides information about the status of automated sensitive data discovery for an Amazon Macie account.</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryAccountStatus": {
+      "type": "enum",
+      "members": {
+        "ENABLED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ENABLED"
+          }
+        },
+        "DISABLED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "DISABLED"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>The status of automated sensitive data discovery for an Amazon Macie account. Valid values are:</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdate": {
+      "type": "structure",
+      "members": {
+        "accountId": {
+          "target": "com.amazonaws.macie2#__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Web Services account ID for the account.</p>",
+            "smithy.api#jsonName": "accountId"
+          }
+        },
+        "status": {
+          "target": "com.amazonaws.macie2#AutomatedDiscoveryAccountStatus",
+          "traits": {
+            "smithy.api#documentation": "<p>The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>",
+            "smithy.api#jsonName": "status"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Changes the status of automated sensitive data discovery for an Amazon Macie account.</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdateError": {
+      "type": "structure",
+      "members": {
+        "accountId": {
+          "target": "com.amazonaws.macie2#__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Web Services account ID for the account that the request applied to.</p>",
+            "smithy.api#jsonName": "accountId"
+          }
+        },
+        "errorCode": {
+          "target": "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdateErrorCode",
+          "traits": {
+            "smithy.api#documentation": "<p>The error code for the error that caused the request to fail for the account (accountId). Possible values are: ACCOUNT_NOT_FOUND, the account doesn’t exist or you're not the Amazon Macie administrator for the account; and, ACCOUNT_PAUSED, Macie isn’t enabled for the account in the current Amazon Web Services Region.</p>",
+            "smithy.api#jsonName": "errorCode"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdateErrorCode": {
+      "type": "enum",
+      "members": {
+        "ACCOUNT_PAUSED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ACCOUNT_PAUSED"
+          }
+        },
+        "ACCOUNT_NOT_FOUND": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ACCOUNT_NOT_FOUND"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>The error code that indicates why a request failed to change the status of automated sensitive data discovery for an Amazon Macie account. Possible values are:</p>"
+      }
+    },
+    "com.amazonaws.macie2#AutomatedDiscoveryMonitoringStatus": {
+      "type": "enum",
+      "members": {
+        "MONITORED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "MONITORED"
+          }
+        },
+        "NOT_MONITORED": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "NOT_MONITORED"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Specifies whether automated sensitive data discovery is currently configured to analyze objects in an S3 bucket. Possible values are:</p>"
+      }
+    },
     "com.amazonaws.macie2#AutomatedDiscoveryStatus": {
       "type": "enum",
       "members": {
@@ -500,7 +652,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>The status of the automated sensitive data discovery configuration for an Amazon Macie account. Valid values are:</p>"
+        "smithy.api#documentation": "<p>The status of the automated sensitive data discovery configuration for an organization in Amazon Macie or a standalone Macie account. Valid values are:</p>"
       }
     },
     "com.amazonaws.macie2#AvailabilityCode": {
@@ -687,6 +839,70 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccounts": {
+      "type": "operation",
+      "input": {
+        "target": "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccountsRequest"
+      },
+      "output": {
+        "target": "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccountsResponse"
+      },
+      "errors": [
+        {
+          "target": "com.amazonaws.macie2#AccessDeniedException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ConflictException"
+        },
+        {
+          "target": "com.amazonaws.macie2#InternalServerException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ThrottlingException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ValidationException"
+        }
+      ],
+      "traits": {
+        "smithy.api#documentation": "<p>Changes the status of automated sensitive data discovery for one or more accounts.</p>",
+        "smithy.api#http": {
+          "method": "PATCH",
+          "uri": "/automated-discovery/accounts",
+          "code": 200
+        }
+      }
+    },
+    "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccountsRequest": {
+      "type": "structure",
+      "members": {
+        "accounts": {
+          "target": "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccountUpdate",
+          "traits": {
+            "smithy.api#documentation": "<p>An array of objects, one for each account to change the status of automated sensitive data discovery for. Each object specifies the Amazon Web Services account ID for an account and a new status for that account.</p>",
+            "smithy.api#jsonName": "accounts"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#input": {}
+      }
+    },
+    "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccountsResponse": {
+      "type": "structure",
+      "members": {
+        "errors": {
+          "target": "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccountUpdateError",
+          "traits": {
+            "smithy.api#documentation": "<p>An array of objects, one for each account whose status wasn’t changed. Each object identifies the account and explains why the status of automated sensitive data discovery wasn’t changed for the account. This value is null if the request succeeded for all specified accounts.</p>",
+            "smithy.api#jsonName": "errors"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#output": {}
+      }
+    },
     "com.amazonaws.macie2#BlockPublicAccess": {
       "type": "structure",
       "members": {
@@ -975,6 +1191,13 @@
             "smithy.api#jsonName": "allowsUnencryptedObjectUploads"
           }
         },
+        "automatedDiscoveryMonitoringStatus": {
+          "target": "com.amazonaws.macie2#AutomatedDiscoveryMonitoringStatus",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.</p>",
+            "smithy.api#jsonName": "automatedDiscoveryMonitoringStatus"
+          }
+        },
         "bucketArn": {
           "target": "com.amazonaws.macie2#__string",
           "traits": {
@@ -1027,14 +1250,14 @@
         "jobDetails": {
           "target": "com.amazonaws.macie2#JobDetails",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether any one-time or recurring classification jobs are configured to analyze data in the bucket, and, if so, the details of the job that ran most recently.</p>",
+            "smithy.api#documentation": "<p>Specifies whether any one-time or recurring classification jobs are configured to analyze objects in the bucket, and, if so, the details of the job that ran most recently.</p>",
             "smithy.api#jsonName": "jobDetails"
           }
         },
         "lastAutomatedDiscoveryTime": {
           "target": "com.amazonaws.macie2#__timestampIso8601",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if automated sensitive data discovery is disabled for your account.</p>",
             "smithy.api#jsonName": "lastAutomatedDiscoveryTime"
           }
         },
@@ -1083,7 +1306,7 @@
         "sensitivityScore": {
           "target": "com.amazonaws.macie2#__integer",
           "traits": {
-            "smithy.api#documentation": "<p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.</p>",
+            "smithy.api#documentation": "<p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).</p><p>If automated sensitive data discovery has never been enabled for your account or it’s been disabled for your organization or your standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it’s been excluded from recent analyses.</p>",
             "smithy.api#jsonName": "sensitivityScore"
           }
         },
@@ -1159,7 +1382,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>The error code for an error that prevented Amazon Macie from retrieving and processing metadata from Amazon S3 for an S3 bucket and the bucket's objects.</p>"
+        "smithy.api#documentation": "<p>The error code for an error that prevented Amazon Macie from retrieving and processing information about an S3 bucket and the bucket's objects.</p>"
       }
     },
     "com.amazonaws.macie2#BucketPermissionConfiguration": {
@@ -1408,7 +1631,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.</p>"
+        "smithy.api#documentation": "<p>Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.</p>"
       }
     },
     "com.amazonaws.macie2#ClassificationResult": {
@@ -1759,7 +1982,7 @@
           "target": "com.amazonaws.macie2#JobType",
           "traits": {
             "smithy.api#clientOptional": {},
-            "smithy.api#documentation": "<p>The schedule for running the job. Valid values are:</p> <ul><li><p>ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property.</p></li> <li><p>SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to define the recurrence pattern for the job.</p></li></ul>",
+            "smithy.api#documentation": "<p>The schedule for running the job. Valid values are:</p> <ul><li><p>ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property.</p></li> <li><p>SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to specify the recurrence pattern for the job.</p></li></ul>",
             "smithy.api#jsonName": "jobType",
             "smithy.api#required": {}
           }
@@ -1774,7 +1997,7 @@
         "managedDataIdentifierSelector": {
           "target": "com.amazonaws.macie2#ManagedDataIdentifierSelector",
           "traits": {
-            "smithy.api#documentation": "<p>The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are:</p> <ul><li><p>ALL - Use all managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. If you specify this value, specify at least one value for the customDataIdentifierIds property and don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li></ul> <p>If you don't specify a value for this property, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and you specify ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If you don't specify a value for this property or you specify RECOMMENDED for a recurring job, each job run automatically uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>For information about individual managed data identifiers or to determine which ones are in the recommended set, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> and <a href=\"https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html\">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>",
+            "smithy.api#documentation": "<p>The selection type to apply when determining which managed data identifiers the job uses to analyze data. Valid values are:</p> <ul><li><p>ALL - Use all managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. If you specify this value, specify at least one value for the customDataIdentifierIds property and don't specify any values for the managedDataIdentifierIds property.</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers. If you specify this value, don't specify any values for the managedDataIdentifierIds property.</p></li></ul> <p>If you don't specify a value for this property, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and you specify ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If you don't specify a value for this property or you specify RECOMMENDED for a recurring job, each job run automatically uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>To learn about individual managed data identifiers or determine which ones are in the recommended set, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> or <a href=\"https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html\">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>",
             "smithy.api#jsonName": "managedDataIdentifierSelector"
           }
         },
@@ -3259,7 +3482,7 @@
         "allowListIds": {
           "target": "com.amazonaws.macie2#__listOf__string",
           "traits": {
-            "smithy.api#documentation": "<p>An array of unique identifiers, one for each allow list that the job uses when it analyzes data.</p>",
+            "smithy.api#documentation": "<p>An array of unique identifiers, one for each allow list that the job is configured to use when it analyzes data.</p>",
             "smithy.api#jsonName": "allowListIds"
           }
         },
@@ -3281,7 +3504,7 @@
         "customDataIdentifierIds": {
           "target": "com.amazonaws.macie2#__listOf__string",
           "traits": {
-            "smithy.api#documentation": "<p>An array of unique identifiers, one for each custom data identifier that the job uses when it analyzes data. This value is null if the job uses only managed data identifiers to analyze data.</p>",
+            "smithy.api#documentation": "<p>An array of unique identifiers, one for each custom data identifier that the job is configured to use when it analyzes data. This value is null if the job is configured to use only managed data identifiers to analyze data.</p>",
             "smithy.api#jsonName": "customDataIdentifierIds"
           }
         },
@@ -3351,7 +3574,7 @@
         "managedDataIdentifierSelector": {
           "target": "com.amazonaws.macie2#ManagedDataIdentifierSelector",
           "traits": {
-            "smithy.api#documentation": "<p>The selection type that determines which managed data identifiers the job uses when it analyzes data. Possible values are:</p> <ul><li><p>ALL - Use all managed data identifiers.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. Use only custom data identifiers (customDataIdentifierIds).</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers.</p></li></ul> <p>If this value is null, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and this value is ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If this value is null or RECOMMENDED for a recurring job, each job run uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>For information about individual managed data identifiers or to determine which ones are in the recommended set, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> and <a href=\"https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html\">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>",
+            "smithy.api#documentation": "<p>The selection type that determines which managed data identifiers the job uses when it analyzes data. Possible values are:</p> <ul><li><p>ALL - Use all managed data identifiers.</p></li> <li><p>EXCLUDE - Use all managed data identifiers except the ones specified by the managedDataIdentifierIds property.</p></li> <li><p>INCLUDE - Use only the managed data identifiers specified by the managedDataIdentifierIds property.</p></li> <li><p>NONE - Don't use any managed data identifiers. Use only custom data identifiers (customDataIdentifierIds).</p></li> <li><p>RECOMMENDED (default) - Use the recommended set of managed data identifiers.</p></li></ul> <p>If this value is null, the job uses the recommended set of managed data identifiers.</p> <p>If the job is a recurring job and this value is ALL or EXCLUDE, each job run automatically uses new managed data identifiers that are released. If this value is null or RECOMMENDED for a recurring job, each job run uses all the managed data identifiers that are in the recommended set when the run starts.</p> <p>To learn about individual managed data identifiers or determine which ones are in the recommended set, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> or <a href=\"https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-mdis-recommended.html\">Recommended managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>",
             "smithy.api#jsonName": "managedDataIdentifierSelector"
           }
         },
@@ -3393,7 +3616,7 @@
         "tags": {
           "target": "com.amazonaws.macie2#TagMap",
           "traits": {
-            "smithy.api#documentation": "<p>A map of key-value pairs that specifies which tags (keys and values) are associated with the classification job.</p>",
+            "smithy.api#documentation": "<p>A map of key-value pairs that specifies which tags (keys and values) are associated with the job.</p>",
             "smithy.api#jsonName": "tags"
           }
         },
@@ -3542,7 +3765,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for the bucket. The information also specifies the custom data identifier or managed data identifier that detected the data. This information is available only if automated sensitive data discovery is currently enabled for your account.</p>"
+        "smithy.api#documentation": "<p>Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for an account. The information also specifies the custom or managed data identifier that detected the data. This information is available only if automated sensitive data discovery has been enabled for the account.</p>"
       }
     },
     "com.amazonaws.macie2#DisableMacie": {
@@ -4305,14 +4528,14 @@
         "ipAddressDetails": {
           "target": "com.amazonaws.macie2#IpAddressDetails",
           "traits": {
-            "smithy.api#documentation": "<p>The IP address of the device that the entity used to perform the action on the affected resource. This object also provides information such as the owner and geographic location for the IP address.</p>",
+            "smithy.api#documentation": "<p>The IP address and related details about the device that the entity used to perform the action on the affected resource. The details can include information such as the owner and geographic location of the IP address.</p>",
             "smithy.api#jsonName": "ipAddressDetails"
           }
         },
         "userIdentity": {
           "target": "com.amazonaws.macie2#UserIdentity",
           "traits": {
-            "smithy.api#documentation": "<p>The type and other characteristics of the entity that performed the action on the affected resource.</p>",
+            "smithy.api#documentation": "<p>The type and other characteristics of the entity that performed the action on the affected resource. This value is null if the action was performed by an anonymous (unauthenticated) entity.</p>",
             "smithy.api#jsonName": "userIdentity"
           }
         }
@@ -4767,7 +4990,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Retrieves the configuration settings and status of automated sensitive data discovery for an account.</p>",
+        "smithy.api#documentation": "<p>Retrieves the configuration settings and status of automated sensitive data discovery for an organization or standalone account.</p>",
         "smithy.api#http": {
           "method": "GET",
           "uri": "/automated-discovery/configuration",
@@ -4785,45 +5008,52 @@
     "com.amazonaws.macie2#GetAutomatedDiscoveryConfigurationResponse": {
       "type": "structure",
       "members": {
+        "autoEnableOrganizationMembers": {
+          "target": "com.amazonaws.macie2#AutoEnableMode",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies whether automated sensitive data discovery is enabled automatically for accounts in the organization. Possible values are: ALL, enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts.</p>",
+            "smithy.api#jsonName": "autoEnableOrganizationMembers"
+          }
+        },
         "classificationScopeId": {
           "target": "com.amazonaws.macie2#ClassificationScopeId",
           "traits": {
-            "smithy.api#documentation": "<p>The unique identifier for the classification scope that's used when performing automated sensitive data discovery for the account. The classification scope specifies S3 buckets to exclude from automated sensitive data discovery.</p>",
+            "smithy.api#documentation": "<p>The unique identifier for the classification scope that's used when performing automated sensitive data discovery. The classification scope specifies S3 buckets to exclude from analyses.</p>",
             "smithy.api#jsonName": "classificationScopeId"
           }
         },
         "disabledAt": {
           "target": "com.amazonaws.macie2#Timestamp",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled for the account. This value is null if automated sensitive data discovery wasn't enabled and subsequently disabled for the account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled. This value is null if automated sensitive data discovery is currently enabled.</p>",
             "smithy.api#jsonName": "disabledAt"
           }
         },
         "firstEnabledAt": {
           "target": "com.amazonaws.macie2#Timestamp",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled for the account. This value is null if automated sensitive data discovery has never been enabled for the account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled. This value is null if automated sensitive data discovery has never been enabled.</p>",
             "smithy.api#jsonName": "firstEnabledAt"
           }
         },
         "lastUpdatedAt": {
           "target": "com.amazonaws.macie2#Timestamp",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently enabled or disabled for the account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when the configuration settings or status of automated sensitive data discovery was most recently changed.</p>",
             "smithy.api#jsonName": "lastUpdatedAt"
           }
         },
         "sensitivityInspectionTemplateId": {
           "target": "com.amazonaws.macie2#SensitivityInspectionTemplateId",
           "traits": {
-            "smithy.api#documentation": "<p>The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery for the account. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.</p>",
+            "smithy.api#documentation": "<p>The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.</p>",
             "smithy.api#jsonName": "sensitivityInspectionTemplateId"
           }
         },
         "status": {
           "target": "com.amazonaws.macie2#AutomatedDiscoveryStatus",
           "traits": {
-            "smithy.api#documentation": "<p>The current status of the automated sensitive data discovery configuration for the account. Possible values are: ENABLED, use the specified settings to perform automated sensitive data discovery activities for the account; and, DISABLED, don't perform automated sensitive data discovery activities for the account.</p>",
+            "smithy.api#documentation": "<p>The current status of automated sensitive data discovery for the organization or account. Possible values are: ENABLED, use the specified settings to perform automated sensitive data discovery activities; and, DISABLED, don't perform automated sensitive data discovery activities.</p>",
             "smithy.api#jsonName": "status"
           }
         }
@@ -6368,14 +6598,14 @@
         "excludes": {
           "target": "com.amazonaws.macie2#SensitivityInspectionTemplateExcludes",
           "traits": {
-            "smithy.api#documentation": "<p>The managed data identifiers that are explicitly excluded (not used) when analyzing data.</p>",
+            "smithy.api#documentation": "<p>The managed data identifiers that are explicitly excluded (not used) when performing automated sensitive data discovery.</p>",
             "smithy.api#jsonName": "excludes"
           }
         },
         "includes": {
           "target": "com.amazonaws.macie2#SensitivityInspectionTemplateIncludes",
           "traits": {
-            "smithy.api#documentation": "<p>The allow lists, custom data identifiers, and managed data identifiers that are explicitly included (used) when analyzing data.</p>",
+            "smithy.api#documentation": "<p>The allow lists, custom data identifiers, and managed data identifiers that are explicitly included (used) when performing automated sensitive data discovery.</p>",
             "smithy.api#jsonName": "includes"
           }
         },
@@ -6979,21 +7209,21 @@
         "isDefinedInJob": {
           "target": "com.amazonaws.macie2#IsDefinedInJob",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether any one-time or recurring jobs are configured to analyze data in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>",
+            "smithy.api#documentation": "<p>Specifies whether any one-time or recurring jobs are configured to analyze objects in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>",
             "smithy.api#jsonName": "isDefinedInJob"
           }
         },
         "isMonitoredByJob": {
           "target": "com.amazonaws.macie2#IsMonitoredByJob",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether any recurring jobs are configured to analyze data in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>",
+            "smithy.api#documentation": "<p>Specifies whether any recurring jobs are configured to analyze objects in the bucket. Possible values are:</p> <ul><li><p>TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED.</p></li> <li><p>FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED.</p></li> <li><p>UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.</p></li></ul>",
             "smithy.api#jsonName": "isMonitoredByJob"
           }
         },
         "lastJobId": {
           "target": "com.amazonaws.macie2#__string",
           "traits": {
-            "smithy.api#documentation": "<p>The unique identifier for the job that ran most recently and is configured to analyze data in the bucket, either the latest run of a recurring job or the only run of a one-time job.</p> <p>This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.</p>",
+            "smithy.api#documentation": "<p>The unique identifier for the job that ran most recently and is configured to analyze objects in the bucket, either the latest run of a recurring job or the only run of a one-time job.</p> <p>This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.</p>",
             "smithy.api#jsonName": "lastJobId"
           }
         },
@@ -7006,7 +7236,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.</p>"
+        "smithy.api#documentation": "<p>Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.</p>"
       }
     },
     "com.amazonaws.macie2#JobScheduleFrequency": {
@@ -7357,6 +7587,97 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.macie2#ListAutomatedDiscoveryAccounts": {
+      "type": "operation",
+      "input": {
+        "target": "com.amazonaws.macie2#ListAutomatedDiscoveryAccountsRequest"
+      },
+      "output": {
+        "target": "com.amazonaws.macie2#ListAutomatedDiscoveryAccountsResponse"
+      },
+      "errors": [
+        {
+          "target": "com.amazonaws.macie2#AccessDeniedException"
+        },
+        {
+          "target": "com.amazonaws.macie2#InternalServerException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ResourceNotFoundException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ThrottlingException"
+        },
+        {
+          "target": "com.amazonaws.macie2#ValidationException"
+        }
+      ],
+      "traits": {
+        "smithy.api#documentation": "<p>Retrieves the status of automated sensitive data discovery for one or more accounts.</p>",
+        "smithy.api#http": {
+          "method": "GET",
+          "uri": "/automated-discovery/accounts",
+          "code": 200
+        },
+        "smithy.api#paginated": {
+          "inputToken": "nextToken",
+          "outputToken": "nextToken",
+          "items": "items",
+          "pageSize": "maxResults"
+        }
+      }
+    },
+    "com.amazonaws.macie2#ListAutomatedDiscoveryAccountsRequest": {
+      "type": "structure",
+      "members": {
+        "accountIds": {
+          "target": "com.amazonaws.macie2#__listOf__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Web Services account ID for each account, for as many as 50 accounts. To retrieve the status for multiple accounts, append the accountIds parameter and argument for each account, separated by an ampersand (&amp;). To retrieve the status for all the accounts in an organization, omit this parameter.</p>",
+            "smithy.api#httpQuery": "accountIds"
+          }
+        },
+        "maxResults": {
+          "target": "com.amazonaws.macie2#MaxResults",
+          "traits": {
+            "smithy.api#documentation": "<p>The maximum number of items to include in each page of a paginated response.</p>",
+            "smithy.api#httpQuery": "maxResults"
+          }
+        },
+        "nextToken": {
+          "target": "com.amazonaws.macie2#__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The nextToken string that specifies which page of results to return in a paginated response.</p>",
+            "smithy.api#httpQuery": "nextToken"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#input": {}
+      }
+    },
+    "com.amazonaws.macie2#ListAutomatedDiscoveryAccountsResponse": {
+      "type": "structure",
+      "members": {
+        "items": {
+          "target": "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccount",
+          "traits": {
+            "smithy.api#documentation": "<p>An array of objects, one for each account specified in the request. Each object specifies the Amazon Web Services account ID for an account and the current status of automated sensitive data discovery for that account.</p>",
+            "smithy.api#jsonName": "items"
+          }
+        },
+        "nextToken": {
+          "target": "com.amazonaws.macie2#__string",
+          "traits": {
+            "smithy.api#documentation": "<p>The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.</p>",
+            "smithy.api#jsonName": "nextToken"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#output": {}
+      }
+    },
     "com.amazonaws.macie2#ListClassificationJobs": {
       "type": "operation",
       "input": {
@@ -7857,7 +8178,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Retrieves information about the Amazon Macie membership invitations that were received by an account.</p>",
+        "smithy.api#documentation": "<p>Retrieves information about Amazon Macie membership invitations that were received by an account.</p>",
         "smithy.api#http": {
           "method": "GET",
           "uri": "/invitations",
@@ -8324,7 +8645,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Retrieves information about objects that were selected from an S3 bucket for automated sensitive data discovery.</p>",
+        "smithy.api#documentation": "<p>Retrieves information about objects that Amazon Macie selected from an S3 bucket for automated sensitive data discovery.</p>",
         "smithy.api#http": {
           "method": "GET",
           "uri": "/resource-profiles/artifacts",
@@ -8621,6 +8942,9 @@
         {
           "target": "com.amazonaws.macie2#BatchGetCustomDataIdentifiers"
         },
+        {
+          "target": "com.amazonaws.macie2#BatchUpdateAutomatedDiscoveryAccounts"
+        },
         {
           "target": "com.amazonaws.macie2#CreateAllowList"
         },
@@ -8759,6 +9083,9 @@
         {
           "target": "com.amazonaws.macie2#ListAllowLists"
         },
+        {
+          "target": "com.amazonaws.macie2#ListAutomatedDiscoveryAccounts"
+        },
         {
           "target": "com.amazonaws.macie2#ListClassificationJobs"
         },
@@ -8865,6 +9192,7 @@
           "name": "macie2"
         },
         "aws.protocols#restJson1": {},
+        "smithy.api#auth": ["aws.auth#sigv4"],
         "smithy.api#documentation": "<p>Amazon Macie</p>",
         "smithy.api#title": "Amazon Macie 2",
         "smithy.rules#endpointRuleSet": {
@@ -9886,6 +10214,13 @@
             "smithy.api#jsonName": "accountId"
           }
         },
+        "automatedDiscoveryMonitoringStatus": {
+          "target": "com.amazonaws.macie2#AutomatedDiscoveryMonitoringStatus",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies whether automated sensitive data discovery is currently configured to analyze objects in the bucket. Possible values are: MONITORED, the bucket is included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. If automated sensitive data discovery is disabled for your account, this value is NOT_MONITORED.</p>",
+            "smithy.api#jsonName": "automatedDiscoveryMonitoringStatus"
+          }
+        },
         "bucketName": {
           "target": "com.amazonaws.macie2#__string",
           "traits": {
@@ -9931,7 +10266,7 @@
         "lastAutomatedDiscoveryTime": {
           "target": "com.amazonaws.macie2#__timestampIso8601",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed objects in the bucket while performing automated sensitive data discovery. This value is null if automated sensitive data discovery is disabled for your account.</p>",
             "smithy.api#jsonName": "lastAutomatedDiscoveryTime"
           }
         },
@@ -9952,7 +10287,7 @@
         "sensitivityScore": {
           "target": "com.amazonaws.macie2#__integer",
           "traits": {
-            "smithy.api#documentation": "<p>The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.</p>",
+            "smithy.api#documentation": "<p>The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive).</p><p>If automated sensitive data discovery has never been enabled for your account or it’s been disabled for your organization or your standalone account for more than 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores objects but it’s been excluded from recent analyses.</p>",
             "smithy.api#jsonName": "sensitivityScore"
           }
         },
@@ -10350,7 +10685,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Creates or updates the configuration settings for storing data classification results.</p>",
+        "smithy.api#documentation": "<p>Adds or updates the configuration settings for storing data classification results.</p>",
         "smithy.api#http": {
           "method": "PUT",
           "uri": "/classification-export-configuration",
@@ -10673,7 +11008,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an S3 bucket, and the status and results of the analysis. This information is available only if automated sensitive data discovery is currently enabled for your account.</p>"
+        "smithy.api#documentation": "<p>Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an account, and the status and results of the analysis. This information is available only if automated sensitive data discovery has been enabled for the account.</p>"
       }
     },
     "com.amazonaws.macie2#ResourceStatistics": {
@@ -10744,7 +11079,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for your account. The statistics capture the results of automated sensitive data discovery activities that Macie has performed for the bucket. The data is available only if automated sensitive data discovery is currently enabled for your account.</p>"
+        "smithy.api#documentation": "<p>Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.</p>"
       }
     },
     "com.amazonaws.macie2#ResourcesAffected": {
@@ -11115,7 +11450,7 @@
           "target": "com.amazonaws.macie2#__string",
           "traits": {
             "smithy.api#clientOptional": {},
-            "smithy.api#documentation": "<p>The name of the bucket.</p>",
+            "smithy.api#documentation": "<p>The name of the bucket. This must be the name of an existing general purpose bucket.</p>",
             "smithy.api#jsonName": "bucketName",
             "smithy.api#required": {}
           }
@@ -11545,7 +11880,7 @@
         "values": {
           "target": "com.amazonaws.macie2#__listOf__string",
           "traits": {
-            "smithy.api#documentation": "<p>An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are:</p> <ul><li><p>ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource.</p></li> <li><p>S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the <a href=\"https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission\">BucketPublicAccess.effectivePermission</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_NAME - A string that represents the name of an S3 bucket.</p></li> <li><p>S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the <a href=\"https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess\">BucketMetadata.sharedAccess</a> property of an S3 bucket.</p></li></ul> <p>Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.</p>",
+            "smithy.api#documentation": "<p>An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are:</p> <ul><li><p>ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource.</p></li> <li><p>AUTOMATED_DISCOVERY_MONITORING_STATUS - A string that represents an enumerated value that Macie defines for the <a href=\"https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-automateddiscoverymonitoringstatus\">BucketMetadata.automatedDiscoveryMonitoringStatus</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the <a href=\"https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission\">BucketPublicAccess.effectivePermission</a> property of an S3 bucket.</p></li> <li><p>S3_BUCKET_NAME - A string that represents the name of an S3 bucket.</p></li> <li><p>S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the <a href=\"https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess\">BucketMetadata.sharedAccess</a> property of an S3 bucket.</p></li></ul> <p>Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.</p>",
             "smithy.api#jsonName": "values"
           }
         }
@@ -11580,6 +11915,12 @@
           "traits": {
             "smithy.api#enumValue": "S3_BUCKET_SHARED_ACCESS"
           }
+        },
+        "AUTOMATED_DISCOVERY_MONITORING_STATUS": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "AUTOMATED_DISCOVERY_MONITORING_STATUS"
+          }
         }
       },
       "traits": {
@@ -11840,7 +12181,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery for an Amazon Macie account. For information about the managed data identifiers that Amazon Macie currently provides, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>"
+        "smithy.api#documentation": "<p>Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>"
       }
     },
     "com.amazonaws.macie2#SensitivityInspectionTemplateId": {
@@ -11875,7 +12216,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery for an Amazon Macie account. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>"
+        "smithy.api#documentation": "<p>Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see <a href=\"https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html\">Using managed data identifiers</a> in the <i>Amazon Macie User Guide</i>.</p>"
       }
     },
     "com.amazonaws.macie2#SensitivityInspectionTemplatesEntry": {
@@ -11897,7 +12238,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Provides information about the sensitivity inspection template for an Amazon Macie account. Macie uses the template's settings when it performs automated sensitive data discovery for the account.</p>"
+        "smithy.api#documentation": "<p>Provides information about the sensitivity inspection template for an Amazon Macie account.</p>"
       }
     },
     "com.amazonaws.macie2#ServerSideEncryption": {
@@ -12594,7 +12935,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Tests a custom data identifier.</p>",
+        "smithy.api#documentation": "<p>Tests criteria for a custom data identifier.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/custom-data-identifiers/test",
@@ -13039,7 +13380,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Enables or disables automated sensitive data discovery for an account.</p>",
+        "smithy.api#documentation": "<p>Changes the configuration settings and status of automated sensitive data discovery for an organization or standalone account.</p>",
         "smithy.api#http": {
           "method": "PUT",
           "uri": "/automated-discovery/configuration",
@@ -13050,11 +13391,18 @@
     "com.amazonaws.macie2#UpdateAutomatedDiscoveryConfigurationRequest": {
       "type": "structure",
       "members": {
+        "autoEnableOrganizationMembers": {
+          "target": "com.amazonaws.macie2#AutoEnableMode",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies whether to automatically enable automated sensitive data discovery for accounts in the organization. Valid values are: ALL (default), enable it for all existing accounts and new member accounts; NEW, enable it only for new member accounts; and, NONE, don't enable it for any accounts.</p> <p>If you specify NEW or NONE, automated sensitive data discovery continues to be enabled for any existing accounts that it's currently enabled for. To enable or disable it for individual member accounts, specify NEW or NONE, and then enable or disable it for each account by using the BatchUpdateAutomatedDiscoveryAccounts operation.</p>",
+            "smithy.api#jsonName": "autoEnableOrganizationMembers"
+          }
+        },
         "status": {
           "target": "com.amazonaws.macie2#AutomatedDiscoveryStatus",
           "traits": {
             "smithy.api#clientOptional": {},
-            "smithy.api#documentation": "<p>The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, start or resume automated sensitive data discovery activities for the account; and, DISABLED, stop performing automated sensitive data discovery activities for the account.</p> <p>When you enable automated sensitive data discovery for the first time, Amazon Macie uses default configuration settings to determine which data sources to analyze and which managed data identifiers to use. To change these settings, use the UpdateClassificationScope and UpdateSensitivityInspectionTemplate operations, respectively. If you change the settings and subsequently disable the configuration, Amazon Macie retains your changes.</p>",
+            "smithy.api#documentation": "<p>The new status of automated sensitive data discovery for the organization or account. Valid values are: ENABLED, start or resume all automated sensitive data discovery activities; and, DISABLED, stop performing all automated sensitive data discovery activities.</p> <p>If you specify DISABLED for an administrator account, you also disable automated sensitive data discovery for all member accounts in the organization.</p>",
             "smithy.api#jsonName": "status",
             "smithy.api#required": {}
           }
@@ -13516,7 +13864,7 @@
           "target": "com.amazonaws.macie2#__boolean",
           "traits": {
             "smithy.api#clientOptional": {},
-            "smithy.api#documentation": "<p>Specifies whether to enable Amazon Macie automatically for an account when the account is added to the organization in Organizations.</p>",
+            "smithy.api#documentation": "<p>Specifies whether to enable Amazon Macie automatically for accounts that are added to the organization in Organizations.</p>",
             "smithy.api#jsonName": "autoEnable",
             "smithy.api#required": {}
           }
@@ -13817,7 +14165,7 @@
         "excludes": {
           "target": "com.amazonaws.macie2#SensitivityInspectionTemplateExcludes",
           "traits": {
-            "smithy.api#documentation": "<p>The managed data identifiers to explicitly exclude (not use) when analyzing data.</p> <p>To exclude an allow list or custom data identifier that's currently included by the template, update the values for the SensitivityInspectionTemplateIncludes.allowListIds and SensitivityInspectionTemplateIncludes.customDataIdentifierIds properties, respectively.</p>",
+            "smithy.api#documentation": "<p>The managed data identifiers to explicitly exclude (not use) when performing automated sensitive data discovery.</p> <p>To exclude an allow list or custom data identifier that's currently included by the template, update the values for the SensitivityInspectionTemplateIncludes.allowListIds and SensitivityInspectionTemplateIncludes.customDataIdentifierIds properties, respectively.</p>",
             "smithy.api#jsonName": "excludes"
           }
         },
@@ -13832,7 +14180,7 @@
         "includes": {
           "target": "com.amazonaws.macie2#SensitivityInspectionTemplateIncludes",
           "traits": {
-            "smithy.api#documentation": "<p>The allow lists, custom data identifiers, and managed data identifiers to explicitly include (use) when analyzing data.</p>",
+            "smithy.api#documentation": "<p>The allow lists, custom data identifiers, and managed data identifiers to explicitly include (use) when performing automated sensitive data discovery.</p>",
             "smithy.api#jsonName": "includes"
           }
         }
@@ -13897,7 +14245,7 @@
         "automatedDiscoveryFreeTrialStartDate": {
           "target": "com.amazonaws.macie2#__timestampIso8601",
           "traits": {
-            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. If the account is a member account in an organization, this value is the same as the value for the organization's Amazon Macie administrator account.</p>",
+            "smithy.api#documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. This value is null if automated sensitive data discovery hasn't been enabled for the account.</p>",
             "smithy.api#jsonName": "automatedDiscoveryFreeTrialStartDate"
           }
         },
@@ -14358,6 +14706,24 @@
         "target": "com.amazonaws.macie2#AllowListSummary"
       }
     },
+    "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccount": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.macie2#AutomatedDiscoveryAccount"
+      }
+    },
+    "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccountUpdate": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdate"
+      }
+    },
+    "com.amazonaws.macie2#__listOfAutomatedDiscoveryAccountUpdateError": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.macie2#AutomatedDiscoveryAccountUpdateError"
+      }
+    },
     "com.amazonaws.macie2#__listOfBatchGetCustomDataIdentifierSummary": {
       "type": "list",
       "member": {