diff --git a/go.mod b/go.mod index 5762bb9f8c..a8031a3ace 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( github.com/Masterminds/sprig v2.17.1+incompatible github.com/Microsoft/go-winio v0.4.14 // indirect github.com/aokoli/goutils v1.0.1 // indirect - github.com/aws/aws-sdk-go v1.25.38 + github.com/aws/aws-sdk-go v1.29.21 github.com/bazelbuild/bazel-gazelle v0.19.1 github.com/blang/semver v3.5.0+incompatible github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect @@ -108,7 +108,7 @@ require ( github.com/miekg/dns v1.1.4 github.com/mitchellh/mapstructure v1.1.2 github.com/pborman/uuid v1.2.0 - github.com/pkg/errors v0.8.1 + github.com/pkg/errors v0.9.1 github.com/pkg/sftp v0.0.0-20160930220758-4d0e916071f6 github.com/prometheus/client_golang v1.0.0 github.com/sergi/go-diff v0.0.0-20161102184045-552b4e9bbdca @@ -122,7 +122,7 @@ require ( github.com/weaveworks/mesh v0.0.0-20170419100114-1f158d31de55 go.uber.org/zap v1.9.1 golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e - golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 + golang.org/x/net v0.0.0-20200202094626-16171245cfb2 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371 diff --git a/go.sum b/go.sum index e0a20034a4..fbc244ae6a 100644 --- a/go.sum +++ b/go.sum @@ -57,6 +57,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.38 h1:QfclT79PFWCyaPDq9+zTEWsOMDWFswTpP9i07YxqPf0= github.com/aws/aws-sdk-go v1.25.38/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.29.21 h1:Q9XdxpJImp2HF/AqtIlonnAtG3qU9TvhpZiy1AeuQY4= +github.com/aws/aws-sdk-go v1.29.21/go.mod h1:1KvfttTE3SPKMpo8g2c6jL3ZKfXtFvKscTgahTma5Xg= github.com/bazelbuild/bazel-gazelle v0.19.1 h1:TSCGVqpHStCj1MTszuDfZt6Z2Ca8ekq2oWiqcHKVEAE= github.com/bazelbuild/bazel-gazelle v0.19.1/go.mod h1:rPwzNHUqEzngx1iVBfO/2X2npKaT3tqPqqHW6rVsn/A= github.com/bazelbuild/buildtools v0.0.0-20190731111112-f720930ceb60 h1:OfyUN/Msd8yqJww6deQ9vayJWw+Jrbe6Qp9giv51QQI= @@ -192,6 +194,7 @@ github.com/go-openapi/swag v0.19.2 h1:jvO6bCMBEilGwMfHhrd61zIID4oIFdwb76V17SM88d github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gobuffalo/flect v0.1.5 h1:xpKq9ap8MbYfhuPCF0dBH854Gp9CxZjr/IocxELFflo= github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= @@ -388,6 +391,8 @@ github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v0.0.0-20160930220758-4d0e916071f6 h1:V8AT/I4KmIDRfObq0yBUvbD4DeaYmQY9GhC5sKl24Mo= github.com/pkg/sftp v0.0.0-20160930220758-4d0e916071f6/go.mod h1:NxmoDg/QLVWluQDUYG7XBZTLUpKeFa8e3aMf1BfjyHk= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -537,6 +542,8 @@ golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc h1:gkKoSkUmnU6bpS/VhkuO27bzQ golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk= golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a h1:tImsplftrFpALCYumobsd0K86vlAs/eXGFms2txfJfA= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/BUILD.bazel index 131b2d0881..5ca5110b93 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/aws/BUILD.bazel @@ -26,6 +26,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/endpoints:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/context:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/sdkio:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go index 44aa125a18..1c49674290 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/arn/arn.go @@ -75,6 +75,13 @@ func Parse(arn string) (ARN, error) { }, nil } +// IsARN returns whether the given string is an ARN by looking for +// whether the string starts with "arn:" and contains the correct number +// of sections delimited by colons(:). +func IsARN(arn string) bool { + return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") >= arnSections-1 +} + // String returns the canonical representation of the ARN func (arn ARN) String() string { return arnPrefix + diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 93ebbcc13f..2def23fa1d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -161,6 +161,17 @@ type Config struct { // on GetObject API calls. S3DisableContentMD5Validation *bool + // Set this to `true` to have the S3 service client to use the region specified + // in the ARN, when an ARN is provided as an argument to a bucket parameter. + S3UseARNRegion *bool + + // Set this to `true` to enable the SDK to unmarshal API response header maps to + // normalized lower case map keys. + // + // For example S3's X-Amz-Meta prefixed header will be unmarshaled to lower case + // Metadata member's map keys. The value of the header in the map is unaffected. + LowerCaseHeaderMaps *bool + // Set this to `true` to disable the EC2Metadata client from overriding the // default http.Client's Timeout. This is helpful if you do not want the // EC2Metadata client to create a new http.Client. This options is only @@ -385,6 +396,13 @@ func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config { } +// WithS3UseARNRegion sets a config S3UseARNRegion value and +// returning a Config pointer for chaining +func (c *Config) WithS3UseARNRegion(enable bool) *Config { + c.S3UseARNRegion = &enable + return c +} + // WithUseDualStack sets a config UseDualStack value returning a Config // pointer for chaining. func (c *Config) WithUseDualStack(enable bool) *Config { @@ -513,6 +531,10 @@ func mergeInConfig(dst *Config, other *Config) { dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation } + if other.S3UseARNRegion != nil { + dst.S3UseARNRegion = other.S3UseARNRegion + } + if other.UseDualStack != nil { dst.UseDualStack = other.UseDualStack } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go index 66c5945db1..2f9446333a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go @@ -2,42 +2,8 @@ package aws -import "time" - -// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to -// provide a 1.6 and 1.5 safe version of context that is compatible with Go -// 1.7's Context. -// -// An emptyCtx is never canceled, has no values, and has no deadline. It is not -// struct{}, since vars of this type must have distinct addresses. -type emptyCtx int - -func (*emptyCtx) Deadline() (deadline time.Time, ok bool) { - return -} - -func (*emptyCtx) Done() <-chan struct{} { - return nil -} - -func (*emptyCtx) Err() error { - return nil -} - -func (*emptyCtx) Value(key interface{}) interface{} { - return nil -} - -func (e *emptyCtx) String() string { - switch e { - case backgroundCtx: - return "aws.BackgroundContext" - } - return "unknown empty Context" -} - -var ( - backgroundCtx = new(emptyCtx) +import ( + "github.com/aws/aws-sdk-go/internal/context" ) // BackgroundContext returns a context that will never be canceled, has no @@ -52,5 +18,5 @@ var ( // // See https://golang.org/pkg/context for more information on Contexts. func BackgroundContext() Context { - return backgroundCtx + return context.BackgroundCtx } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go index 0c60e612ea..aa902d7083 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go @@ -161,7 +161,7 @@ func handleSendError(r *request.Request, err error) { } // Catch all request errors, and let the default retrier determine // if the error is retryable. - r.Error = awserr.New("RequestError", "send request failed", err) + r.Error = awserr.New(request.ErrCodeRequestError, "send request failed", err) // Override the error with a context canceled error, if that was canceled. ctx := r.Context() diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/credentials/BUILD.bazel index 00b829b44f..849ad7e550 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/BUILD.bazel @@ -4,6 +4,10 @@ go_library( name = "go_default_library", srcs = [ "chain_provider.go", + "context_background_go1.5.go", + "context_background_go1.7.go", + "context_go1.5.go", + "context_go1.9.go", "credentials.go", "env_provider.go", "shared_credentials_provider.go", @@ -14,7 +18,9 @@ go_library( visibility = ["//visibility:public"], deps = [ "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/context:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/ini:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/shareddefaults:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go new file mode 100644 index 0000000000..5852b26487 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go @@ -0,0 +1,22 @@ +// +build !go1.7 + +package credentials + +import ( + "github.com/aws/aws-sdk-go/internal/context" +) + +// backgroundContext returns a context that will never be canceled, has no +// values, and no deadline. This context is used by the SDK to provide +// backwards compatibility with non-context API operations and functionality. +// +// Go 1.6 and before: +// This context function is equivalent to context.Background in the Go stdlib. +// +// Go 1.7 and later: +// The context returned will be the value returned by context.Background() +// +// See https://golang.org/pkg/context for more information on Contexts. +func backgroundContext() Context { + return context.BackgroundCtx +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go new file mode 100644 index 0000000000..388b215418 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go @@ -0,0 +1,20 @@ +// +build go1.7 + +package credentials + +import "context" + +// backgroundContext returns a context that will never be canceled, has no +// values, and no deadline. This context is used by the SDK to provide +// backwards compatibility with non-context API operations and functionality. +// +// Go 1.6 and before: +// This context function is equivalent to context.Background in the Go stdlib. +// +// Go 1.7 and later: +// The context returned will be the value returned by context.Background() +// +// See https://golang.org/pkg/context for more information on Contexts. +func backgroundContext() Context { + return context.Background() +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go new file mode 100644 index 0000000000..8152a864ad --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go @@ -0,0 +1,39 @@ +// +build !go1.9 + +package credentials + +import "time" + +// Context is an copy of the Go v1.7 stdlib's context.Context interface. +// It is represented as a SDK interface to enable you to use the "WithContext" +// API methods with Go v1.6 and a Context type such as golang.org/x/net/context. +// +// This type, aws.Context, and context.Context are equivalent. +// +// See https://golang.org/pkg/context on how to use contexts. +type Context interface { + // Deadline returns the time when work done on behalf of this context + // should be canceled. Deadline returns ok==false when no deadline is + // set. Successive calls to Deadline return the same results. + Deadline() (deadline time.Time, ok bool) + + // Done returns a channel that's closed when work done on behalf of this + // context should be canceled. Done may return nil if this context can + // never be canceled. Successive calls to Done return the same value. + Done() <-chan struct{} + + // Err returns a non-nil error value after Done is closed. Err returns + // Canceled if the context was canceled or DeadlineExceeded if the + // context's deadline passed. No other values for Err are defined. + // After Done is closed, successive calls to Err return the same value. + Err() error + + // Value returns the value associated with this context for key, or nil + // if no value is associated with key. Successive calls to Value with + // the same key returns the same result. + // + // Use context values only for request-scoped data that transits + // processes and API boundaries, not for passing optional parameters to + // functions. + Value(key interface{}) interface{} +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go new file mode 100644 index 0000000000..4356edb3d5 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go @@ -0,0 +1,13 @@ +// +build go1.9 + +package credentials + +import "context" + +// Context is an alias of the Go stdlib's context.Context interface. +// It can be used within the SDK's API operation "WithContext" methods. +// +// This type, aws.Context, and context.Context are equivalent. +// +// See https://golang.org/pkg/context on how to use contexts. +type Context = context.Context diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go index 4af5921581..c75d7bba03 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go @@ -50,10 +50,11 @@ package credentials import ( "fmt" - "sync" + "sync/atomic" "time" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/internal/sync/singleflight" ) // AnonymousCredentials is an empty Credential object that can be used as @@ -197,20 +198,62 @@ func (e *Expiry) ExpiresAt() time.Time { // first instance of the credentials Value. All calls to Get() after that // will return the cached credentials Value until IsExpired() returns true. type Credentials struct { - creds Value - forceRefresh bool - - m sync.RWMutex + creds atomic.Value + sf singleflight.Group provider Provider } // NewCredentials returns a pointer to a new Credentials with the provider set. func NewCredentials(provider Provider) *Credentials { - return &Credentials{ - provider: provider, - forceRefresh: true, + c := &Credentials{ + provider: provider, } + c.creds.Store(Value{}) + return c +} + +// GetWithContext returns the credentials value, or error if the credentials +// Value failed to be retrieved. Will return early if the passed in context is +// canceled. +// +// Will return the cached credentials Value if it has not expired. If the +// credentials Value has expired the Provider's Retrieve() will be called +// to refresh the credentials. +// +// If Credentials.Expire() was called the credentials Value will be force +// expired, and the next call to Get() will cause them to be refreshed. +// +// Passed in Context is equivalent to aws.Context, and context.Context. +func (c *Credentials) GetWithContext(ctx Context) (Value, error) { + if curCreds := c.creds.Load(); !c.isExpired(curCreds) { + return curCreds.(Value), nil + } + + // Cannot pass context down to the actual retrieve, because the first + // context would cancel the whole group when there is not direct + // association of items in the group. + resCh := c.sf.DoChan("", c.singleRetrieve) + select { + case res := <-resCh: + return res.Val.(Value), res.Err + case <-ctx.Done(): + return Value{}, awserr.New("RequestCanceled", + "request context canceled", ctx.Err()) + } +} + +func (c *Credentials) singleRetrieve() (interface{}, error) { + if curCreds := c.creds.Load(); !c.isExpired(curCreds) { + return curCreds.(Value), nil + } + + creds, err := c.provider.Retrieve() + if err == nil { + c.creds.Store(creds) + } + + return creds, err } // Get returns the credentials value, or error if the credentials Value failed @@ -223,30 +266,7 @@ func NewCredentials(provider Provider) *Credentials { // If Credentials.Expire() was called the credentials Value will be force // expired, and the next call to Get() will cause them to be refreshed. func (c *Credentials) Get() (Value, error) { - // Check the cached credentials first with just the read lock. - c.m.RLock() - if !c.isExpired() { - creds := c.creds - c.m.RUnlock() - return creds, nil - } - c.m.RUnlock() - - // Credentials are expired need to retrieve the credentials taking the full - // lock. - c.m.Lock() - defer c.m.Unlock() - - if c.isExpired() { - creds, err := c.provider.Retrieve() - if err != nil { - return Value{}, err - } - c.creds = creds - c.forceRefresh = false - } - - return c.creds, nil + return c.GetWithContext(backgroundContext()) } // Expire expires the credentials and forces them to be retrieved on the @@ -255,10 +275,7 @@ func (c *Credentials) Get() (Value, error) { // This will override the Provider's expired state, and force Credentials // to call the Provider's Retrieve(). func (c *Credentials) Expire() { - c.m.Lock() - defer c.m.Unlock() - - c.forceRefresh = true + c.creds.Store(Value{}) } // IsExpired returns if the credentials are no longer valid, and need @@ -267,31 +284,25 @@ func (c *Credentials) Expire() { // If the Credentials were forced to be expired with Expire() this will // reflect that override. func (c *Credentials) IsExpired() bool { - c.m.RLock() - defer c.m.RUnlock() - - return c.isExpired() + return c.isExpired(c.creds.Load()) } // isExpired helper method wrapping the definition of expired credentials. -func (c *Credentials) isExpired() bool { - return c.forceRefresh || c.provider.IsExpired() +func (c *Credentials) isExpired(creds interface{}) bool { + return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired() } // ExpiresAt provides access to the functionality of the Expirer interface of // the underlying Provider, if it supports that interface. Otherwise, it returns // an error. func (c *Credentials) ExpiresAt() (time.Time, error) { - c.m.RLock() - defer c.m.RUnlock() - expirer, ok := c.provider.(Expirer) if !ok { return time.Time{}, awserr.New("ProviderNotExpirer", - fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.ProviderName), + fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.Load().(Value).ProviderName), nil) } - if c.forceRefresh { + if c.creds.Load().(Value) == (Value{}) { // set expiration time to the distant past return time.Time{}, nil } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/BUILD.bazel index 43b5ddb064..04b3fc02fb 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/BUILD.bazel @@ -9,5 +9,6 @@ go_library( deps = [ "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/sdkio:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go index 1980c8c140..e624836002 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds/provider.go @@ -90,6 +90,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/internal/sdkio" ) const ( @@ -142,7 +143,7 @@ const ( // DefaultBufSize limits buffer size from growing to an enormous // amount due to a faulty process. - DefaultBufSize = 1024 + DefaultBufSize = int(8 * sdkio.KibiByte) // DefaultTimeout default limit on time a process can run. DefaultTimeout = time.Duration(1) * time.Minute diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go index 531139e397..cbba1e3d56 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/static_provider.go @@ -19,7 +19,9 @@ type StaticProvider struct { } // NewStaticCredentials returns a pointer to a new Credentials object -// wrapping a static credentials value provider. +// wrapping a static credentials value provider. Token is only required +// for temporary security credentials retrieved via STS, otherwise an empty +// string can be passed for this parameter. func NewStaticCredentials(id, secret, token string) *Credentials { return NewCredentials(&StaticProvider{Value: Value{ AccessKeyID: id, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 2e528d130d..9f37f44bcf 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -144,6 +144,13 @@ type AssumeRoleProvider struct { // Session name, if you wish to reuse the credentials elsewhere. RoleSessionName string + // Optional, you can pass tag key-value pairs to your session. These tags are called session tags. + Tags []*sts.Tag + + // A list of keys for session tags that you want to set as transitive. + // If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain. + TransitiveTagKeys []*string + // Expiry duration of the STS credentials. Defaults to 15 minutes if not set. Duration time.Duration @@ -269,10 +276,12 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { } jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration)) input := &sts.AssumeRoleInput{ - DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)), - RoleArn: aws.String(p.RoleARN), - RoleSessionName: aws.String(p.RoleSessionName), - ExternalId: p.ExternalID, + DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)), + RoleArn: aws.String(p.RoleARN), + RoleSessionName: aws.String(p.RoleSessionName), + ExternalId: p.ExternalID, + Tags: p.Tags, + TransitiveTagKeys: p.TransitiveTagKeys, } if p.Policy != nil { input.Policy = p.Policy diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index 9186587fc0..835bcd49cb 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go @@ -89,7 +89,7 @@ func getMetricException(err awserr.Error) metricException { code := err.Code() switch code { - case "RequestError", + case request.ErrCodeRequestError, request.ErrCodeSerialization, request.CanceledErrorCode: return sdkException{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go index fe25edf888..12897eef62 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go @@ -31,7 +31,7 @@ func (c *EC2Metadata) getToken(duration time.Duration) (tokenOutput, error) { // Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request. req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler) - ttl := strconv.FormatInt(int64(duration / time.Second),10) + ttl := strconv.FormatInt(int64(duration/time.Second), 10) req.HTTPRequest.Header.Set(ttlHeader, ttl) err := req.Send() @@ -145,17 +145,17 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) { // Region returns the region the instance is running in. func (c *EC2Metadata) Region() (string, error) { - resp, err := c.GetMetadata("placement/availability-zone") + ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocument() if err != nil { return "", err } - - if len(resp) == 0 { - return "", awserr.New("EC2MetadataError", "invalid Region response", nil) + // extract region from the ec2InstanceIdentityDocument + region := ec2InstanceIdentityDocument.Region + if len(region) == 0 { + return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil) } - - // returns region without the suffix. Eg: us-west-2a becomes us-west-2 - return resp[:len(resp)-1], nil + // returns region + return region, nil } // Available returns if the application has access to the EC2 Metadata service. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index 2a204ab5cc..b8b2940d74 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -80,8 +80,10 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio // use a shorter timeout than default because the metadata // service is local if it is running, and to fail faster // if not running on an ec2 instance. - Timeout: 5 * time.Second, + Timeout: 1 * time.Second, } + // max number of retries on the client operation + cfg.MaxRetries = aws.Int(2) } svc := &EC2Metadata{ @@ -158,6 +160,7 @@ type tokenOutput struct { var unmarshalTokenHandler = request.NamedHandler{ Name: unmarshalTokenHandlerName, Fn: func(r *request.Request) { + defer r.HTTPResponse.Body.Close() var b bytes.Buffer if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil { r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go index 06f76055f3..663372a915 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go @@ -62,7 +62,7 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) { // Check if request timed out while waiting for response if e, ok := requestFailureError.OrigErr().(awserr.Error); ok { - if e.Code() == "RequestError" { + if e.Code() == request.ErrCodeRequestError { atomic.StoreUint32(&t.disabled, 1) } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 48d4f12e48..8b8f67dbf7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -169,7 +169,7 @@ var awsPartition = partition{ "us-east-1": endpoint{}, }, }, - "acm": service{ + "access-analyzer": service{ Endpoints: endpoints{ "ap-east-1": endpoint{}, @@ -192,6 +192,59 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "acm": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "ca-central-1-fips": endpoint{ + Hostname: "acm-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "acm-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "acm-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "acm-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "acm-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, "acm-pca": service{ Defaults: endpoint{ Protocols: []string{"https"}, @@ -209,12 +262,42 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "acm-pca-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "acm-pca-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "acm-pca-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "acm-pca-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "acm-pca-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "api.ecr": service{ @@ -425,11 +508,7 @@ var awsPartition = partition{ }, "application-autoscaling": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "application-autoscaling", - }, }, Endpoints: endpoints{ "ap-east-1": endpoint{}, @@ -455,6 +534,7 @@ var awsPartition = partition{ "appmesh": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -462,9 +542,12 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -527,6 +610,7 @@ var awsPartition = partition{ "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -560,11 +644,7 @@ var awsPartition = partition{ }, "autoscaling-plans": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "autoscaling-plans", - }, }, Endpoints: endpoints{ "ap-northeast-1": endpoint{}, @@ -675,9 +755,15 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-2": endpoint{}, @@ -864,6 +950,7 @@ var awsPartition = partition{ "codecommit": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -966,6 +1053,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -1029,6 +1117,9 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, @@ -1079,8 +1170,10 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-west-2": endpoint{}, }, @@ -1133,12 +1226,15 @@ var awsPartition = partition{ "datasync": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -1167,6 +1263,7 @@ var awsPartition = partition{ }, }, "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1223,7 +1320,8 @@ var awsPartition = partition{ "discovery": service{ Endpoints: endpoints{ - "us-west-2": endpoint{}, + "eu-central-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "dms": service{ @@ -1282,6 +1380,12 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + "ca-central-1": endpoint{ + Hostname: "rds.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, "eu-central-1": endpoint{ Hostname: "rds.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ @@ -1340,6 +1444,7 @@ var awsPartition = partition{ "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1523,6 +1628,7 @@ var awsPartition = partition{ "elasticfilesystem": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1530,9 +1636,12 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1730,6 +1839,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, "ap-southeast-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, @@ -1853,8 +1963,10 @@ var awsPartition = partition{ "groundstation": service{ Endpoints: endpoints{ - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "eu-north-1": endpoint{}, + "me-south-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "guardduty": service{ @@ -2076,6 +2188,29 @@ var awsPartition = partition{ }, }, }, + "iotsecuredtunneling": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "iotthingsgraph": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -2106,6 +2241,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2139,16 +2275,20 @@ var awsPartition = partition{ "kinesisanalytics": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-2": endpoint{}, @@ -2157,11 +2297,20 @@ var awsPartition = partition{ "kinesisvideo": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -2192,12 +2341,17 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -2295,6 +2449,12 @@ var awsPartition = partition{ "us-east-1": endpoint{}, }, }, + "managedblockchain": service{ + + Endpoints: endpoints{ + "us-east-1": endpoint{}, + }, + }, "marketplacecommerceanalytics": service{ Endpoints: endpoints{ @@ -2304,6 +2464,7 @@ var awsPartition = partition{ "mediaconnect": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2421,7 +2582,8 @@ var awsPartition = partition{ "mgh": service{ Endpoints: endpoints{ - "us-west-2": endpoint{}, + "eu-central-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "mobileanalytics": service{ @@ -2437,9 +2599,10 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "monitoring": service{ @@ -2470,6 +2633,7 @@ var awsPartition = partition{ "mq": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2477,6 +2641,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2504,10 +2669,12 @@ var awsPartition = partition{ Region: "us-west-2", }, }, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "mturk-requester": service{ @@ -2715,6 +2882,27 @@ var awsPartition = partition{ }, }, }, + "outposts": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "pinpoint": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -2726,13 +2914,36 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "pinpoint-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "pinpoint-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{ + Hostname: "pinpoint.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-west-2": endpoint{ + Hostname: "pinpoint.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "polly": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2744,6 +2955,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2839,6 +3051,7 @@ var awsPartition = partition{ "ram": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2850,6 +3063,8 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -3004,6 +3219,7 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3011,6 +3227,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -3027,9 +3244,10 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "runtime.sagemaker": service{ @@ -3106,7 +3324,8 @@ var awsPartition = partition{ SignatureVersions: []string{"s3", "s3v4"}, }, "aws-global": endpoint{ - Hostname: "s3.amazonaws.com", + Hostname: "s3.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, CredentialScope: credentialScope{ Region: "us-east-1", }, @@ -3132,7 +3351,10 @@ var awsPartition = partition{ Hostname: "s3.sa-east-1.amazonaws.com", SignatureVersions: []string{"s3", "s3v4"}, }, - "us-east-1": endpoint{}, + "us-east-1": endpoint{ + Hostname: "s3.us-east-1.amazonaws.com", + SignatureVersions: []string{"s3", "s3v4"}, + }, "us-east-2": endpoint{}, "us-west-1": endpoint{ Hostname: "s3.us-west-1.amazonaws.com", @@ -3308,6 +3530,16 @@ var awsPartition = partition{ }, }, }, + "schemas": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "sdb": service{ Defaults: endpoint{ Protocols: []string{"http", "https"}, @@ -3460,6 +3692,7 @@ var awsPartition = partition{ "servicecatalog": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3471,6 +3704,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ @@ -3920,6 +4154,7 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, @@ -3974,13 +4209,18 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ Hostname: "translate-fips.us-east-1.amazonaws.com", @@ -3995,6 +4235,7 @@ var awsPartition = partition{ Region: "us-east-2", }, }, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, "us-west-2-fips": endpoint{ Hostname: "translate-fips.us-west-2.amazonaws.com", @@ -4130,6 +4371,13 @@ var awscnPartition = partition{ }, }, Services: services{ + "acm": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "api.ecr": service{ Endpoints: endpoints{ @@ -4156,17 +4404,25 @@ var awscnPartition = partition{ }, "application-autoscaling": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com.cn", Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "application-autoscaling", - }, }, Endpoints: endpoints{ "cn-north-1": endpoint{}, "cn-northwest-1": endpoint{}, }, }, + "appsync": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + }, + }, + "athena": service{ + + Endpoints: endpoints{ + "cn-northwest-1": endpoint{}, + }, + }, "autoscaling": service{ Defaults: endpoint{ Protocols: []string{"http", "https"}, @@ -4176,6 +4432,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "backup": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "batch": service{ Endpoints: endpoints{ @@ -4315,6 +4578,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "elasticfilesystem": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "elasticloadbalancing": service{ Defaults: endpoint{ Protocols: []string{"https"}, @@ -4384,6 +4654,13 @@ var awscnPartition = partition{ "cn-north-1": endpoint{}, }, }, + "health": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "iam": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -4463,6 +4740,17 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "neptune": service{ + + Endpoints: endpoints{ + "cn-northwest-1": endpoint{ + Hostname: "rds.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "polly": service{ Endpoints: endpoints{ @@ -4515,6 +4803,26 @@ var awscnPartition = partition{ }, }, }, + "secretsmanager": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, + "serverlessrepo": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "cn-north-1": endpoint{ + Protocols: []string{"https"}, + }, + "cn-northwest-1": endpoint{ + Protocols: []string{"https"}, + }, + }, + }, "sms": service{ Endpoints: endpoints{ @@ -4564,7 +4872,8 @@ var awscnPartition = partition{ "storagegateway": service{ Endpoints: endpoints{ - "cn-north-1": endpoint{}, + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, }, }, "streams.dynamodb": service{ @@ -4637,6 +4946,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "xray": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, }, } @@ -4669,6 +4985,13 @@ var awsusgovPartition = partition{ }, }, Services: services{ + "access-analyzer": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "acm": service{ Endpoints: endpoints{ @@ -4717,7 +5040,8 @@ var awsusgovPartition = partition{ }, "application-autoscaling": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", + Hostname: "autoscaling.{region}.amazonaws.com", + Protocols: []string{"http", "https"}, CredentialScope: credentialScope{ Service: "application-autoscaling", }, @@ -4760,6 +5084,22 @@ var awsusgovPartition = partition{ }, }, }, + "autoscaling-plans": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, + "batch": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "clouddirectory": service{ Endpoints: endpoints{ @@ -4838,6 +5178,12 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "comprehendmedical": service{ + + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + }, + }, "config": service{ Endpoints: endpoints{ @@ -4854,6 +5200,7 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -4945,6 +5292,7 @@ var awsusgovPartition = partition{ "elasticfilesystem": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -5420,6 +5768,18 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "support": service{ + PartitionEndpoint: "aws-us-gov-global", + + Endpoints: endpoints{ + "aws-us-gov-global": endpoint{ + Hostname: "support.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, "swf": service{ Endpoints: endpoints{ @@ -5439,6 +5799,7 @@ var awsusgovPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -5468,6 +5829,13 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "xray": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, }, } @@ -5522,11 +5890,7 @@ var awsisoPartition = partition{ }, "application-autoscaling": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "application-autoscaling", - }, }, Endpoints: endpoints{ "us-iso-east-1": endpoint{}, @@ -5854,11 +6218,7 @@ var awsisobPartition = partition{ Services: services{ "application-autoscaling": service{ Defaults: endpoint{ - Hostname: "autoscaling.{region}.amazonaws.com", Protocols: []string{"http", "https"}, - CredentialScope: credentialScope{ - Service: "application-autoscaling", - }, }, Endpoints: endpoints{ "us-isob-east-1": endpoint{}, @@ -6054,6 +6414,12 @@ var awsisobPartition = partition{ "us-isob-east-1": endpoint{}, }, }, + "ssm": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, "states": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go index 1f53d9cb68..ca956e5f12 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go @@ -317,7 +317,7 @@ func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) ( // Regions returns a map of Regions indexed by their ID. This is useful for // enumerating over the regions in a partition. func (p Partition) Regions() map[string]Region { - rs := map[string]Region{} + rs := make(map[string]Region, len(p.p.Regions)) for id, r := range p.p.Regions { rs[id] = Region{ id: id, @@ -332,7 +332,7 @@ func (p Partition) Regions() map[string]Region { // Services returns a map of Service indexed by their ID. This is useful for // enumerating over the services in a partition. func (p Partition) Services() map[string]Service { - ss := map[string]Service{} + ss := make(map[string]Service, len(p.p.Services)) for id := range p.p.Services { ss[id] = Service{ id: id, @@ -419,7 +419,7 @@ func (s Service) Regions() map[string]Region { // A region is the AWS region the service exists in. Whereas a Endpoint is // an URL that can be resolved to a instance of a service. func (s Service) Endpoints() map[string]Endpoint { - es := map[string]Endpoint{} + es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints)) for id := range s.p.Services[s.id].Endpoints { es[id] = Endpoint{ id: id, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go index 185b073181..e819ab6c0e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go @@ -10,6 +10,7 @@ import ( type Handlers struct { Validate HandlerList Build HandlerList + BuildStream HandlerList Sign HandlerList Send HandlerList ValidateResponse HandlerList @@ -28,6 +29,7 @@ func (h *Handlers) Copy() Handlers { return Handlers{ Validate: h.Validate.copy(), Build: h.Build.copy(), + BuildStream: h.BuildStream.copy(), Sign: h.Sign.copy(), Send: h.Send.copy(), ValidateResponse: h.ValidateResponse.copy(), @@ -46,6 +48,7 @@ func (h *Handlers) Copy() Handlers { func (h *Handlers) Clear() { h.Validate.Clear() h.Build.Clear() + h.BuildStream.Clear() h.Send.Clear() h.Sign.Clear() h.Unmarshal.Clear() @@ -67,6 +70,9 @@ func (h *Handlers) IsEmpty() bool { if h.Build.Len() != 0 { return false } + if h.BuildStream.Len() != 0 { + return false + } if h.Send.Len() != 0 { return false } @@ -320,3 +326,18 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) { AddToUserAgent(r, s) } } + +// WithSetRequestHeaders updates the operation request's HTTP header to contain +// the header key value pairs provided. If the header key already exists in the +// request's HTTP header set, the existing value(s) will be replaced. +func WithSetRequestHeaders(h map[string]string) Option { + return withRequestHeader(h).SetRequestHeaders +} + +type withRequestHeader map[string]string + +func (h withRequestHeader) SetRequestHeaders(r *Request) { + for k, v := range h { + r.HTTPRequest.Header[k] = []string{v} + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 52178141da..d597c6ead5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -36,6 +36,10 @@ const ( // API request that was canceled. Requests given a aws.Context may // return this error when canceled. CanceledErrorCode = "RequestCanceled" + + // ErrCodeRequestError is an error preventing the SDK from continuing to + // process the request. + ErrCodeRequestError = "RequestError" ) // A Request is the service request to be made. @@ -51,6 +55,7 @@ type Request struct { HTTPRequest *http.Request HTTPResponse *http.Response Body io.ReadSeeker + streamingBody io.ReadCloser BodyStart int64 // offset from beginning of Body that the request body starts Params interface{} Error error @@ -130,8 +135,6 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers, err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err) } - SanitizeHostForHeader(httpReq) - r := &Request{ Config: cfg, ClientInfo: clientInfo, @@ -295,6 +298,13 @@ func (r *Request) SetReaderBody(reader io.ReadSeeker) { r.ResetBody() } +// SetStreamingBody set the reader to be used for the request that will stream +// bytes to the server. Request's Body must not be set to any reader. +func (r *Request) SetStreamingBody(reader io.ReadCloser) { + r.streamingBody = reader + r.SetReaderBody(aws.ReadSeekCloser(reader)) +} + // Presign returns the request's signed URL. Error will be returned // if the signing fails. The expire parameter is only used for presigned Amazon // S3 API requests. All other AWS services will use a fixed expiration @@ -414,11 +424,17 @@ func (r *Request) Sign() error { return r.Error } + SanitizeHostForHeader(r.HTTPRequest) + r.Handlers.Sign.Run(r) return r.Error } func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) { + if r.streamingBody != nil { + return r.streamingBody, nil + } + if r.safeBody != nil { r.safeBody.Close() } @@ -623,6 +639,10 @@ func getHost(r *http.Request) string { return r.Host } + if r.URL == nil { + return "" + } + return r.URL.Host } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go index 8015acc67e..752ae47f84 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go @@ -75,7 +75,7 @@ func (d noOpRetryer) RetryRules(_ *Request) time.Duration { // retryableCodes is a collection of service response codes which are retry-able // without any further action. var retryableCodes = map[string]struct{}{ - "RequestError": {}, + ErrCodeRequestError: {}, "RequestTimeout": {}, ErrCodeResponseTimeout: {}, "RequestTimeoutException": {}, // Glacier's flavor of RequestTimeout @@ -83,6 +83,7 @@ var retryableCodes = map[string]struct{}{ var throttleCodes = map[string]struct{}{ "ProvisionedThroughputExceededException": {}, + "ThrottledException": {}, // SNS, XRay, ResourceGroupsTagging API "Throttling": {}, "ThrottlingException": {}, "RequestLimitExceeded": {}, @@ -91,6 +92,7 @@ var throttleCodes = map[string]struct{}{ "TooManyRequestsException": {}, // Lambda functions "PriorRequestNotComplete": {}, // Route53 "TransactionInProgressException": {}, + "EC2ThrottledException": {}, // EC2 } // credsExpiredCodes is a collection of error codes which signify the credentials @@ -176,8 +178,8 @@ func shouldRetryError(origErr error) bool { origErr := err.OrigErr() var shouldRetry bool if origErr != nil { - shouldRetry := shouldRetryError(origErr) - if err.Code() == "RequestError" && !shouldRetry { + shouldRetry = shouldRetryError(origErr) + if err.Code() == ErrCodeRequestError && !shouldRetry { return false } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index 4092ab8fb7..c1e0e9c954 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "strconv" + "strings" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" @@ -141,6 +142,12 @@ type envConfig struct { // AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional // This can take value as `regional` or `legacy` S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint + + // Specifies if the S3 service should allow ARNs to direct the region + // the client's requests are sent to. + // + // AWS_S3_USE_ARN_REGION=true + S3UseARNRegion bool } var ( @@ -201,6 +208,9 @@ var ( s3UsEast1RegionalEndpoint = []string{ "AWS_S3_US_EAST_1_REGIONAL_ENDPOINT", } + s3UseARNRegionEnvKey = []string{ + "AWS_S3_USE_ARN_REGION", + } ) // loadEnvConfig retrieves the SDK's environment configuration. @@ -307,6 +317,21 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { } } + var s3UseARNRegion string + setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey) + if len(s3UseARNRegion) != 0 { + switch { + case strings.EqualFold(s3UseARNRegion, "false"): + cfg.S3UseARNRegion = false + case strings.EqualFold(s3UseARNRegion, "true"): + cfg.S3UseARNRegion = true + default: + return envConfig{}, fmt.Errorf( + "invalid value for environment variable, %s=%s, need true or false", + s3UseARNRegionEnvKey[0], s3UseARNRegion) + } + } + return cfg, nil } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index ab6daac7c3..0ff4996051 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -580,6 +580,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.Credentials = creds } + cfg.S3UseARNRegion = userCfg.S3UseARNRegion + if cfg.S3UseARNRegion == nil { + cfg.S3UseARNRegion = &envCfg.S3UseARNRegion + } + if cfg.S3UseARNRegion == nil { + cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion + } + return nil } @@ -634,15 +642,22 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi region := aws.StringValue(s.Config.Region) resolved, err := s.resolveEndpoint(service, region, s.Config) - if err != nil && s.Config.Logger != nil { - s.Config.Logger.Log(fmt.Sprintf( - "ERROR: unable to resolve endpoint for service %q, region %q, err: %v", - service, region, err)) + if err != nil { + s.Handlers.Validate.PushBack(func(r *request.Request) { + if len(r.ClientInfo.Endpoint) != 0 { + // Error occurred while resolving endpoint, but the request + // being invoked has had an endpoint specified after the client + // was created. + return + } + r.Error = err + }) } return client.Config{ Config: s.Config, Handlers: s.Handlers, + PartitionID: resolved.PartitionID, Endpoint: resolved.URL, SigningRegion: resolved.SigningRegion, SigningNameDerived: resolved.SigningNameDerived, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 1d7b049cf7..a8ed880760 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -51,6 +51,9 @@ const ( // loading configuration from the config files if another profile name // is not provided. DefaultSharedConfigProfile = `default` + + // S3 ARN Region Usage + s3UseARNRegionKey = "s3_use_arn_region" ) // sharedConfig represents the configuration fields of the SDK config files. @@ -89,6 +92,7 @@ type sharedConfig struct { // // endpoint_discovery_enabled = true EnableEndpointDiscovery *bool + // CSM Options CSMEnabled *bool CSMHost string @@ -106,6 +110,12 @@ type sharedConfig struct { // s3_us_east_1_regional_endpoint = regional // This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint` S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint + + // Specifies if the S3 service should allow ARNs to direct the region + // the client's requests are sent to. + // + // s3_use_arn_region=true + S3UseARNRegion bool } type sharedConfigFile struct { @@ -306,6 +316,8 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.CSMPort, section, csmPortKey) updateString(&cfg.CSMClientID, section, csmClientIDKey) + updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey) + return nil } @@ -398,6 +410,15 @@ func updateString(dst *string, section ini.Section, key string) { *dst = section.String(key) } +// updateBool will only update the dst with the value in the section key, key +// is present in the section. +func updateBool(dst *bool, section ini.Section, key string) { + if !section.Has(key) { + return + } + *dst = section.Bool(key) +} + // updateBoolPtr will only update the dst with the value in the section key, // key is present in the section. func updateBoolPtr(dst **bool, section ini.Section, key string) { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/BUILD.bazel index dd192b9a27..4c5b86ee77 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/BUILD.bazel @@ -5,6 +5,9 @@ go_library( srcs = [ "header_rules.go", "options.go", + "request_context_go1.5.go", + "request_context_go1.7.go", + "stream.go", "uri_path.go", "v4.go", ], @@ -16,6 +19,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/sdkio:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/strings:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/rest:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go index 244c86da05..07ea799fbd 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go @@ -1,8 +1,7 @@ package v4 import ( - "net/http" - "strings" + "github.com/aws/aws-sdk-go/internal/strings" ) // validator houses a set of rule needed for validation of a @@ -61,7 +60,7 @@ type patterns []string // been found func (p patterns) IsValid(value string) bool { for _, pattern := range p { - if strings.HasPrefix(http.CanonicalHeaderKey(value), pattern) { + if strings.HasPrefixFold(value, pattern) { return true } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go new file mode 100644 index 0000000000..f35fc860b3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go @@ -0,0 +1,13 @@ +// +build !go1.7 + +package v4 + +import ( + "net/http" + + "github.com/aws/aws-sdk-go/aws" +) + +func requestContext(r *http.Request) aws.Context { + return aws.BackgroundContext() +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go new file mode 100644 index 0000000000..fed5c859ca --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go @@ -0,0 +1,13 @@ +// +build go1.7 + +package v4 + +import ( + "net/http" + + "github.com/aws/aws-sdk-go/aws" +) + +func requestContext(r *http.Request) aws.Context { + return r.Context() +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go new file mode 100644 index 0000000000..02cbd97e23 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/stream.go @@ -0,0 +1,63 @@ +package v4 + +import ( + "encoding/hex" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws/credentials" +) + +type credentialValueProvider interface { + Get() (credentials.Value, error) +} + +// StreamSigner implements signing of event stream encoded payloads +type StreamSigner struct { + region string + service string + + credentials credentialValueProvider + + prevSig []byte +} + +// NewStreamSigner creates a SigV4 signer used to sign Event Stream encoded messages +func NewStreamSigner(region, service string, seedSignature []byte, credentials *credentials.Credentials) *StreamSigner { + return &StreamSigner{ + region: region, + service: service, + credentials: credentials, + prevSig: seedSignature, + } +} + +// GetSignature takes an event stream encoded headers and payload and returns a signature +func (s *StreamSigner) GetSignature(headers, payload []byte, date time.Time) ([]byte, error) { + credValue, err := s.credentials.Get() + if err != nil { + return nil, err + } + + sigKey := deriveSigningKey(s.region, s.service, credValue.SecretAccessKey, date) + + keyPath := buildSigningScope(s.region, s.service, date) + + stringToSign := buildEventStreamStringToSign(headers, payload, s.prevSig, keyPath, date) + + signature := hmacSHA256(sigKey, []byte(stringToSign)) + s.prevSig = signature + + return signature, nil +} + +func buildEventStreamStringToSign(headers, payload, prevSig []byte, scope string, date time.Time) string { + return strings.Join([]string{ + "AWS4-HMAC-SHA256-PAYLOAD", + formatTime(date), + scope, + hex.EncodeToString(prevSig), + hex.EncodeToString(hashSHA256(headers)), + hex.EncodeToString(hashSHA256(payload)), + }, "\n") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 8104793aa5..d71f7b3f4f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -76,9 +76,14 @@ import ( ) const ( + authorizationHeader = "Authorization" + authHeaderSignatureElem = "Signature=" + signatureQueryKey = "X-Amz-Signature" + authHeaderPrefix = "AWS4-HMAC-SHA256" timeFormat = "20060102T150405Z" shortTimeFormat = "20060102" + awsV4Request = "aws4_request" // emptyStringSHA256 is a SHA256 of an empty string emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` @@ -87,9 +92,9 @@ const ( var ignoredHeaders = rules{ blacklist{ mapRule{ - "Authorization": struct{}{}, - "User-Agent": struct{}{}, - "X-Amzn-Trace-Id": struct{}{}, + authorizationHeader: struct{}{}, + "User-Agent": struct{}{}, + "X-Amzn-Trace-Id": struct{}{}, }, }, } @@ -229,11 +234,9 @@ type signingCtx struct { DisableURIPathEscaping bool - credValues credentials.Value - isPresign bool - formattedTime string - formattedShortTime string - unsignedPayload bool + credValues credentials.Value + isPresign bool + unsignedPayload bool bodyDigest string signedHeaders string @@ -337,7 +340,7 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi } var err error - ctx.credValues, err = v4.Credentials.Get() + ctx.credValues, err = v4.Credentials.GetWithContext(requestContext(r)) if err != nil { return http.Header{}, err } @@ -532,39 +535,56 @@ func (ctx *signingCtx) build(disableHeaderHoisting bool) error { ctx.buildSignature() // depends on string to sign if ctx.isPresign { - ctx.Request.URL.RawQuery += "&X-Amz-Signature=" + ctx.signature + ctx.Request.URL.RawQuery += "&" + signatureQueryKey + "=" + ctx.signature } else { parts := []string{ authHeaderPrefix + " Credential=" + ctx.credValues.AccessKeyID + "/" + ctx.credentialString, "SignedHeaders=" + ctx.signedHeaders, - "Signature=" + ctx.signature, + authHeaderSignatureElem + ctx.signature, } - ctx.Request.Header.Set("Authorization", strings.Join(parts, ", ")) + ctx.Request.Header.Set(authorizationHeader, strings.Join(parts, ", ")) } return nil } -func (ctx *signingCtx) buildTime() { - ctx.formattedTime = ctx.Time.UTC().Format(timeFormat) - ctx.formattedShortTime = ctx.Time.UTC().Format(shortTimeFormat) +// GetSignedRequestSignature attempts to extract the signature of the request. +// Returning an error if the request is unsigned, or unable to extract the +// signature. +func GetSignedRequestSignature(r *http.Request) ([]byte, error) { + if auth := r.Header.Get(authorizationHeader); len(auth) != 0 { + ps := strings.Split(auth, ", ") + for _, p := range ps { + if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 { + sig := p[len(authHeaderSignatureElem):] + if len(sig) == 0 { + return nil, fmt.Errorf("invalid request signature authorization header") + } + return hex.DecodeString(sig) + } + } + } + + if sig := r.URL.Query().Get("X-Amz-Signature"); len(sig) != 0 { + return hex.DecodeString(sig) + } + + return nil, fmt.Errorf("request not signed") +} + +func (ctx *signingCtx) buildTime() { if ctx.isPresign { duration := int64(ctx.ExpireTime / time.Second) - ctx.Query.Set("X-Amz-Date", ctx.formattedTime) + ctx.Query.Set("X-Amz-Date", formatTime(ctx.Time)) ctx.Query.Set("X-Amz-Expires", strconv.FormatInt(duration, 10)) } else { - ctx.Request.Header.Set("X-Amz-Date", ctx.formattedTime) + ctx.Request.Header.Set("X-Amz-Date", formatTime(ctx.Time)) } } func (ctx *signingCtx) buildCredentialString() { - ctx.credentialString = strings.Join([]string{ - ctx.formattedShortTime, - ctx.Region, - ctx.ServiceName, - "aws4_request", - }, "/") + ctx.credentialString = buildSigningScope(ctx.Region, ctx.ServiceName, ctx.Time) if ctx.isPresign { ctx.Query.Set("X-Amz-Credential", ctx.credValues.AccessKeyID+"/"+ctx.credentialString) @@ -588,8 +608,7 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) { var headers []string headers = append(headers, "host") for k, v := range header { - canonicalKey := http.CanonicalHeaderKey(k) - if !r.IsValid(canonicalKey) { + if !r.IsValid(k) { continue // ignored header } if ctx.SignedHeaderVals == nil { @@ -653,19 +672,15 @@ func (ctx *signingCtx) buildCanonicalString() { func (ctx *signingCtx) buildStringToSign() { ctx.stringToSign = strings.Join([]string{ authHeaderPrefix, - ctx.formattedTime, + formatTime(ctx.Time), ctx.credentialString, - hex.EncodeToString(makeSha256([]byte(ctx.canonicalString))), + hex.EncodeToString(hashSHA256([]byte(ctx.canonicalString))), }, "\n") } func (ctx *signingCtx) buildSignature() { - secret := ctx.credValues.SecretAccessKey - date := makeHmac([]byte("AWS4"+secret), []byte(ctx.formattedShortTime)) - region := makeHmac(date, []byte(ctx.Region)) - service := makeHmac(region, []byte(ctx.ServiceName)) - credentials := makeHmac(service, []byte("aws4_request")) - signature := makeHmac(credentials, []byte(ctx.stringToSign)) + creds := deriveSigningKey(ctx.Region, ctx.ServiceName, ctx.credValues.SecretAccessKey, ctx.Time) + signature := hmacSHA256(creds, []byte(ctx.stringToSign)) ctx.signature = hex.EncodeToString(signature) } @@ -726,13 +741,13 @@ func (ctx *signingCtx) removePresign() { ctx.Query.Del("X-Amz-SignedHeaders") } -func makeHmac(key []byte, data []byte) []byte { +func hmacSHA256(key []byte, data []byte) []byte { hash := hmac.New(sha256.New, key) hash.Write(data) return hash.Sum(nil) } -func makeSha256(data []byte) []byte { +func hashSHA256(data []byte) []byte { hash := sha256.New() hash.Write(data) return hash.Sum(nil) @@ -804,3 +819,28 @@ func stripExcessSpaces(vals []string) { vals[i] = string(buf[:m]) } } + +func buildSigningScope(region, service string, dt time.Time) string { + return strings.Join([]string{ + formatShortTime(dt), + region, + service, + awsV4Request, + }, "/") +} + +func deriveSigningKey(region, service, secretKey string, dt time.Time) []byte { + kDate := hmacSHA256([]byte("AWS4"+secretKey), []byte(formatShortTime(dt))) + kRegion := hmacSHA256(kDate, []byte(region)) + kService := hmacSHA256(kRegion, []byte(service)) + signingKey := hmacSHA256(kService, []byte(awsV4Request)) + return signingKey +} + +func formatShortTime(dt time.Time) string { + return dt.UTC().Format(shortTimeFormat) +} + +func formatTime(dt time.Time) string { + return dt.UTC().Format(timeFormat) +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go index 455091540f..d542ef01bc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go @@ -2,6 +2,7 @@ package aws import ( "io" + "strings" "sync" "github.com/aws/aws-sdk-go/internal/sdkio" @@ -205,3 +206,36 @@ func (b *WriteAtBuffer) Bytes() []byte { defer b.m.Unlock() return b.buf } + +// MultiCloser is a utility to close multiple io.Closers within a single +// statement. +type MultiCloser []io.Closer + +// Close closes all of the io.Closers making up the MultiClosers. Any +// errors that occur while closing will be returned in the order they +// occur. +func (m MultiCloser) Close() error { + var errs errors + for _, c := range m { + err := c.Close() + if err != nil { + errs = append(errs, err) + } + } + if len(errs) != 0 { + return errs + } + + return nil +} + +type errors []error + +func (es errors) Error() string { + var parts []string + for _, e := range es { + parts = append(parts, e.Error()) + } + + return strings.Join(parts, "\n") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index c220bd200b..fc907e4022 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.25.38" +const SDKVersion = "1.29.21" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/internal/context/BUILD.bazel new file mode 100644 index 0000000000..e9f2475659 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/context/BUILD.bazel @@ -0,0 +1,9 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["background_go1.5.go"], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/internal/context", + importpath = "github.com/aws/aws-sdk-go/internal/context", + visibility = ["//vendor/github.com/aws/aws-sdk-go:__subpackages__"], +) diff --git a/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go new file mode 100644 index 0000000000..876dcb3fde --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go @@ -0,0 +1,40 @@ +// +build !go1.7 + +package context + +import "time" + +// An emptyCtx is a copy of the Go 1.7 context.emptyCtx type. This is copied to +// provide a 1.6 and 1.5 safe version of context that is compatible with Go +// 1.7's Context. +// +// An emptyCtx is never canceled, has no values, and has no deadline. It is not +// struct{}, since vars of this type must have distinct addresses. +type emptyCtx int + +func (*emptyCtx) Deadline() (deadline time.Time, ok bool) { + return +} + +func (*emptyCtx) Done() <-chan struct{} { + return nil +} + +func (*emptyCtx) Err() error { + return nil +} + +func (*emptyCtx) Value(key interface{}) interface{} { + return nil +} + +func (e *emptyCtx) String() string { + switch e { + case BackgroundCtx: + return "aws.BackgroundContext" + } + return "unknown empty Context" +} + +// BackgroundCtx is the common base context. +var BackgroundCtx = new(emptyCtx) diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/internal/strings/BUILD.bazel new file mode 100644 index 0000000000..ebb1182f66 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/BUILD.bazel @@ -0,0 +1,9 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["strings.go"], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/internal/strings", + importpath = "github.com/aws/aws-sdk-go/internal/strings", + visibility = ["//vendor/github.com/aws/aws-sdk-go:__subpackages__"], +) diff --git a/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go new file mode 100644 index 0000000000..d008ae27cb --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/strings/strings.go @@ -0,0 +1,11 @@ +package strings + +import ( + "strings" +) + +// HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings, +// under Unicode case-folding. +func HasPrefixFold(s, prefix string) bool { + return len(s) >= len(prefix) && strings.EqualFold(s[0:len(prefix)], prefix) +} diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/BUILD.bazel new file mode 100644 index 0000000000..0f8bca68ba --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/BUILD.bazel @@ -0,0 +1,9 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["singleflight.go"], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight", + importpath = "github.com/aws/aws-sdk-go/internal/sync/singleflight", + visibility = ["//vendor/github.com/aws/aws-sdk-go:__subpackages__"], +) diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE new file mode 100644 index 0000000000..6a66aea5ea --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go new file mode 100644 index 0000000000..14ad0c5891 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/sync/singleflight/singleflight.go @@ -0,0 +1,120 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package singleflight provides a duplicate function call suppression +// mechanism. +package singleflight + +import "sync" + +// call is an in-flight or completed singleflight.Do call +type call struct { + wg sync.WaitGroup + + // These fields are written once before the WaitGroup is done + // and are only read after the WaitGroup is done. + val interface{} + err error + + // forgotten indicates whether Forget was called with this call's key + // while the call was still in flight. + forgotten bool + + // These fields are read and written with the singleflight + // mutex held before the WaitGroup is done, and are read but + // not written after the WaitGroup is done. + dups int + chans []chan<- Result +} + +// Group represents a class of work and forms a namespace in +// which units of work can be executed with duplicate suppression. +type Group struct { + mu sync.Mutex // protects m + m map[string]*call // lazily initialized +} + +// Result holds the results of Do, so they can be passed +// on a channel. +type Result struct { + Val interface{} + Err error + Shared bool +} + +// Do executes and returns the results of the given function, making +// sure that only one execution is in-flight for a given key at a +// time. If a duplicate comes in, the duplicate caller waits for the +// original to complete and receives the same results. +// The return value shared indicates whether v was given to multiple callers. +func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) { + g.mu.Lock() + if g.m == nil { + g.m = make(map[string]*call) + } + if c, ok := g.m[key]; ok { + c.dups++ + g.mu.Unlock() + c.wg.Wait() + return c.val, c.err, true + } + c := new(call) + c.wg.Add(1) + g.m[key] = c + g.mu.Unlock() + + g.doCall(c, key, fn) + return c.val, c.err, c.dups > 0 +} + +// DoChan is like Do but returns a channel that will receive the +// results when they are ready. +func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result { + ch := make(chan Result, 1) + g.mu.Lock() + if g.m == nil { + g.m = make(map[string]*call) + } + if c, ok := g.m[key]; ok { + c.dups++ + c.chans = append(c.chans, ch) + g.mu.Unlock() + return ch + } + c := &call{chans: []chan<- Result{ch}} + c.wg.Add(1) + g.m[key] = c + g.mu.Unlock() + + go g.doCall(c, key, fn) + + return ch +} + +// doCall handles the single call for a key. +func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { + c.val, c.err = fn() + c.wg.Done() + + g.mu.Lock() + if !c.forgotten { + delete(g.m, key) + } + for _, ch := range c.chans { + ch <- Result{c.val, c.err, c.dups > 0} + } + g.mu.Unlock() +} + +// Forget tells the singleflight to forget about a key. Future calls +// to Do for this key will call the function rather than waiting for +// an earlier call to complete. +func (g *Group) Forget(key string) { + g.mu.Lock() + if c, ok := g.m[key]; ok { + c.forgotten = true + } + delete(g.m, key) + g.mu.Unlock() +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/private/protocol/BUILD.bazel index b4a5667a05..b050942b4c 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/BUILD.bazel @@ -8,14 +8,17 @@ go_library( "idempotency.go", "jsonvalue.go", "payload.go", + "protocol.go", "timestamp.go", "unmarshal.go", + "unmarshal_error.go", ], importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/private/protocol", importpath = "github.com/aws/aws-sdk-go/private/protocol", visibility = ["//visibility:public"], deps = [ "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/client/metadata:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/sdkmath:go_default_library", diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go index 50c5ed7600..5d500be27f 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go @@ -1,7 +1,7 @@ // Package ec2query provides serialization of AWS EC2 requests and responses. package ec2query -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/ec2.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/ec2.json build_test.go import ( "net/url" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go index 105d732f9d..c42b04a8d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go @@ -1,6 +1,6 @@ package ec2query -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/ec2.json unmarshal_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/ec2.json unmarshal_test.go import ( "encoding/xml" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go index ecc7bf82fa..151054971a 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/debug.go @@ -101,7 +101,7 @@ func (hs *decodedHeaders) UnmarshalJSON(b []byte) error { } headers.Set(h.Name, value) } - (*hs) = decodedHeaders(headers) + *hs = decodedHeaders(headers) return nil } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go index 4b972b2d66..4743393918 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/decode.go @@ -21,10 +21,24 @@ type Decoder struct { // NewDecoder initializes and returns a Decoder for decoding event // stream messages from the reader provided. -func NewDecoder(r io.Reader) *Decoder { - return &Decoder{ +func NewDecoder(r io.Reader, opts ...func(*Decoder)) *Decoder { + d := &Decoder{ r: r, } + + for _, opt := range opts { + opt(d) + } + + return d +} + +// DecodeWithLogger adds a logger to be used by the decoder when decoding +// stream events. +func DecodeWithLogger(logger aws.Logger) func(*Decoder) { + return func(d *Decoder) { + d.logger = logger + } } // Decode attempts to decode a single message from the event stream reader. @@ -40,6 +54,15 @@ func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) { }() } + m, err = Decode(reader, payloadBuf) + + return m, err +} + +// Decode attempts to decode a single message from the event stream reader. +// Will return the event stream message, or error if Decode fails to read +// the message from the reader. +func Decode(reader io.Reader, payloadBuf []byte) (m Message, err error) { crc := crc32.New(crc32IEEETable) hashReader := io.TeeReader(reader, crc) @@ -72,12 +95,6 @@ func (d *Decoder) Decode(payloadBuf []byte) (m Message, err error) { return m, nil } -// UseLogger specifies the Logger that that the decoder should use to log the -// message decode to. -func (d *Decoder) UseLogger(logger aws.Logger) { - d.logger = logger -} - func logMessageDecode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, decodeErr error) { w := bytes.NewBuffer(nil) defer func() { logger.Log(w.String()) }() diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go index 150a60981d..ffade3bc0c 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/encode.go @@ -3,61 +3,107 @@ package eventstream import ( "bytes" "encoding/binary" + "encoding/hex" + "encoding/json" + "fmt" "hash" "hash/crc32" "io" + + "github.com/aws/aws-sdk-go/aws" ) // Encoder provides EventStream message encoding. type Encoder struct { - w io.Writer + w io.Writer + logger aws.Logger headersBuf *bytes.Buffer } // NewEncoder initializes and returns an Encoder to encode Event Stream // messages to an io.Writer. -func NewEncoder(w io.Writer) *Encoder { - return &Encoder{ +func NewEncoder(w io.Writer, opts ...func(*Encoder)) *Encoder { + e := &Encoder{ w: w, headersBuf: bytes.NewBuffer(nil), } + + for _, opt := range opts { + opt(e) + } + + return e +} + +// EncodeWithLogger adds a logger to be used by the encode when decoding +// stream events. +func EncodeWithLogger(logger aws.Logger) func(*Encoder) { + return func(d *Encoder) { + d.logger = logger + } } // Encode encodes a single EventStream message to the io.Writer the Encoder // was created with. An error is returned if writing the message fails. -func (e *Encoder) Encode(msg Message) error { +func (e *Encoder) Encode(msg Message) (err error) { e.headersBuf.Reset() - err := encodeHeaders(e.headersBuf, msg.Headers) - if err != nil { + writer := e.w + if e.logger != nil { + encodeMsgBuf := bytes.NewBuffer(nil) + writer = io.MultiWriter(writer, encodeMsgBuf) + defer func() { + logMessageEncode(e.logger, encodeMsgBuf, msg, err) + }() + } + + if err = EncodeHeaders(e.headersBuf, msg.Headers); err != nil { return err } crc := crc32.New(crc32IEEETable) - hashWriter := io.MultiWriter(e.w, crc) + hashWriter := io.MultiWriter(writer, crc) headersLen := uint32(e.headersBuf.Len()) payloadLen := uint32(len(msg.Payload)) - if err := encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil { + if err = encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil { return err } if headersLen > 0 { - if _, err := io.Copy(hashWriter, e.headersBuf); err != nil { + if _, err = io.Copy(hashWriter, e.headersBuf); err != nil { return err } } if payloadLen > 0 { - if _, err := hashWriter.Write(msg.Payload); err != nil { + if _, err = hashWriter.Write(msg.Payload); err != nil { return err } } msgCRC := crc.Sum32() - return binary.Write(e.w, binary.BigEndian, msgCRC) + return binary.Write(writer, binary.BigEndian, msgCRC) +} + +func logMessageEncode(logger aws.Logger, msgBuf *bytes.Buffer, msg Message, encodeErr error) { + w := bytes.NewBuffer(nil) + defer func() { logger.Log(w.String()) }() + + fmt.Fprintf(w, "Message to encode:\n") + encoder := json.NewEncoder(w) + if err := encoder.Encode(msg); err != nil { + fmt.Fprintf(w, "Failed to get encoded message, %v\n", err) + } + + if encodeErr != nil { + fmt.Fprintf(w, "Encode error: %v\n", encodeErr) + return + } + + fmt.Fprintf(w, "Raw message:\n%s\n", hex.Dump(msgBuf.Bytes())) } func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) error { @@ -86,7 +132,9 @@ func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) return nil } -func encodeHeaders(w io.Writer, headers Headers) error { +// EncodeHeaders writes the header values to the writer encoded in the event +// stream format. Returns an error if a header fails to encode. +func EncodeHeaders(w io.Writer, headers Headers) error { for _, h := range headers { hn := headerName{ Len: uint8(len(h.Name)), diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/BUILD.bazel index 2219c11caa..b4b9392bb9 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/BUILD.bazel @@ -3,8 +3,12 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "go_default_library", srcs = [ - "api.go", "error.go", + "reader.go", + "shared.go", + "signer.go", + "stream_writer.go", + "writer.go", ], importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi", importpath = "github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi", diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go index 5ea5a988b6..34c2e89d53 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/error.go @@ -1,6 +1,9 @@ package eventstreamapi -import "fmt" +import ( + "fmt" + "sync" +) type messageError struct { code string @@ -22,3 +25,53 @@ func (e messageError) Error() string { func (e messageError) OrigErr() error { return nil } + +// OnceError wraps the behavior of recording an error +// once and signal on a channel when this has occurred. +// Signaling is done by closing of the channel. +// +// Type is safe for concurrent usage. +type OnceError struct { + mu sync.RWMutex + err error + ch chan struct{} +} + +// NewOnceError return a new OnceError +func NewOnceError() *OnceError { + return &OnceError{ + ch: make(chan struct{}, 1), + } +} + +// Err acquires a read-lock and returns an +// error if one has been set. +func (e *OnceError) Err() error { + e.mu.RLock() + err := e.err + e.mu.RUnlock() + + return err +} + +// SetError acquires a write-lock and will set +// the underlying error value if one has not been set. +func (e *OnceError) SetError(err error) { + if err == nil { + return + } + + e.mu.Lock() + if e.err == nil { + e.err = err + close(e.ch) + } + e.mu.Unlock() +} + +// ErrorSet returns a channel that will be used to signal +// that an error has been set. This channel will be closed +// when the error value has been set for OnceError. +func (e *OnceError) ErrorSet() <-chan struct{} { + return e.ch +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go similarity index 77% rename from vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go rename to vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go index 97937c8e59..bb8ea5da16 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/api.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/reader.go @@ -2,9 +2,7 @@ package eventstreamapi import ( "fmt" - "io" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/private/protocol" "github.com/aws/aws-sdk-go/private/protocol/eventstream" ) @@ -15,27 +13,8 @@ type Unmarshaler interface { UnmarshalEvent(protocol.PayloadUnmarshaler, eventstream.Message) error } -// EventStream headers with specific meaning to async API functionality. -const ( - MessageTypeHeader = `:message-type` // Identifies type of message. - EventMessageType = `event` - ErrorMessageType = `error` - ExceptionMessageType = `exception` - - // Message Events - EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats". - - // Message Error - ErrorCodeHeader = `:error-code` - ErrorMessageHeader = `:error-message` - - // Message Exception - ExceptionTypeHeader = `:exception-type` -) - // EventReader provides reading from the EventStream of an reader. type EventReader struct { - reader io.ReadCloser decoder *eventstream.Decoder unmarshalerForEventType func(string) (Unmarshaler, error) @@ -47,27 +26,18 @@ type EventReader struct { // NewEventReader returns a EventReader built from the reader and unmarshaler // provided. Use ReadStream method to start reading from the EventStream. func NewEventReader( - reader io.ReadCloser, + decoder *eventstream.Decoder, payloadUnmarshaler protocol.PayloadUnmarshaler, unmarshalerForEventType func(string) (Unmarshaler, error), ) *EventReader { return &EventReader{ - reader: reader, - decoder: eventstream.NewDecoder(reader), + decoder: decoder, payloadUnmarshaler: payloadUnmarshaler, unmarshalerForEventType: unmarshalerForEventType, payloadBuf: make([]byte, 10*1024), } } -// UseLogger instructs the EventReader to use the logger and log level -// specified. -func (r *EventReader) UseLogger(logger aws.Logger, logLevel aws.LogLevelType) { - if logger != nil && logLevel.Matches(aws.LogDebugWithEventStreamBody) { - r.decoder.UseLogger(logger) - } -} - // ReadEvent attempts to read a message from the EventStream and return the // unmarshaled event value that the message is for. // @@ -95,8 +65,7 @@ func (r *EventReader) ReadEvent() (event interface{}, err error) { case EventMessageType: return r.unmarshalEventMessage(msg) case ExceptionMessageType: - err = r.unmarshalEventException(msg) - return nil, err + return nil, r.unmarshalEventException(msg) case ErrorMessageType: return nil, r.unmarshalErrorMessage(msg) default: @@ -174,11 +143,6 @@ func (r *EventReader) unmarshalErrorMessage(msg eventstream.Message) (err error) return msgErr } -// Close closes the EventReader's EventStream reader. -func (r *EventReader) Close() error { - return r.reader.Close() -} - // GetHeaderString returns the value of the header as a string. If the header // is not set or the value is not a string an error will be returned. func GetHeaderString(msg eventstream.Message, headerName string) (string, error) { diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go new file mode 100644 index 0000000000..e46b8acc20 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/shared.go @@ -0,0 +1,23 @@ +package eventstreamapi + +// EventStream headers with specific meaning to async API functionality. +const ( + ChunkSignatureHeader = `:chunk-signature` // chunk signature for message + DateHeader = `:date` // Date header for signature + + // Message header and values + MessageTypeHeader = `:message-type` // Identifies type of message. + EventMessageType = `event` + ErrorMessageType = `error` + ExceptionMessageType = `exception` + + // Message Events + EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats". + + // Message Error + ErrorCodeHeader = `:error-code` + ErrorMessageHeader = `:error-message` + + // Message Exception + ExceptionTypeHeader = `:exception-type` +) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go new file mode 100644 index 0000000000..3a7ba5cd57 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/signer.go @@ -0,0 +1,123 @@ +package eventstreamapi + +import ( + "bytes" + "strings" + "time" + + "github.com/aws/aws-sdk-go/private/protocol/eventstream" +) + +var timeNow = time.Now + +// StreamSigner defines an interface for the implementation of signing of event stream payloads +type StreamSigner interface { + GetSignature(headers, payload []byte, date time.Time) ([]byte, error) +} + +// SignEncoder envelopes event stream messages +// into an event stream message payload with included +// signature headers using the provided signer and encoder. +type SignEncoder struct { + signer StreamSigner + encoder Encoder + bufEncoder *BufferEncoder + + closeErr error + closed bool +} + +// NewSignEncoder returns a new SignEncoder using the provided stream signer and +// event stream encoder. +func NewSignEncoder(signer StreamSigner, encoder Encoder) *SignEncoder { + // TODO: Need to pass down logging + + return &SignEncoder{ + signer: signer, + encoder: encoder, + bufEncoder: NewBufferEncoder(), + } +} + +// Close encodes a final event stream signing envelope with an empty event stream +// payload. This final end-frame is used to mark the conclusion of the stream. +func (s *SignEncoder) Close() error { + if s.closed { + return s.closeErr + } + + if err := s.encode([]byte{}); err != nil { + if strings.Contains(err.Error(), "on closed pipe") { + return nil + } + + s.closeErr = err + s.closed = true + return s.closeErr + } + + return nil +} + +// Encode takes the provided message and add envelopes the message +// with the required signature. +func (s *SignEncoder) Encode(msg eventstream.Message) error { + payload, err := s.bufEncoder.Encode(msg) + if err != nil { + return err + } + + return s.encode(payload) +} + +func (s SignEncoder) encode(payload []byte) error { + date := timeNow() + + var msg eventstream.Message + msg.Headers.Set(DateHeader, eventstream.TimestampValue(date)) + msg.Payload = payload + + var headers bytes.Buffer + if err := eventstream.EncodeHeaders(&headers, msg.Headers); err != nil { + return err + } + + sig, err := s.signer.GetSignature(headers.Bytes(), msg.Payload, date) + if err != nil { + return err + } + + msg.Headers.Set(ChunkSignatureHeader, eventstream.BytesValue(sig)) + + return s.encoder.Encode(msg) +} + +// BufferEncoder is a utility that provides a buffered +// event stream encoder +type BufferEncoder struct { + encoder Encoder + buffer *bytes.Buffer +} + +// NewBufferEncoder returns a new BufferEncoder initialized +// with a 1024 byte buffer. +func NewBufferEncoder() *BufferEncoder { + buf := bytes.NewBuffer(make([]byte, 1024)) + return &BufferEncoder{ + encoder: eventstream.NewEncoder(buf), + buffer: buf, + } +} + +// Encode returns the encoded message as a byte slice. +// The returned byte slice will be modified on the next encode call +// and should not be held onto. +func (e *BufferEncoder) Encode(msg eventstream.Message) ([]byte, error) { + e.buffer.Reset() + + if err := e.encoder.Encode(msg); err != nil { + return nil, err + } + + return e.buffer.Bytes(), nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go new file mode 100644 index 0000000000..433bb1630a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/stream_writer.go @@ -0,0 +1,129 @@ +package eventstreamapi + +import ( + "fmt" + "io" + "sync" + + "github.com/aws/aws-sdk-go/aws" +) + +// StreamWriter provides concurrent safe writing to an event stream. +type StreamWriter struct { + eventWriter *EventWriter + stream chan eventWriteAsyncReport + + done chan struct{} + closeOnce sync.Once + err *OnceError + + streamCloser io.Closer +} + +// NewStreamWriter returns a StreamWriter for the event writer, and stream +// closer provided. +func NewStreamWriter(eventWriter *EventWriter, streamCloser io.Closer) *StreamWriter { + w := &StreamWriter{ + eventWriter: eventWriter, + streamCloser: streamCloser, + stream: make(chan eventWriteAsyncReport), + done: make(chan struct{}), + err: NewOnceError(), + } + go w.writeStream() + + return w +} + +// Close terminates the writers ability to write new events to the stream. Any +// future call to Send will fail with an error. +func (w *StreamWriter) Close() error { + w.closeOnce.Do(w.safeClose) + return w.Err() +} + +func (w *StreamWriter) safeClose() { + close(w.done) +} + +// ErrorSet returns a channel which will be closed +// if an error occurs. +func (w *StreamWriter) ErrorSet() <-chan struct{} { + return w.err.ErrorSet() +} + +// Err returns any error that occurred while attempting to write an event to the +// stream. +func (w *StreamWriter) Err() error { + return w.err.Err() +} + +// Send writes a single event to the stream returning an error if the write +// failed. +// +// Send may be called concurrently. Events will be written to the stream +// safely. +func (w *StreamWriter) Send(ctx aws.Context, event Marshaler) error { + if err := w.Err(); err != nil { + return err + } + + resultCh := make(chan error) + wrapped := eventWriteAsyncReport{ + Event: event, + Result: resultCh, + } + + select { + case w.stream <- wrapped: + case <-ctx.Done(): + return ctx.Err() + case <-w.done: + return fmt.Errorf("stream closed, unable to send event") + } + + select { + case err := <-resultCh: + return err + case <-ctx.Done(): + return ctx.Err() + case <-w.done: + return fmt.Errorf("stream closed, unable to send event") + } +} + +func (w *StreamWriter) writeStream() { + defer w.Close() + + for { + select { + case wrapper := <-w.stream: + err := w.eventWriter.WriteEvent(wrapper.Event) + wrapper.ReportResult(w.done, err) + if err != nil { + w.err.SetError(err) + return + } + + case <-w.done: + if err := w.streamCloser.Close(); err != nil { + w.err.SetError(err) + } + return + } + } +} + +type eventWriteAsyncReport struct { + Event Marshaler + Result chan<- error +} + +func (e eventWriteAsyncReport) ReportResult(cancel <-chan struct{}, err error) bool { + select { + case e.Result <- err: + return true + case <-cancel: + return false + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go new file mode 100644 index 0000000000..10a3823dfa --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go @@ -0,0 +1,109 @@ +package eventstreamapi + +import ( + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/eventstream" +) + +// Marshaler provides a marshaling interface for event types to event stream +// messages. +type Marshaler interface { + MarshalEvent(protocol.PayloadMarshaler) (eventstream.Message, error) +} + +// Encoder is an stream encoder that will encode an event stream message for +// the transport. +type Encoder interface { + Encode(eventstream.Message) error +} + +// EventWriter provides a wrapper around the underlying event stream encoder +// for an io.WriteCloser. +type EventWriter struct { + encoder Encoder + payloadMarshaler protocol.PayloadMarshaler + eventTypeFor func(Marshaler) (string, error) +} + +// NewEventWriter returns a new event stream writer, that will write to the +// writer provided. Use the WriteEvent method to write an event to the stream. +func NewEventWriter(encoder Encoder, pm protocol.PayloadMarshaler, eventTypeFor func(Marshaler) (string, error), +) *EventWriter { + return &EventWriter{ + encoder: encoder, + payloadMarshaler: pm, + eventTypeFor: eventTypeFor, + } +} + +// WriteEvent writes an event to the stream. Returns an error if the event +// fails to marshal into a message, or writing to the underlying writer fails. +func (w *EventWriter) WriteEvent(event Marshaler) error { + msg, err := w.marshal(event) + if err != nil { + return err + } + + return w.encoder.Encode(msg) +} + +func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) { + eventType, err := w.eventTypeFor(event) + if err != nil { + return eventstream.Message{}, err + } + + msg, err := event.MarshalEvent(w.payloadMarshaler) + if err != nil { + return eventstream.Message{}, err + } + + msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) + return msg, nil +} + +//type EventEncoder struct { +// encoder Encoder +// ppayloadMarshaler protocol.PayloadMarshaler +// eventTypeFor func(Marshaler) (string, error) +//} +// +//func (e EventEncoder) Encode(event Marshaler) error { +// msg, err := e.marshal(event) +// if err != nil { +// return err +// } +// +// return w.encoder.Encode(msg) +//} +// +//func (e EventEncoder) marshal(event Marshaler) (eventstream.Message, error) { +// eventType, err := w.eventTypeFor(event) +// if err != nil { +// return eventstream.Message{}, err +// } +// +// msg, err := event.MarshalEvent(w.payloadMarshaler) +// if err != nil { +// return eventstream.Message{}, err +// } +// +// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) +// return msg, nil +//} +// +//func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) { +// eventType, err := w.eventTypeFor(event) +// if err != nil { +// return eventstream.Message{}, err +// } +// +// msg, err := event.MarshalEvent(w.payloadMarshaler) +// if err != nil { +// return eventstream.Message{}, err +// } +// +// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType)) +// return msg, nil +//} +// diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go index e3fc0766a9..9f509d8f6d 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/header_value.go @@ -461,6 +461,11 @@ func (v *TimestampValue) decode(r io.Reader) error { return nil } +// MarshalJSON implements the json.Marshaler interface +func (v TimestampValue) MarshalJSON() ([]byte, error) { + return []byte(v.String()), nil +} + func timeFromEpochMilli(t int64) time.Time { secs := t / 1e3 msec := t % 1e3 diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go index 2dc012a66e..25c9783cde 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/message.go @@ -27,7 +27,7 @@ func (m *Message) rawMessage() (rawMessage, error) { if len(m.Headers) > 0 { var headers bytes.Buffer - if err := encodeHeaders(&headers, m.Headers); err != nil { + if err := EncodeHeaders(&headers, m.Headers); err != nil { return rawMessage{}, err } raw.Headers = headers.Bytes() diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go index ea0da79a5e..5e9499699b 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go @@ -7,6 +7,7 @@ import ( "fmt" "io" "reflect" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -45,10 +46,31 @@ func UnmarshalJSON(v interface{}, stream io.Reader) error { return err } - return unmarshalAny(reflect.ValueOf(v), out, "") + return unmarshaler{}.unmarshalAny(reflect.ValueOf(v), out, "") } -func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error { +// UnmarshalJSONCaseInsensitive reads a stream and unmarshals the result into the +// object v. Ignores casing for structure members. +func UnmarshalJSONCaseInsensitive(v interface{}, stream io.Reader) error { + var out interface{} + + err := json.NewDecoder(stream).Decode(&out) + if err == io.EOF { + return nil + } else if err != nil { + return err + } + + return unmarshaler{ + caseInsensitive: true, + }.unmarshalAny(reflect.ValueOf(v), out, "") +} + +type unmarshaler struct { + caseInsensitive bool +} + +func (u unmarshaler) unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error { vtype := value.Type() if vtype.Kind() == reflect.Ptr { vtype = vtype.Elem() // check kind of actual element type @@ -80,17 +102,17 @@ func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) if field, ok := vtype.FieldByName("_"); ok { tag = field.Tag } - return unmarshalStruct(value, data, tag) + return u.unmarshalStruct(value, data, tag) case "list": - return unmarshalList(value, data, tag) + return u.unmarshalList(value, data, tag) case "map": - return unmarshalMap(value, data, tag) + return u.unmarshalMap(value, data, tag) default: - return unmarshalScalar(value, data, tag) + return u.unmarshalScalar(value, data, tag) } } -func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error { +func (u unmarshaler) unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error { if data == nil { return nil } @@ -114,7 +136,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa // unwrap any payloads if payload := tag.Get("payload"); payload != "" { field, _ := t.FieldByName(payload) - return unmarshalAny(value.FieldByName(payload), data, field.Tag) + return u.unmarshalAny(value.FieldByName(payload), data, field.Tag) } for i := 0; i < t.NumField(); i++ { @@ -128,9 +150,19 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa if locName := field.Tag.Get("locationName"); locName != "" { name = locName } + if u.caseInsensitive { + if _, ok := mapData[name]; !ok { + // Fallback to uncased name search if the exact name didn't match. + for kn, v := range mapData { + if strings.EqualFold(kn, name) { + mapData[name] = v + } + } + } + } member := value.FieldByIndex(field.Index) - err := unmarshalAny(member, mapData[name], field.Tag) + err := u.unmarshalAny(member, mapData[name], field.Tag) if err != nil { return err } @@ -138,7 +170,7 @@ func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTa return nil } -func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error { +func (u unmarshaler) unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error { if data == nil { return nil } @@ -153,7 +185,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) } for i, c := range listData { - err := unmarshalAny(value.Index(i), c, "") + err := u.unmarshalAny(value.Index(i), c, "") if err != nil { return err } @@ -162,7 +194,7 @@ func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) return nil } -func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error { +func (u unmarshaler) unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error { if data == nil { return nil } @@ -179,14 +211,14 @@ func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) kvalue := reflect.ValueOf(k) vvalue := reflect.New(value.Type().Elem()).Elem() - unmarshalAny(vvalue, v, "") + u.unmarshalAny(vvalue, v, "") value.SetMapIndex(kvalue, vvalue) } return nil } -func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error { +func (u unmarshaler) unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error { switch d := data.(type) { case nil: diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/BUILD.bazel index 612a849399..ee5f7ff772 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/BUILD.bazel @@ -2,13 +2,17 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "go_default_library", - srcs = ["jsonrpc.go"], + srcs = [ + "jsonrpc.go", + "unmarshal_error.go", + ], importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc", importpath = "github.com/aws/aws-sdk-go/private/protocol/jsonrpc", visibility = ["//visibility:public"], deps = [ "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/rest:go_default_library", ], diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go index bfedc9fd42..a029217e4c 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go @@ -2,12 +2,10 @@ // requests and responses. package jsonrpc -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/json.json build_test.go -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/json.json unmarshal_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/json.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/json.json unmarshal_test.go import ( - "strings" - "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" @@ -16,17 +14,26 @@ import ( var emptyJSON = []byte("{}") -// BuildHandler is a named request handler for building jsonrpc protocol requests -var BuildHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Build", Fn: Build} +// BuildHandler is a named request handler for building jsonrpc protocol +// requests +var BuildHandler = request.NamedHandler{ + Name: "awssdk.jsonrpc.Build", + Fn: Build, +} -// UnmarshalHandler is a named request handler for unmarshaling jsonrpc protocol requests -var UnmarshalHandler = request.NamedHandler{Name: "awssdk.jsonrpc.Unmarshal", Fn: Unmarshal} +// UnmarshalHandler is a named request handler for unmarshaling jsonrpc +// protocol requests +var UnmarshalHandler = request.NamedHandler{ + Name: "awssdk.jsonrpc.Unmarshal", + Fn: Unmarshal, +} -// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc protocol request metadata -var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalMeta", Fn: UnmarshalMeta} - -// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc protocol request errors -var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.jsonrpc.UnmarshalError", Fn: UnmarshalError} +// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc +// protocol request metadata +var UnmarshalMetaHandler = request.NamedHandler{ + Name: "awssdk.jsonrpc.UnmarshalMeta", + Fn: UnmarshalMeta, +} // Build builds a JSON payload for a JSON RPC request. func Build(req *request.Request) { @@ -79,32 +86,3 @@ func Unmarshal(req *request.Request) { func UnmarshalMeta(req *request.Request) { rest.UnmarshalMeta(req) } - -// UnmarshalError unmarshals an error response for a JSON RPC service. -func UnmarshalError(req *request.Request) { - defer req.HTTPResponse.Body.Close() - - var jsonErr jsonErrorResponse - err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body) - if err != nil { - req.Error = awserr.NewRequestFailure( - awserr.New(request.ErrCodeSerialization, - "failed to unmarshal error message", err), - req.HTTPResponse.StatusCode, - req.RequestID, - ) - return - } - - codes := strings.SplitN(jsonErr.Code, "#", 2) - req.Error = awserr.NewRequestFailure( - awserr.New(codes[len(codes)-1], jsonErr.Message, nil), - req.HTTPResponse.StatusCode, - req.RequestID, - ) -} - -type jsonErrorResponse struct { - Code string `json:"__type"` - Message string `json:"message"` -} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go new file mode 100644 index 0000000000..c0c52e2db0 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go @@ -0,0 +1,107 @@ +package jsonrpc + +import ( + "bytes" + "io" + "io/ioutil" + "net/http" + "strings" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" +) + +// UnmarshalTypedError provides unmarshaling errors API response errors +// for both typed and untyped errors. +type UnmarshalTypedError struct { + exceptions map[string]func(protocol.ResponseMetadata) error +} + +// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the +// set of exception names to the error unmarshalers +func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError { + return &UnmarshalTypedError{ + exceptions: exceptions, + } +} + +// UnmarshalError attempts to unmarshal the HTTP response error as a known +// error type. If unable to unmarshal the error type, the generic SDK error +// type will be used. +func (u *UnmarshalTypedError) UnmarshalError( + resp *http.Response, + respMeta protocol.ResponseMetadata, +) (error, error) { + + var buf bytes.Buffer + var jsonErr jsonErrorResponse + teeReader := io.TeeReader(resp.Body, &buf) + err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader) + if err != nil { + return nil, err + } + body := ioutil.NopCloser(&buf) + + // Code may be separated by hash(#), with the last element being the code + // used by the SDK. + codeParts := strings.SplitN(jsonErr.Code, "#", 2) + code := codeParts[len(codeParts)-1] + msg := jsonErr.Message + + if fn, ok := u.exceptions[code]; ok { + // If exception code is know, use associated constructor to get a value + // for the exception that the JSON body can be unmarshaled into. + v := fn(respMeta) + err := jsonutil.UnmarshalJSONCaseInsensitive(v, body) + if err != nil { + return nil, err + } + + return v, nil + } + + // fallback to unmodeled generic exceptions + return awserr.NewRequestFailure( + awserr.New(code, msg, nil), + respMeta.StatusCode, + respMeta.RequestID, + ), nil +} + +// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc +// protocol request errors +var UnmarshalErrorHandler = request.NamedHandler{ + Name: "awssdk.jsonrpc.UnmarshalError", + Fn: UnmarshalError, +} + +// UnmarshalError unmarshals an error response for a JSON RPC service. +func UnmarshalError(req *request.Request) { + defer req.HTTPResponse.Body.Close() + + var jsonErr jsonErrorResponse + err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body) + if err != nil { + req.Error = awserr.NewRequestFailure( + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal error message", err), + req.HTTPResponse.StatusCode, + req.RequestID, + ) + return + } + + codes := strings.SplitN(jsonErr.Code, "#", 2) + req.Error = awserr.NewRequestFailure( + awserr.New(codes[len(codes)-1], jsonErr.Message, nil), + req.HTTPResponse.StatusCode, + req.RequestID, + ) +} + +type jsonErrorResponse struct { + Code string `json:"__type"` + Message string `json:"message"` +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go index e21614a125..0ea0647a57 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/payload.go @@ -64,7 +64,7 @@ func (h HandlerPayloadMarshal) MarshalPayload(w io.Writer, v interface{}) error metadata.ClientInfo{}, request.Handlers{}, nil, - &request.Operation{HTTPMethod: "GET"}, + &request.Operation{HTTPMethod: "PUT"}, v, nil, ) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go new file mode 100644 index 0000000000..9d521dcb95 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/protocol.go @@ -0,0 +1,49 @@ +package protocol + +import ( + "fmt" + "strings" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/request" +) + +// RequireHTTPMinProtocol request handler is used to enforce that +// the target endpoint supports the given major and minor HTTP protocol version. +type RequireHTTPMinProtocol struct { + Major, Minor int +} + +// Handler will mark the request.Request with an error if the +// target endpoint did not connect with the required HTTP protocol +// major and minor version. +func (p RequireHTTPMinProtocol) Handler(r *request.Request) { + if r.Error != nil || r.HTTPResponse == nil { + return + } + + if !strings.HasPrefix(r.HTTPResponse.Proto, "HTTP") { + r.Error = newMinHTTPProtoError(p.Major, p.Minor, r) + } + + if r.HTTPResponse.ProtoMajor < p.Major || r.HTTPResponse.ProtoMinor < p.Minor { + r.Error = newMinHTTPProtoError(p.Major, p.Minor, r) + } +} + +// ErrCodeMinimumHTTPProtocolError error code is returned when the target endpoint +// did not match the required HTTP major and minor protocol version. +const ErrCodeMinimumHTTPProtocolError = "MinimumHTTPProtocolError" + +func newMinHTTPProtoError(major, minor int, r *request.Request) error { + return awserr.NewRequestFailure( + awserr.New("MinimumHTTPProtocolError", + fmt.Sprintf( + "operation requires minimum HTTP protocol of HTTP/%d.%d, but was %s", + major, minor, r.HTTPResponse.Proto, + ), + nil, + ), + r.HTTPResponse.StatusCode, r.RequestID, + ) +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go index 0cb99eb579..d40346a779 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go @@ -1,7 +1,7 @@ // Package query provides serialization of AWS query requests, and responses. package query -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/query.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/query.json build_test.go import ( "net/url" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go index f69c1efc93..9231e95d16 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go @@ -1,6 +1,6 @@ package query -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/query.json unmarshal_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/query.json unmarshal_test.go import ( "encoding/xml" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/BUILD.bazel index fb5f35a3a8..a1d0d4ff7e 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/BUILD.bazel @@ -14,6 +14,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/internal/strings:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go index 74e361e070..92f8b4d9a4 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go @@ -15,6 +15,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/request" + awsStrings "github.com/aws/aws-sdk-go/internal/strings" "github.com/aws/aws-sdk-go/private/protocol" ) @@ -28,7 +29,9 @@ var UnmarshalMetaHandler = request.NamedHandler{Name: "awssdk.rest.UnmarshalMeta func Unmarshal(r *request.Request) { if r.DataFilled() { v := reflect.Indirect(reflect.ValueOf(r.Data)) - unmarshalBody(r, v) + if err := unmarshalBody(r, v); err != nil { + r.Error = err + } } } @@ -40,12 +43,21 @@ func UnmarshalMeta(r *request.Request) { r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id") } if r.DataFilled() { - v := reflect.Indirect(reflect.ValueOf(r.Data)) - unmarshalLocationElements(r, v) + if err := UnmarshalResponse(r.HTTPResponse, r.Data, aws.BoolValue(r.Config.LowerCaseHeaderMaps)); err != nil { + r.Error = err + } } } -func unmarshalBody(r *request.Request, v reflect.Value) { +// UnmarshalResponse attempts to unmarshal the REST response headers to +// the data type passed in. The type must be a pointer. An error is returned +// with any error unmarshaling the response into the target datatype. +func UnmarshalResponse(resp *http.Response, data interface{}, lowerCaseHeaderMaps bool) error { + v := reflect.Indirect(reflect.ValueOf(data)) + return unmarshalLocationElements(resp, v, lowerCaseHeaderMaps) +} + +func unmarshalBody(r *request.Request, v reflect.Value) error { if field, ok := v.Type().FieldByName("_"); ok { if payloadName := field.Tag.Get("payload"); payloadName != "" { pfield, _ := v.Type().FieldByName(payloadName) @@ -57,35 +69,38 @@ func unmarshalBody(r *request.Request, v reflect.Value) { defer r.HTTPResponse.Body.Close() b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) - } else { - payload.Set(reflect.ValueOf(b)) + return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } + + payload.Set(reflect.ValueOf(b)) + case *string: defer r.HTTPResponse.Body.Close() b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) - } else { - str := string(b) - payload.Set(reflect.ValueOf(&str)) + return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } + + str := string(b) + payload.Set(reflect.ValueOf(&str)) + default: switch payload.Type().String() { case "io.ReadCloser": payload.Set(reflect.ValueOf(r.HTTPResponse.Body)) + case "io.ReadSeeker": b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, + return awserr.New(request.ErrCodeSerialization, "failed to read response body", err) - return } payload.Set(reflect.ValueOf(ioutil.NopCloser(bytes.NewReader(b)))) + default: io.Copy(ioutil.Discard, r.HTTPResponse.Body) - defer r.HTTPResponse.Body.Close() - r.Error = awserr.New(request.ErrCodeSerialization, + r.HTTPResponse.Body.Close() + return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", fmt.Errorf("unknown payload type %s", payload.Type())) } @@ -94,9 +109,11 @@ func unmarshalBody(r *request.Request, v reflect.Value) { } } } + + return nil } -func unmarshalLocationElements(r *request.Request, v reflect.Value) { +func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHeaderMaps bool) error { for i := 0; i < v.NumField(); i++ { m, field := v.Field(i), v.Type().Field(i) if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) { @@ -111,26 +128,25 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) { switch field.Tag.Get("location") { case "statusCode": - unmarshalStatusCode(m, r.HTTPResponse.StatusCode) + unmarshalStatusCode(m, resp.StatusCode) + case "header": - err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag) + err := unmarshalHeader(m, resp.Header.Get(name), field.Tag) if err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) - break + return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } + case "headers": prefix := field.Tag.Get("locationName") - err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) + err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps) if err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) - break + awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } } } - if r.Error != nil { - return - } } + + return nil } func unmarshalStatusCode(v reflect.Value, statusCode int) { @@ -145,7 +161,7 @@ func unmarshalStatusCode(v reflect.Value, statusCode int) { } } -func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) error { +func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string, normalize bool) error { if len(headers) == 0 { return nil } @@ -153,8 +169,12 @@ func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) err case map[string]*string: // we only support string map value types out := map[string]*string{} for k, v := range headers { - k = http.CanonicalHeaderKey(k) - if strings.HasPrefix(strings.ToLower(k), strings.ToLower(prefix)) { + if awsStrings.HasPrefixFold(k, prefix) { + if normalize == true { + k = strings.ToLower(k) + } else { + k = http.CanonicalHeaderKey(k) + } out[k[len(prefix):]] = &v[0] } } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go index 07a6187ea6..b1ae364871 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go @@ -2,8 +2,8 @@ // requests and responses. package restxml -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/input/rest-xml.json build_test.go -//go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-xml.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-xml.json unmarshal_test.go import ( "bytes" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go index da1a68111d..f614ef898b 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal.go @@ -19,3 +19,9 @@ func UnmarshalDiscardBody(r *request.Request) { io.Copy(ioutil.Discard, r.HTTPResponse.Body) r.HTTPResponse.Body.Close() } + +// ResponseMetadata provides the SDK response metadata attributes. +type ResponseMetadata struct { + StatusCode int + RequestID string +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go new file mode 100644 index 0000000000..cc857f136c --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/unmarshal_error.go @@ -0,0 +1,65 @@ +package protocol + +import ( + "net/http" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/request" +) + +// UnmarshalErrorHandler provides unmarshaling errors API response errors for +// both typed and untyped errors. +type UnmarshalErrorHandler struct { + unmarshaler ErrorUnmarshaler +} + +// ErrorUnmarshaler is an abstract interface for concrete implementations to +// unmarshal protocol specific response errors. +type ErrorUnmarshaler interface { + UnmarshalError(*http.Response, ResponseMetadata) (error, error) +} + +// NewUnmarshalErrorHandler returns an UnmarshalErrorHandler +// initialized for the set of exception names to the error unmarshalers +func NewUnmarshalErrorHandler(unmarshaler ErrorUnmarshaler) *UnmarshalErrorHandler { + return &UnmarshalErrorHandler{ + unmarshaler: unmarshaler, + } +} + +// UnmarshalErrorHandlerName is the name of the named handler. +const UnmarshalErrorHandlerName = "awssdk.protocol.UnmarshalError" + +// NamedHandler returns a NamedHandler for the unmarshaler using the set of +// errors the unmarshaler was initialized for. +func (u *UnmarshalErrorHandler) NamedHandler() request.NamedHandler { + return request.NamedHandler{ + Name: UnmarshalErrorHandlerName, + Fn: u.UnmarshalError, + } +} + +// UnmarshalError will attempt to unmarshal the API response's error message +// into either a generic SDK error type, or a typed error corresponding to the +// errors exception name. +func (u *UnmarshalErrorHandler) UnmarshalError(r *request.Request) { + defer r.HTTPResponse.Body.Close() + + respMeta := ResponseMetadata{ + StatusCode: r.HTTPResponse.StatusCode, + RequestID: r.RequestID, + } + + v, err := u.unmarshaler.UnmarshalError(r.HTTPResponse, respMeta) + if err != nil { + r.Error = awserr.NewRequestFailure( + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal response error", err), + respMeta.StatusCode, + respMeta.RequestID, + ) + return + } + + r.Error = v +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go index cfa9204ebd..d80c2f819d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go @@ -623,8 +623,8 @@ func (c *AutoScaling) CreateAutoScalingGroupRequest(input *CreateAutoScalingGrou // // If you exceed your maximum limit of Auto Scaling groups, the call fails. // For information about viewing this limit, see DescribeAccountLimits. For -// information about updating this limit, see Amazon EC2 Auto Scaling Limits -// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) +// information about updating this limit, see Amazon EC2 Auto Scaling Service +// Quotas (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) // in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -722,8 +722,8 @@ func (c *AutoScaling) CreateLaunchConfigurationRequest(input *CreateLaunchConfig // // If you exceed your maximum limit of launch configurations, the call fails. // For information about viewing this limit, see DescribeAccountLimits. For -// information about updating this limit, see Amazon EC2 Auto Scaling Limits -// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) +// information about updating this limit, see Amazon EC2 Auto Scaling Service +// Quotas (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) // in the Amazon EC2 Auto Scaling User Guide. // // For more information, see Launch Configurations (https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html) @@ -1527,11 +1527,11 @@ func (c *AutoScaling) DescribeAccountLimitsRequest(input *DescribeAccountLimitsI // DescribeAccountLimits API operation for Auto Scaling. // -// Describes the current Amazon EC2 Auto Scaling resource limits for your AWS +// Describes the current Amazon EC2 Auto Scaling resource quotas for your AWS // account. // -// For information about requesting an increase in these limits, see Amazon -// EC2 Auto Scaling Limits (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) +// For information about requesting an increase, see Amazon EC2 Auto Scaling +// Service Quotas (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) // in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4403,10 +4403,7 @@ func (c *AutoScaling) PutScalingPolicyRequest(input *PutScalingPolicyInput) (req // PutScalingPolicy API operation for Auto Scaling. // -// Creates or updates a scaling policy for an Auto Scaling group. To update -// an existing scaling policy, use the existing policy name and set the parameters -// to change. Any existing parameter not changed in an update to an existing -// policy is not changed in this update request. +// Creates or updates a scaling policy for an Auto Scaling group. // // For more information about using scaling policies to scale your Auto Scaling // group automatically, see Dynamic Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html) @@ -5143,10 +5140,20 @@ func (c *AutoScaling) TerminateInstanceInAutoScalingGroupRequest(input *Terminat // TerminateInstanceInAutoScalingGroup API operation for Auto Scaling. // // Terminates the specified instance and optionally adjusts the desired group -// size. +// size. This call simply makes a termination request. The instance is not terminated +// immediately. When an instance is terminated, the instance status changes +// to terminated. You can't connect to or start an instance after you've terminated +// it. // -// This call simply makes a termination request. The instance is not terminated -// immediately. +// If you do not specify the option to decrement the desired capacity, Amazon +// EC2 Auto Scaling launches instances to replace the ones that are terminated. +// +// By default, Amazon EC2 Auto Scaling balances instances across all Availability +// Zones. If you decrement the desired capacity, your Auto Scaling group can +// become unbalanced between Availability Zones. Amazon EC2 Auto Scaling tries +// to rebalance the group, and rebalancing might terminate instances in other +// zones. For more information, see Rebalancing Activities (https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#AutoScalingBehavior.InstanceUsage) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6148,6 +6155,10 @@ type CreateAutoScalingGroupInput struct { // The maximum amount of time, in seconds, that an instance can be in service. // + // For more information, see Replacing Auto Scaling Instances Based on Maximum + // Instance Lifetime (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) + // in the Amazon EC2 Auto Scaling User Guide. + // // Valid Range: Minimum value of 604800. MaxInstanceLifetime *int64 `type:"integer"` @@ -7482,12 +7493,12 @@ func (s DescribeAccountLimitsInput) GoString() string { type DescribeAccountLimitsOutput struct { _ struct{} `type:"structure"` - // The maximum number of groups allowed for your AWS account. The default limit - // is 200 per AWS Region. + // The maximum number of groups allowed for your AWS account. The default is + // 200 groups per AWS Region. MaxNumberOfAutoScalingGroups *int64 `type:"integer"` // The maximum number of launch configurations allowed for your AWS account. - // The default limit is 200 per AWS Region. + // The default is 200 launch configurations per AWS Region. MaxNumberOfLaunchConfigurations *int64 `type:"integer"` // The current number of groups for your AWS account. @@ -10735,6 +10746,10 @@ type LaunchTemplateOverrides struct { // you chose to set the desired capacity in terms of instances, or a performance // attribute such as vCPUs, memory, or I/O. // + // For more information, see Instance Weighting for Amazon EC2 Auto Scaling + // (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-weighting.html) + // in the Amazon EC2 Auto Scaling User Guide. + // // Valid Range: Minimum value of 1. Maximum value of 999. WeightedCapacity *string `min:"1" type:"string"` } @@ -11865,6 +11880,12 @@ type PutScalingPolicyInput struct { // in the Amazon EC2 Auto Scaling User Guide. Cooldown *int64 `type:"integer"` + // Indicates whether the scaling policy is enabled or disabled. The default + // is enabled. For more information, see Disabling a Scaling Policy for an Auto + // Scaling Group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-enable-disable-scaling-policy.html) + // in the Amazon EC2 Auto Scaling User Guide. + Enabled *bool `type:"boolean"` + // The estimated time, in seconds, until a newly launched instance can contribute // to the CloudWatch metrics. The default is to use the value specified for // the default cooldown period for the group. @@ -12009,6 +12030,12 @@ func (s *PutScalingPolicyInput) SetCooldown(v int64) *PutScalingPolicyInput { return s } +// SetEnabled sets the Enabled field's value. +func (s *PutScalingPolicyInput) SetEnabled(v bool) *PutScalingPolicyInput { + s.Enabled = &v + return s +} + // SetEstimatedInstanceWarmup sets the EstimatedInstanceWarmup field's value. func (s *PutScalingPolicyInput) SetEstimatedInstanceWarmup(v int64) *PutScalingPolicyInput { s.EstimatedInstanceWarmup = &v @@ -12380,6 +12407,9 @@ type ScalingPolicy struct { // any further dynamic scaling activities can start. Cooldown *int64 `type:"integer"` + // Indicates whether the policy is enabled (true) or disabled (false). + Enabled *bool `type:"boolean"` + // The estimated time, in seconds, until a newly launched instance can contribute // to the CloudWatch metrics. EstimatedInstanceWarmup *int64 `type:"integer"` @@ -12453,6 +12483,12 @@ func (s *ScalingPolicy) SetCooldown(v int64) *ScalingPolicy { return s } +// SetEnabled sets the Enabled field's value. +func (s *ScalingPolicy) SetEnabled(v bool) *ScalingPolicy { + s.Enabled = &v + return s +} + // SetEstimatedInstanceWarmup sets the EstimatedInstanceWarmup field's value. func (s *ScalingPolicy) SetEstimatedInstanceWarmup(v int64) *ScalingPolicy { s.EstimatedInstanceWarmup = &v @@ -13562,6 +13598,10 @@ type UpdateAutoScalingGroupInput struct { // The maximum amount of time, in seconds, that an instance can be in service. // + // For more information, see Replacing Auto Scaling Instances Based on Maximum + // Instance Lifetime (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) + // in the Amazon EC2 Auto Scaling User Guide. + // // Valid Range: Minimum value of 604800. MaxInstanceLifetime *int64 `type:"integer"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go index 8a48063a64..644838dd33 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "autoscaling" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "Auto Scaling" // ServiceID is a unique identifer of a specific service. + ServiceID = "Auto Scaling" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the AutoScaling client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go index 4b5eb738ae..d4fbccb7ec 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go @@ -438,8 +438,8 @@ func (c *CloudFormation) CreateStackInstancesRequest(input *CreateStackInstances // // Creates stack instances for the specified accounts, within the specified // regions. A stack instance refers to a stack in a specific account and region. -// Accounts and Regions are required parameters—you must specify at least -// one account and one region. +// You must specify at least one value for either Accounts or DeploymentTargets, +// and you must specify at least one value for Regions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3996,7 +3996,7 @@ func (c *CloudFormation) ListTypeRegistrationsRequest(input *ListTypeRegistratio // ListTypeRegistrations API operation for AWS CloudFormation. // -// Returns a list of registration tokens for the specified type. +// Returns a list of registration tokens for the specified type(s). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4500,7 +4500,7 @@ func (c *CloudFormation) RegisterTypeRequest(input *RegisterTypeInput) (req *req // * Making the resource type available for use in your account // // For more information on how to develop types and ready them for registeration, -// see Creating Resource Providers (cloudformation-cli/latest/userguide/resource-types.html) +// see Creating Resource Providers (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html) // in the CloudFormation CLI User Guide. // // Once you have initiated a registration request using RegisterType , you can @@ -5444,6 +5444,47 @@ func (s *AccountLimit) SetValue(v int64) *AccountLimit { return s } +// [Service-managed permissions] Describes whether StackSets automatically deploys +// to AWS Organizations accounts that are added to a target organization or +// organizational unit (OU). +type AutoDeployment struct { + _ struct{} `type:"structure"` + + // If set to true, StackSets automatically deploys additional stack instances + // to AWS Organizations accounts that are added to a target organization or + // organizational unit (OU) in the specified Regions. If an account is removed + // from a target organization or OU, StackSets deletes stack instances from + // the account in the specified Regions. + Enabled *bool `type:"boolean"` + + // If set to true, stack resources are retained when an account is removed from + // a target organization or OU. If set to false, stack resources are deleted. + // Specify only if Enabled is set to True. + RetainStacksOnAccountRemoval *bool `type:"boolean"` +} + +// String returns the string representation +func (s AutoDeployment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AutoDeployment) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *AutoDeployment) SetEnabled(v bool) *AutoDeployment { + s.Enabled = &v + return s +} + +// SetRetainStacksOnAccountRemoval sets the RetainStacksOnAccountRemoval field's value. +func (s *AutoDeployment) SetRetainStacksOnAccountRemoval(v bool) *AutoDeployment { + s.RetainStacksOnAccountRemoval = &v + return s +} + // The input for the CancelUpdateStack action. type CancelUpdateStackInput struct { _ struct{} `type:"structure"` @@ -6500,11 +6541,17 @@ func (s *CreateStackInput) SetTimeoutInMinutes(v int64) *CreateStackInput { type CreateStackInstancesInput struct { _ struct{} `type:"structure"` - // The names of one or more AWS accounts that you want to create stack instances - // in the specified region(s) for. + // [Self-managed permissions] The names of one or more AWS accounts that you + // want to create stack instances in the specified region(s) for. // - // Accounts is a required field - Accounts []*string `type:"list" required:"true"` + // You can specify Accounts or DeploymentTargets, but not both. + Accounts []*string `type:"list"` + + // [Service-managed permissions] The AWS Organizations accounts for which to + // create stack instances in the specified Regions. + // + // You can specify Accounts or DeploymentTargets, but not both. + DeploymentTargets *DeploymentTargets `type:"structure"` // The unique identifier for this stack set operation. // @@ -6578,9 +6625,6 @@ func (s CreateStackInstancesInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateStackInstancesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateStackInstancesInput"} - if s.Accounts == nil { - invalidParams.Add(request.NewErrParamRequired("Accounts")) - } if s.OperationId != nil && len(*s.OperationId) < 1 { invalidParams.Add(request.NewErrParamMinLen("OperationId", 1)) } @@ -6608,6 +6652,12 @@ func (s *CreateStackInstancesInput) SetAccounts(v []*string) *CreateStackInstanc return s } +// SetDeploymentTargets sets the DeploymentTargets field's value. +func (s *CreateStackInstancesInput) SetDeploymentTargets(v *DeploymentTargets) *CreateStackInstancesInput { + s.DeploymentTargets = v + return s +} + // SetOperationId sets the OperationId field's value. func (s *CreateStackInstancesInput) SetOperationId(v string) *CreateStackInstancesInput { s.OperationId = &v @@ -6698,6 +6748,13 @@ type CreateStackSetInput struct { // in the AWS CloudFormation User Guide. AdministrationRoleARN *string `min:"20" type:"string"` + // Describes whether StackSets automatically deploys to AWS Organizations accounts + // that are added to the target organization or organizational unit (OU). Specify + // only if PermissionModel is SERVICE_MANAGED. + // + // If you specify AutoDeployment, do not specify DeploymentTargets or Regions. + AutoDeployment *AutoDeployment `type:"structure"` + // In some cases, you must explicitly acknowledge that your stack set template // contains certain capabilities in order for AWS CloudFormation to create the // stack set and related stack instances. @@ -6761,6 +6818,19 @@ type CreateStackSetInput struct { // The input parameters for the stack set template. Parameters []*Parameter `type:"list"` + // Describes how the IAM roles required for stack set operations are created. + // By default, SELF-MANAGED is specified. + // + // * With self-managed permissions, you must create the administrator and + // execution roles required to deploy to target accounts. For more information, + // see Grant Self-Managed Stack Set Permissions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html). + // + // * With service-managed permissions, StackSets automatically creates the + // IAM roles required to deploy to accounts managed by AWS Organizations. + // For more information, see Grant Service-Managed Stack Set Permissions + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-service-managed.html). + PermissionModel *string `type:"string" enum:"PermissionModels"` + // The name to associate with the stack set. The name must be unique in the // region where you create your stack set. // @@ -6857,6 +6927,12 @@ func (s *CreateStackSetInput) SetAdministrationRoleARN(v string) *CreateStackSet return s } +// SetAutoDeployment sets the AutoDeployment field's value. +func (s *CreateStackSetInput) SetAutoDeployment(v *AutoDeployment) *CreateStackSetInput { + s.AutoDeployment = v + return s +} + // SetCapabilities sets the Capabilities field's value. func (s *CreateStackSetInput) SetCapabilities(v []*string) *CreateStackSetInput { s.Capabilities = v @@ -6887,6 +6963,12 @@ func (s *CreateStackSetInput) SetParameters(v []*Parameter) *CreateStackSetInput return s } +// SetPermissionModel sets the PermissionModel field's value. +func (s *CreateStackSetInput) SetPermissionModel(v string) *CreateStackSetInput { + s.PermissionModel = &v + return s +} + // SetStackSetName sets the StackSetName field's value. func (s *CreateStackSetInput) SetStackSetName(v string) *CreateStackSetInput { s.StackSetName = &v @@ -7105,10 +7187,17 @@ func (s *DeleteStackInput) SetStackName(v string) *DeleteStackInput { type DeleteStackInstancesInput struct { _ struct{} `type:"structure"` - // The names of the AWS accounts that you want to delete stack instances for. + // [Self-managed permissions] The names of the AWS accounts that you want to + // delete stack instances for. // - // Accounts is a required field - Accounts []*string `type:"list" required:"true"` + // You can specify Accounts or DeploymentTargets, but not both. + Accounts []*string `type:"list"` + + // [Service-managed permissions] The AWS Organizations accounts from which to + // delete stack instances. + // + // You can specify Accounts or DeploymentTargets, but not both. + DeploymentTargets *DeploymentTargets `type:"structure"` // The unique identifier for this stack set operation. // @@ -7160,9 +7249,6 @@ func (s DeleteStackInstancesInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteStackInstancesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteStackInstancesInput"} - if s.Accounts == nil { - invalidParams.Add(request.NewErrParamRequired("Accounts")) - } if s.OperationId != nil && len(*s.OperationId) < 1 { invalidParams.Add(request.NewErrParamMinLen("OperationId", 1)) } @@ -7193,6 +7279,12 @@ func (s *DeleteStackInstancesInput) SetAccounts(v []*string) *DeleteStackInstanc return s } +// SetDeploymentTargets sets the DeploymentTargets field's value. +func (s *DeleteStackInstancesInput) SetDeploymentTargets(v *DeploymentTargets) *DeleteStackInstancesInput { + s.DeploymentTargets = v + return s +} + // SetOperationId sets the OperationId field's value. func (s *DeleteStackInstancesInput) SetOperationId(v string) *DeleteStackInstancesInput { s.OperationId = &v @@ -7313,22 +7405,63 @@ func (s DeleteStackSetOutput) GoString() string { return s.String() } +// [Service-managed permissions] The AWS Organizations accounts to which StackSets +// deploys. +// +// For update operations, you can specify either Accounts or OrganizationalUnitIds. +// For create and delete operations, specify OrganizationalUnitIds. +type DeploymentTargets struct { + _ struct{} `type:"structure"` + + // The names of one or more AWS accounts for which you want to deploy stack + // set updates. + Accounts []*string `type:"list"` + + // The organization root ID or organizational unit (OUs) IDs to which StackSets + // deploys. + OrganizationalUnitIds []*string `type:"list"` +} + +// String returns the string representation +func (s DeploymentTargets) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeploymentTargets) GoString() string { + return s.String() +} + +// SetAccounts sets the Accounts field's value. +func (s *DeploymentTargets) SetAccounts(v []*string) *DeploymentTargets { + s.Accounts = v + return s +} + +// SetOrganizationalUnitIds sets the OrganizationalUnitIds field's value. +func (s *DeploymentTargets) SetOrganizationalUnitIds(v []*string) *DeploymentTargets { + s.OrganizationalUnitIds = v + return s +} + type DeregisterTypeInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. Arn *string `type:"string"` // The kind of type. // // Currently the only valid value is RESOURCE. + // + // Conditional: You must specify either TypeName and Type, or Arn. Type *string `type:"string" enum:"RegistryType"` // The name of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeName *string `min:"10" type:"string"` // The ID of a specific version of the type. The version ID is the value at @@ -8603,17 +8736,19 @@ type DescribeTypeInput struct { // The Amazon Resource Name (ARN) of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. Arn *string `type:"string"` // The kind of type. // // Currently the only valid value is RESOURCE. + // + // Conditional: You must specify either TypeName and Type, or Arn. Type *string `type:"string" enum:"RegistryType"` // The name of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeName *string `min:"10" type:"string"` // The ID of a specific version of the type. The version ID is the value at @@ -10726,21 +10861,25 @@ type ListTypeRegistrationsInput struct { NextToken *string `min:"1" type:"string"` // The current status of the type registration request. + // + // The default is IN_PROGRESS. RegistrationStatusFilter *string `type:"string" enum:"RegistrationStatus"` // The kind of type. // // Currently the only valid value is RESOURCE. + // + // Conditional: You must specify either TypeName and Type, or Arn. Type *string `type:"string" enum:"RegistryType"` // The Amazon Resource Name (ARN) of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeArn *string `type:"string"` // The name of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeName *string `min:"10" type:"string"` } @@ -10853,7 +10992,7 @@ type ListTypeVersionsInput struct { // The Amazon Resource Name (ARN) of the type for which you want version summary // information. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. Arn *string `type:"string"` // The deprecation status of the type versions that you want to get summary @@ -10866,6 +11005,8 @@ type ListTypeVersionsInput struct { // // * DEPRECATED: The type version has been deregistered and can no longer // be used in CloudFormation operations. + // + // The default is LIVE. DeprecatedStatus *string `type:"string" enum:"DeprecatedStatus"` // The maximum number of results to be returned with a single call. If the number @@ -10884,11 +11025,13 @@ type ListTypeVersionsInput struct { // The kind of the type. // // Currently the only valid value is RESOURCE. + // + // Conditional: You must specify either TypeName and Type, or Arn. Type *string `type:"string" enum:"RegistryType"` // The name of the type for which you want version summary information. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeName *string `min:"10" type:"string"` } @@ -11046,6 +11189,8 @@ type ListTypesInput struct { // // * PUBLIC: The type is publically visible and usable within any Amazon // account. + // + // The default is PRIVATE. Visibility *string `type:"string" enum:"Visibility"` } @@ -11668,6 +11813,12 @@ type RegisterTypeInput struct { // to register, see submit (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html) // in the CloudFormation CLI User Guide. // + // As part of registering a resource provider type, CloudFormation must be able + // to access the S3 bucket which contains the schema handler package for that + // resource provider. For more information, see IAM Permissions for Registering + // a Resource Provider (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html#registry-register-permissions) + // in the AWS CloudFormation User Guide. + // // SchemaHandlerPackage is a required field SchemaHandlerPackage *string `min:"1" type:"string" required:"true"` @@ -12410,15 +12561,17 @@ type SetTypeDefaultVersionInput struct { // The Amazon Resource Name (ARN) of the type for which you want version summary // information. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. Arn *string `type:"string"` // The kind of type. + // + // Conditional: You must specify either TypeName and Type, or Arn. Type *string `type:"string" enum:"RegistryType"` // The name of the type. // - // Conditional: You must specify TypeName or Arn. + // Conditional: You must specify either TypeName and Type, or Arn. TypeName *string `min:"10" type:"string"` // The ID of a specific version of the type. The version ID is the value at @@ -13093,7 +13246,8 @@ func (s *StackEvent) SetTimestamp(v time.Time) *StackEvent { type StackInstance struct { _ struct{} `type:"structure"` - // The name of the AWS account that the stack instance is associated with. + // [Self-managed permissions] The name of the AWS account that the stack instance + // is associated with. Account *string `type:"string"` // Status of the stack instance's actual configuration compared to the expected @@ -13118,6 +13272,10 @@ type StackInstance struct { // which drift detection has not yet been performed. LastDriftCheckTimestamp *time.Time `type:"timestamp"` + // [Service-managed permissions] The organization root ID or organizational + // unit (OU) ID that the stack instance is associated with. + OrganizationalUnitId *string `type:"string"` + // A list of parameters from the stack set template whose values have been overridden // in this stack instance. ParameterOverrides []*Parameter `type:"list"` @@ -13182,6 +13340,12 @@ func (s *StackInstance) SetLastDriftCheckTimestamp(v time.Time) *StackInstance { return s } +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *StackInstance) SetOrganizationalUnitId(v string) *StackInstance { + s.OrganizationalUnitId = &v + return s +} + // SetParameterOverrides sets the ParameterOverrides field's value. func (s *StackInstance) SetParameterOverrides(v []*Parameter) *StackInstance { s.ParameterOverrides = v @@ -13222,7 +13386,8 @@ func (s *StackInstance) SetStatusReason(v string) *StackInstance { type StackInstanceSummary struct { _ struct{} `type:"structure"` - // The name of the AWS account that the stack instance is associated with. + // [Self-managed permissions] The name of the AWS account that the stack instance + // is associated with. Account *string `type:"string"` // Status of the stack instance's actual configuration compared to the expected @@ -13247,6 +13412,10 @@ type StackInstanceSummary struct { // which drift detection has not yet been performed. LastDriftCheckTimestamp *time.Time `type:"timestamp"` + // [Service-managed permissions] The organization root ID or organizational + // unit (OU) ID that the stack instance is associated with. + OrganizationalUnitId *string `type:"string"` + // The name of the AWS region that the stack instance is associated with. Region *string `type:"string"` @@ -13306,6 +13475,12 @@ func (s *StackInstanceSummary) SetLastDriftCheckTimestamp(v time.Time) *StackIns return s } +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *StackInstanceSummary) SetOrganizationalUnitId(v string) *StackInstanceSummary { + s.OrganizationalUnitId = &v + return s +} + // SetRegion sets the Region field's value. func (s *StackInstanceSummary) SetRegion(v string) *StackInstanceSummary { s.Region = &v @@ -13949,6 +14124,11 @@ type StackSet struct { // in the AWS CloudFormation User Guide. AdministrationRoleARN *string `min:"20" type:"string"` + // [Service-managed permissions] Describes whether StackSets automatically deploys + // to AWS Organizations accounts that are added to a target organization or + // organizational unit (OU). + AutoDeployment *AutoDeployment `type:"structure"` + // The capabilities that are allowed in the stack set. Some stack set templates // might include resources that can affect permissions in your AWS account—for // example, by creating new AWS Identity and Access Management (IAM) users. @@ -13966,9 +14146,25 @@ type StackSet struct { // groups can include in their stack sets. ExecutionRoleName *string `min:"1" type:"string"` + // [Service-managed permissions] The organization root ID or organizational + // unit (OUs) IDs to which stacks in your stack set have been deployed. + OrganizationalUnitIds []*string `type:"list"` + // A list of input parameters for a stack set. Parameters []*Parameter `type:"list"` + // Describes how the IAM roles required for stack set operations are created. + // + // * With self-managed permissions, you must create the administrator and + // execution roles required to deploy to target accounts. For more information, + // see Grant Self-Managed Stack Set Permissions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html). + // + // * With service-managed permissions, StackSets automatically creates the + // IAM roles required to deploy to accounts managed by AWS Organizations. + // For more information, see Grant Service-Managed Stack Set Permissions + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-service-managed.html). + PermissionModel *string `type:"string" enum:"PermissionModels"` + // The Amazon Resource Number (ARN) of the stack set. StackSetARN *string `type:"string"` @@ -14013,6 +14209,12 @@ func (s *StackSet) SetAdministrationRoleARN(v string) *StackSet { return s } +// SetAutoDeployment sets the AutoDeployment field's value. +func (s *StackSet) SetAutoDeployment(v *AutoDeployment) *StackSet { + s.AutoDeployment = v + return s +} + // SetCapabilities sets the Capabilities field's value. func (s *StackSet) SetCapabilities(v []*string) *StackSet { s.Capabilities = v @@ -14031,12 +14233,24 @@ func (s *StackSet) SetExecutionRoleName(v string) *StackSet { return s } +// SetOrganizationalUnitIds sets the OrganizationalUnitIds field's value. +func (s *StackSet) SetOrganizationalUnitIds(v []*string) *StackSet { + s.OrganizationalUnitIds = v + return s +} + // SetParameters sets the Parameters field's value. func (s *StackSet) SetParameters(v []*Parameter) *StackSet { s.Parameters = v return s } +// SetPermissionModel sets the PermissionModel field's value. +func (s *StackSet) SetPermissionModel(v string) *StackSet { + s.PermissionModel = &v + return s +} + // SetStackSetARN sets the StackSetARN field's value. func (s *StackSet) SetStackSetARN(v string) *StackSet { s.StackSetARN = &v @@ -14244,6 +14458,10 @@ type StackSetOperation struct { // before actually creating the first stacks. CreationTimestamp *time.Time `type:"timestamp"` + // [Service-managed permissions] The AWS Organizations accounts affected by + // the stack operation. + DeploymentTargets *DeploymentTargets `type:"structure"` + // The time at which the stack set operation ended, across all accounts and // regions specified. Note that this doesn't necessarily mean that the stack // set operation was successful, or even attempted, in each account or region. @@ -14291,6 +14509,11 @@ type StackSetOperation struct { // status of the operation as a whole to FAILED, and AWS CloudFormation cancels // the operation in any remaining regions. // + // * QUEUED: [Service-managed permissions] For automatic deployments that + // require a sequence of operations. The operation is queued to be performed. + // For more information, see the stack set operation status codes (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes) + // in the AWS CloudFormation User Guide. + // // * RUNNING: The operation is currently being performed. // // * STOPPED: The user has cancelled the operation. @@ -14330,6 +14553,12 @@ func (s *StackSetOperation) SetCreationTimestamp(v time.Time) *StackSetOperation return s } +// SetDeploymentTargets sets the DeploymentTargets field's value. +func (s *StackSetOperation) SetDeploymentTargets(v *DeploymentTargets) *StackSetOperation { + s.DeploymentTargets = v + return s +} + // SetEndTimestamp sets the EndTimestamp field's value. func (s *StackSetOperation) SetEndTimestamp(v time.Time) *StackSetOperation { s.EndTimestamp = &v @@ -14500,13 +14729,18 @@ func (s *StackSetOperationPreferences) SetRegionOrder(v []*string) *StackSetOper type StackSetOperationResultSummary struct { _ struct{} `type:"structure"` - // The name of the AWS account for this operation result. + // [Self-managed permissions] The name of the AWS account for this operation + // result. Account *string `type:"string"` // The results of the account gate function AWS CloudFormation invokes, if present, // before proceeding with stack set operations in an account AccountGateResult *AccountGateResult `type:"structure"` + // [Service-managed permissions] The organization root ID or organizational + // unit (OU) ID for this operation result. + OrganizationalUnitId *string `type:"string"` + // The name of the AWS region for this operation result. Region *string `type:"string"` @@ -14557,6 +14791,12 @@ func (s *StackSetOperationResultSummary) SetAccountGateResult(v *AccountGateResu return s } +// SetOrganizationalUnitId sets the OrganizationalUnitId field's value. +func (s *StackSetOperationResultSummary) SetOrganizationalUnitId(v string) *StackSetOperationResultSummary { + s.OrganizationalUnitId = &v + return s +} + // SetRegion sets the Region field's value. func (s *StackSetOperationResultSummary) SetRegion(v string) *StackSetOperationResultSummary { s.Region = &v @@ -14610,6 +14850,11 @@ type StackSetOperationSummary struct { // status of the operation as a whole to FAILED, and AWS CloudFormation cancels // the operation in any remaining regions. // + // * QUEUED: [Service-managed permissions] For automatic deployments that + // require a sequence of operations. The operation is queued to be performed. + // For more information, see the stack set operation status codes (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes) + // in the AWS CloudFormation User Guide. + // // * RUNNING: The operation is currently being performed. // // * STOPPED: The user has cancelled the operation. @@ -14666,6 +14911,11 @@ func (s *StackSetOperationSummary) SetStatus(v string) *StackSetOperationSummary type StackSetSummary struct { _ struct{} `type:"structure"` + // [Service-managed permissions] Describes whether StackSets automatically deploys + // to AWS Organizations accounts that are added to a target organizational unit + // (OU). + AutoDeployment *AutoDeployment `type:"structure"` + // A description of the stack set that you specify when the stack set is created // or updated. Description *string `min:"1" type:"string"` @@ -14693,6 +14943,18 @@ type StackSetSummary struct { // detection has not yet been performed. LastDriftCheckTimestamp *time.Time `type:"timestamp"` + // Describes how the IAM roles required for stack set operations are created. + // + // * With self-managed permissions, you must create the administrator and + // execution roles required to deploy to target accounts. For more information, + // see Grant Self-Managed Stack Set Permissions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html). + // + // * With service-managed permissions, StackSets automatically creates the + // IAM roles required to deploy to accounts managed by AWS Organizations. + // For more information, see Grant Service-Managed Stack Set Permissions + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-service-managed.html). + PermissionModel *string `type:"string" enum:"PermissionModels"` + // The ID of the stack set. StackSetId *string `type:"string"` @@ -14713,6 +14975,12 @@ func (s StackSetSummary) GoString() string { return s.String() } +// SetAutoDeployment sets the AutoDeployment field's value. +func (s *StackSetSummary) SetAutoDeployment(v *AutoDeployment) *StackSetSummary { + s.AutoDeployment = v + return s +} + // SetDescription sets the Description field's value. func (s *StackSetSummary) SetDescription(v string) *StackSetSummary { s.Description = &v @@ -14731,6 +14999,12 @@ func (s *StackSetSummary) SetLastDriftCheckTimestamp(v time.Time) *StackSetSumma return s } +// SetPermissionModel sets the PermissionModel field's value. +func (s *StackSetSummary) SetPermissionModel(v string) *StackSetSummary { + s.PermissionModel = &v + return s +} + // SetStackSetId sets the StackSetId field's value. func (s *StackSetSummary) SetStackSetId(v string) *StackSetSummary { s.StackSetId = &v @@ -15554,12 +15828,22 @@ func (s *UpdateStackInput) SetUsePreviousTemplate(v bool) *UpdateStackInput { type UpdateStackInstancesInput struct { _ struct{} `type:"structure"` - // The names of one or more AWS accounts for which you want to update parameter - // values for stack instances. The overridden parameter values will be applied - // to all stack instances in the specified accounts and regions. + // [Self-managed permissions] The names of one or more AWS accounts for which + // you want to update parameter values for stack instances. The overridden parameter + // values will be applied to all stack instances in the specified accounts and + // regions. // - // Accounts is a required field - Accounts []*string `type:"list" required:"true"` + // You can specify Accounts or DeploymentTargets, but not both. + Accounts []*string `type:"list"` + + // [Service-managed permissions] The AWS Organizations accounts for which you + // want to update parameter values for stack instances. If your update targets + // OUs, the overridden parameter values only apply to the accounts that are + // currently in the target OUs and their child OUs. Accounts added to the target + // OUs and their child OUs in the future won't use the overridden values. + // + // You can specify Accounts or DeploymentTargets, but not both. + DeploymentTargets *DeploymentTargets `type:"structure"` // The unique identifier for this stack set operation. // @@ -15635,9 +15919,6 @@ func (s UpdateStackInstancesInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateStackInstancesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateStackInstancesInput"} - if s.Accounts == nil { - invalidParams.Add(request.NewErrParamRequired("Accounts")) - } if s.OperationId != nil && len(*s.OperationId) < 1 { invalidParams.Add(request.NewErrParamMinLen("OperationId", 1)) } @@ -15665,6 +15946,12 @@ func (s *UpdateStackInstancesInput) SetAccounts(v []*string) *UpdateStackInstanc return s } +// SetDeploymentTargets sets the DeploymentTargets field's value. +func (s *UpdateStackInstancesInput) SetDeploymentTargets(v *DeploymentTargets) *UpdateStackInstancesInput { + s.DeploymentTargets = v + return s +} + // SetOperationId sets the OperationId field's value. func (s *UpdateStackInstancesInput) SetOperationId(v string) *UpdateStackInstancesInput { s.OperationId = &v @@ -15745,9 +16032,9 @@ func (s *UpdateStackOutput) SetStackId(v string) *UpdateStackOutput { type UpdateStackSetInput struct { _ struct{} `type:"structure"` - // The accounts in which to update associated stack instances. If you specify - // accounts, you must also specify the regions in which to update stack set - // instances. + // [Self-managed permissions] The accounts in which to update associated stack + // instances. If you specify accounts, you must also specify the regions in + // which to update stack set instances. // // To update all the stack instances associated with this stack set, do not // specify the Accounts or Regions properties. @@ -15776,6 +16063,13 @@ type UpdateStackSetInput struct { // same customized administrator role used with this stack set previously. AdministrationRoleARN *string `min:"20" type:"string"` + // [Service-managed permissions] Describes whether StackSets automatically deploys + // to AWS Organizations accounts that are added to a target organization or + // organizational unit (OU). + // + // If you specify AutoDeployment, do not specify DeploymentTargets or Regions. + AutoDeployment *AutoDeployment `type:"structure"` + // In some cases, you must explicitly acknowledge that your stack template contains // certain capabilities in order for AWS CloudFormation to update the stack // set and its associated stack instances. @@ -15815,6 +16109,21 @@ type UpdateStackSetInput struct { // set operation will fail. Capabilities []*string `type:"list"` + // [Service-managed permissions] The AWS Organizations accounts in which to + // update associated stack instances. + // + // To update all the stack instances associated with this stack set, do not + // specify DeploymentTargets or Regions. + // + // If the stack set update includes changes to the template (that is, if TemplateBody + // or TemplateURL is specified), or the Parameters, AWS CloudFormation marks + // all stack instances with a status of OUTDATED prior to updating the stack + // instances in the specified accounts and Regions. If the stack set update + // does not include changes to the template or parameters, AWS CloudFormation + // updates the stack instances in the specified accounts and Regions, while + // leaving all other stack instances with their existing stack instance status. + DeploymentTargets *DeploymentTargets `type:"structure"` + // A brief description of updates that you are making. Description *string `min:"1" type:"string"` @@ -15851,6 +16160,20 @@ type UpdateStackSetInput struct { // A list of input parameters for the stack set template. Parameters []*Parameter `type:"list"` + // Describes how the IAM roles required for stack set operations are created. + // You cannot modify PermissionModel if there are stack instances associated + // with your stack set. + // + // * With self-managed permissions, you must create the administrator and + // execution roles required to deploy to target accounts. For more information, + // see Grant Self-Managed Stack Set Permissions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html). + // + // * With service-managed permissions, StackSets automatically creates the + // IAM roles required to deploy to accounts managed by AWS Organizations. + // For more information, see Grant Service-Managed Stack Set Permissions + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-service-managed.html). + PermissionModel *string `type:"string" enum:"PermissionModels"` + // The regions in which to update associated stack instances. If you specify // regions, you must also specify accounts in which to update stack set instances. // @@ -15995,12 +16318,24 @@ func (s *UpdateStackSetInput) SetAdministrationRoleARN(v string) *UpdateStackSet return s } +// SetAutoDeployment sets the AutoDeployment field's value. +func (s *UpdateStackSetInput) SetAutoDeployment(v *AutoDeployment) *UpdateStackSetInput { + s.AutoDeployment = v + return s +} + // SetCapabilities sets the Capabilities field's value. func (s *UpdateStackSetInput) SetCapabilities(v []*string) *UpdateStackSetInput { s.Capabilities = v return s } +// SetDeploymentTargets sets the DeploymentTargets field's value. +func (s *UpdateStackSetInput) SetDeploymentTargets(v *DeploymentTargets) *UpdateStackSetInput { + s.DeploymentTargets = v + return s +} + // SetDescription sets the Description field's value. func (s *UpdateStackSetInput) SetDescription(v string) *UpdateStackSetInput { s.Description = &v @@ -16031,6 +16366,12 @@ func (s *UpdateStackSetInput) SetParameters(v []*Parameter) *UpdateStackSetInput return s } +// SetPermissionModel sets the PermissionModel field's value. +func (s *UpdateStackSetInput) SetPermissionModel(v string) *UpdateStackSetInput { + s.PermissionModel = &v + return s +} + // SetRegions sets the Regions field's value. func (s *UpdateStackSetInput) SetRegions(v []*string) *UpdateStackSetInput { s.Regions = v @@ -16500,6 +16841,14 @@ const ( OperationStatusFailed = "FAILED" ) +const ( + // PermissionModelsServiceManaged is a PermissionModels enum value + PermissionModelsServiceManaged = "SERVICE_MANAGED" + + // PermissionModelsSelfManaged is a PermissionModels enum value + PermissionModelsSelfManaged = "SELF_MANAGED" +) + const ( // ProvisioningTypeNonProvisionable is a ProvisioningType enum value ProvisioningTypeNonProvisionable = "NON_PROVISIONABLE" @@ -16751,6 +17100,9 @@ const ( // StackSetOperationStatusStopped is a StackSetOperationStatus enum value StackSetOperationStatusStopped = "STOPPED" + + // StackSetOperationStatusQueued is a StackSetOperationStatus enum value + StackSetOperationStatusQueued = "QUEUED" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/service.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/service.go index 24945e65b2..33748e5d2f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "cloudformation" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "CloudFormation" // ServiceID is a unique identifer of a specific service. + ServiceID = "CloudFormation" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the CloudFormation client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index fb036c0801..318a89c530 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -88,6 +88,81 @@ func (c *EC2) AcceptReservedInstancesExchangeQuoteWithContext(ctx aws.Context, i return out, req.Send() } +const opAcceptTransitGatewayPeeringAttachment = "AcceptTransitGatewayPeeringAttachment" + +// AcceptTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the +// client's request for the AcceptTransitGatewayPeeringAttachment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AcceptTransitGatewayPeeringAttachment for more information on using the AcceptTransitGatewayPeeringAttachment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AcceptTransitGatewayPeeringAttachmentRequest method. +// req, resp := client.AcceptTransitGatewayPeeringAttachmentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptTransitGatewayPeeringAttachment +func (c *EC2) AcceptTransitGatewayPeeringAttachmentRequest(input *AcceptTransitGatewayPeeringAttachmentInput) (req *request.Request, output *AcceptTransitGatewayPeeringAttachmentOutput) { + op := &request.Operation{ + Name: opAcceptTransitGatewayPeeringAttachment, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AcceptTransitGatewayPeeringAttachmentInput{} + } + + output = &AcceptTransitGatewayPeeringAttachmentOutput{} + req = c.newRequest(op, input, output) + return +} + +// AcceptTransitGatewayPeeringAttachment API operation for Amazon Elastic Compute Cloud. +// +// Accepts a transit gateway peering attachment request. The peering attachment +// must be in the pendingAcceptance state. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AcceptTransitGatewayPeeringAttachment for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptTransitGatewayPeeringAttachment +func (c *EC2) AcceptTransitGatewayPeeringAttachment(input *AcceptTransitGatewayPeeringAttachmentInput) (*AcceptTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.AcceptTransitGatewayPeeringAttachmentRequest(input) + return out, req.Send() +} + +// AcceptTransitGatewayPeeringAttachmentWithContext is the same as AcceptTransitGatewayPeeringAttachment with the addition of +// the ability to pass a context and additional request options. +// +// See AcceptTransitGatewayPeeringAttachment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AcceptTransitGatewayPeeringAttachmentWithContext(ctx aws.Context, input *AcceptTransitGatewayPeeringAttachmentInput, opts ...request.Option) (*AcceptTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.AcceptTransitGatewayPeeringAttachmentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAcceptTransitGatewayVpcAttachment = "AcceptTransitGatewayVpcAttachment" // AcceptTransitGatewayVpcAttachmentRequest generates a "aws/request.Request" representing the @@ -365,8 +440,8 @@ func (c *EC2) AdvertiseByoipCidrRequest(input *AdvertiseByoipCidrInput) (req *re // AdvertiseByoipCidr API operation for Amazon Elastic Compute Cloud. // -// Advertises an IPv4 address range that is provisioned for use with your AWS -// resources through bring your own IP addresses (BYOIP). +// Advertises an IPv4 or IPv6 address range that is provisioned for use with +// your AWS resources through bring your own IP addresses (BYOIP). // // You can perform this operation at most once every 10 seconds, even if you // specify different address ranges each time. @@ -551,8 +626,9 @@ func (c *EC2) AllocateHostsRequest(input *AllocateHostsInput) (req *request.Requ // AllocateHosts API operation for Amazon Elastic Compute Cloud. // -// Allocates a Dedicated Host to your account. At a minimum, specify the instance -// size type, Availability Zone, and quantity of hosts to allocate. +// Allocates a Dedicated Host to your account. At a minimum, specify the supported +// instance type or instance family, the Availability Zone in which to allocate +// the host, and the number of hosts to allocate. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -711,6 +787,9 @@ func (c *EC2) AssignIpv6AddressesRequest(input *AssignIpv6AddressesInput) (req * // Type (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) // in the Amazon Elastic Compute Cloud User Guide. // +// You must specify either the IPv6 addresses or the IPv6 address count in the +// request. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -802,6 +881,8 @@ func (c *EC2) AssignPrivateIpAddressesRequest(input *AssignPrivateIpAddressesInp // address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s // in the instance metadata to confirm that the remapping is complete. // +// You must specify either the IP addresses or the IP address count in the request. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -895,6 +976,9 @@ func (c *EC2) AssociateAddressRequest(input *AssociateAddressInput) (req *reques // an Elastic IP address with an instance or network interface that has an existing // Elastic IP address. // +// You cannot associate an Elastic IP address with an interface in a different +// network border group. +// // This is an idempotent operation. If you perform the operation more than once, // Amazon EC2 doesn't return an error, and you may be charged for each time // the Elastic IP address is remapped to the same instance. For more information, @@ -978,6 +1062,12 @@ func (c *EC2) AssociateClientVpnTargetNetworkRequest(input *AssociateClientVpnTa // Zone. We recommend that you associate at least two subnets to provide Availability // Zone redundancy. // +// If you specified a VPC when you created the Client VPN endpoint or if you +// have previous subnet associations, the specified subnet must be in the same +// VPC. To specify a subnet that's in a different VPC, you must first modify +// the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that's +// associated with it. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1211,11 +1301,12 @@ func (c *EC2) AssociateRouteTableRequest(input *AssociateRouteTableInput) (req * // AssociateRouteTable API operation for Amazon Elastic Compute Cloud. // -// Associates a subnet with a route table. The subnet and route table must be -// in the same VPC. This association causes traffic originating from the subnet -// to be routed according to the routes in the route table. The action returns -// an association ID, which you need in order to disassociate the route table -// from the subnet later. A route table can be associated with multiple subnets. +// Associates a subnet in your VPC or an internet gateway or virtual private +// gateway attached to your VPC with a route table in your VPC. This association +// causes traffic from the subnet or gateway to be routed according to the routes +// in the route table. The action returns an association ID, which you need +// in order to disassociate the route table later. A route table can be associated +// with multiple subnets. // // For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. @@ -1324,6 +1415,85 @@ func (c *EC2) AssociateSubnetCidrBlockWithContext(ctx aws.Context, input *Associ return out, req.Send() } +const opAssociateTransitGatewayMulticastDomain = "AssociateTransitGatewayMulticastDomain" + +// AssociateTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the +// client's request for the AssociateTransitGatewayMulticastDomain operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateTransitGatewayMulticastDomain for more information on using the AssociateTransitGatewayMulticastDomain +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateTransitGatewayMulticastDomainRequest method. +// req, resp := client.AssociateTransitGatewayMulticastDomainRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateTransitGatewayMulticastDomain +func (c *EC2) AssociateTransitGatewayMulticastDomainRequest(input *AssociateTransitGatewayMulticastDomainInput) (req *request.Request, output *AssociateTransitGatewayMulticastDomainOutput) { + op := &request.Operation{ + Name: opAssociateTransitGatewayMulticastDomain, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateTransitGatewayMulticastDomainInput{} + } + + output = &AssociateTransitGatewayMulticastDomainOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateTransitGatewayMulticastDomain API operation for Amazon Elastic Compute Cloud. +// +// Associates the specified subnets and transit gateway attachments with the +// specified transit gateway multicast domain. +// +// The transit gateway attachment must be in the available state before you +// can add a resource. Use DescribeTransitGatewayAttachments (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) +// to see the state of the attachment. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AssociateTransitGatewayMulticastDomain for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateTransitGatewayMulticastDomain +func (c *EC2) AssociateTransitGatewayMulticastDomain(input *AssociateTransitGatewayMulticastDomainInput) (*AssociateTransitGatewayMulticastDomainOutput, error) { + req, out := c.AssociateTransitGatewayMulticastDomainRequest(input) + return out, req.Send() +} + +// AssociateTransitGatewayMulticastDomainWithContext is the same as AssociateTransitGatewayMulticastDomain with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateTransitGatewayMulticastDomain for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AssociateTransitGatewayMulticastDomainWithContext(ctx aws.Context, input *AssociateTransitGatewayMulticastDomainInput, opts ...request.Option) (*AssociateTransitGatewayMulticastDomainOutput, error) { + req, out := c.AssociateTransitGatewayMulticastDomainRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateTransitGatewayRouteTable = "AssociateTransitGatewayRouteTable" // AssociateTransitGatewayRouteTableRequest generates a "aws/request.Request" representing the @@ -1444,8 +1614,13 @@ func (c *EC2) AssociateVpcCidrBlockRequest(input *AssociateVpcCidrBlockInput) (r // AssociateVpcCidrBlock API operation for Amazon Elastic Compute Cloud. // // Associates a CIDR block with your VPC. You can associate a secondary IPv4 -// CIDR block, or you can associate an Amazon-provided IPv6 CIDR block. The -// IPv6 CIDR block size is fixed at /56. +// CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from +// an IPv6 address pool that you provisioned through bring your own IP addresses +// (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). +// The IPv6 CIDR block size is fixed at /56. +// +// You must specify one of the following in the request: an IPv4 CIDR block, +// an IPv6 pool, or an Amazon-provided IPv6 CIDR block. // // For more information about associating CIDR blocks with your VPC and applicable // restrictions, see VPC and Subnet Sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) @@ -1609,9 +1784,10 @@ func (c *EC2) AttachInternetGatewayRequest(input *AttachInternetGatewayInput) (r // AttachInternetGateway API operation for Amazon Elastic Compute Cloud. // -// Attaches an internet gateway to a VPC, enabling connectivity between the -// internet and the VPC. For more information about your VPC and internet gateway, -// see the Amazon Virtual Private Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). +// Attaches an internet gateway or a virtual private gateway to a VPC, enabling +// connectivity between the internet and the VPC. For more information about +// your VPC and internet gateway, see the Amazon Virtual Private Cloud User +// Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4609,6 +4785,154 @@ func (c *EC2) CreateLaunchTemplateVersionWithContext(ctx aws.Context, input *Cre return out, req.Send() } +const opCreateLocalGatewayRoute = "CreateLocalGatewayRoute" + +// CreateLocalGatewayRouteRequest generates a "aws/request.Request" representing the +// client's request for the CreateLocalGatewayRoute operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateLocalGatewayRoute for more information on using the CreateLocalGatewayRoute +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateLocalGatewayRouteRequest method. +// req, resp := client.CreateLocalGatewayRouteRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLocalGatewayRoute +func (c *EC2) CreateLocalGatewayRouteRequest(input *CreateLocalGatewayRouteInput) (req *request.Request, output *CreateLocalGatewayRouteOutput) { + op := &request.Operation{ + Name: opCreateLocalGatewayRoute, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateLocalGatewayRouteInput{} + } + + output = &CreateLocalGatewayRouteOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateLocalGatewayRoute API operation for Amazon Elastic Compute Cloud. +// +// Creates a static route for the specified local gateway route table. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateLocalGatewayRoute for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLocalGatewayRoute +func (c *EC2) CreateLocalGatewayRoute(input *CreateLocalGatewayRouteInput) (*CreateLocalGatewayRouteOutput, error) { + req, out := c.CreateLocalGatewayRouteRequest(input) + return out, req.Send() +} + +// CreateLocalGatewayRouteWithContext is the same as CreateLocalGatewayRoute with the addition of +// the ability to pass a context and additional request options. +// +// See CreateLocalGatewayRoute for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateLocalGatewayRouteWithContext(ctx aws.Context, input *CreateLocalGatewayRouteInput, opts ...request.Option) (*CreateLocalGatewayRouteOutput, error) { + req, out := c.CreateLocalGatewayRouteRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateLocalGatewayRouteTableVpcAssociation = "CreateLocalGatewayRouteTableVpcAssociation" + +// CreateLocalGatewayRouteTableVpcAssociationRequest generates a "aws/request.Request" representing the +// client's request for the CreateLocalGatewayRouteTableVpcAssociation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateLocalGatewayRouteTableVpcAssociation for more information on using the CreateLocalGatewayRouteTableVpcAssociation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateLocalGatewayRouteTableVpcAssociationRequest method. +// req, resp := client.CreateLocalGatewayRouteTableVpcAssociationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLocalGatewayRouteTableVpcAssociation +func (c *EC2) CreateLocalGatewayRouteTableVpcAssociationRequest(input *CreateLocalGatewayRouteTableVpcAssociationInput) (req *request.Request, output *CreateLocalGatewayRouteTableVpcAssociationOutput) { + op := &request.Operation{ + Name: opCreateLocalGatewayRouteTableVpcAssociation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateLocalGatewayRouteTableVpcAssociationInput{} + } + + output = &CreateLocalGatewayRouteTableVpcAssociationOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateLocalGatewayRouteTableVpcAssociation API operation for Amazon Elastic Compute Cloud. +// +// Associates the specified VPC with the specified local gateway route table. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateLocalGatewayRouteTableVpcAssociation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateLocalGatewayRouteTableVpcAssociation +func (c *EC2) CreateLocalGatewayRouteTableVpcAssociation(input *CreateLocalGatewayRouteTableVpcAssociationInput) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error) { + req, out := c.CreateLocalGatewayRouteTableVpcAssociationRequest(input) + return out, req.Send() +} + +// CreateLocalGatewayRouteTableVpcAssociationWithContext is the same as CreateLocalGatewayRouteTableVpcAssociation with the addition of +// the ability to pass a context and additional request options. +// +// See CreateLocalGatewayRouteTableVpcAssociation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateLocalGatewayRouteTableVpcAssociationWithContext(ctx aws.Context, input *CreateLocalGatewayRouteTableVpcAssociationInput, opts ...request.Option) (*CreateLocalGatewayRouteTableVpcAssociationOutput, error) { + req, out := c.CreateLocalGatewayRouteTableVpcAssociationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateNatGateway = "CreateNatGateway" // CreateNatGatewayRequest generates a "aws/request.Request" representing the @@ -5244,7 +5568,7 @@ func (c *EC2) CreateRouteRequest(input *CreateRouteInput) (req *request.Request, // // You must specify one of the following targets: internet gateway or virtual // private gateway, NAT instance, NAT gateway, VPC peering connection, network -// interface, or egress-only internet gateway. +// interface, egress-only internet gateway, or transit gateway. // // When determining how to route traffic, we use the route with the most specific // match. For example, traffic is destined for the IPv4 address 192.0.2.3, and @@ -6331,6 +6655,164 @@ func (c *EC2) CreateTransitGatewayWithContext(ctx aws.Context, input *CreateTran return out, req.Send() } +const opCreateTransitGatewayMulticastDomain = "CreateTransitGatewayMulticastDomain" + +// CreateTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the +// client's request for the CreateTransitGatewayMulticastDomain operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTransitGatewayMulticastDomain for more information on using the CreateTransitGatewayMulticastDomain +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTransitGatewayMulticastDomainRequest method. +// req, resp := client.CreateTransitGatewayMulticastDomainRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMulticastDomain +func (c *EC2) CreateTransitGatewayMulticastDomainRequest(input *CreateTransitGatewayMulticastDomainInput) (req *request.Request, output *CreateTransitGatewayMulticastDomainOutput) { + op := &request.Operation{ + Name: opCreateTransitGatewayMulticastDomain, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTransitGatewayMulticastDomainInput{} + } + + output = &CreateTransitGatewayMulticastDomainOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTransitGatewayMulticastDomain API operation for Amazon Elastic Compute Cloud. +// +// Creates a multicast domain using the specified transit gateway. +// +// The transit gateway must be in the available state before you create a domain. +// Use DescribeTransitGateways (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html) +// to see the state of transit gateway. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTransitGatewayMulticastDomain for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayMulticastDomain +func (c *EC2) CreateTransitGatewayMulticastDomain(input *CreateTransitGatewayMulticastDomainInput) (*CreateTransitGatewayMulticastDomainOutput, error) { + req, out := c.CreateTransitGatewayMulticastDomainRequest(input) + return out, req.Send() +} + +// CreateTransitGatewayMulticastDomainWithContext is the same as CreateTransitGatewayMulticastDomain with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTransitGatewayMulticastDomain for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTransitGatewayMulticastDomainWithContext(ctx aws.Context, input *CreateTransitGatewayMulticastDomainInput, opts ...request.Option) (*CreateTransitGatewayMulticastDomainOutput, error) { + req, out := c.CreateTransitGatewayMulticastDomainRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTransitGatewayPeeringAttachment = "CreateTransitGatewayPeeringAttachment" + +// CreateTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the +// client's request for the CreateTransitGatewayPeeringAttachment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTransitGatewayPeeringAttachment for more information on using the CreateTransitGatewayPeeringAttachment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTransitGatewayPeeringAttachmentRequest method. +// req, resp := client.CreateTransitGatewayPeeringAttachmentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayPeeringAttachment +func (c *EC2) CreateTransitGatewayPeeringAttachmentRequest(input *CreateTransitGatewayPeeringAttachmentInput) (req *request.Request, output *CreateTransitGatewayPeeringAttachmentOutput) { + op := &request.Operation{ + Name: opCreateTransitGatewayPeeringAttachment, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTransitGatewayPeeringAttachmentInput{} + } + + output = &CreateTransitGatewayPeeringAttachmentOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTransitGatewayPeeringAttachment API operation for Amazon Elastic Compute Cloud. +// +// Requests a transit gateway peering attachment between the specified transit +// gateway (requester) and a peer transit gateway (accepter). The transit gateways +// must be in different Regions. The peer transit gateway can be in your account +// or a different AWS account. +// +// After you create the peering attachment, the owner of the accepter transit +// gateway must accept the attachment request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTransitGatewayPeeringAttachment for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayPeeringAttachment +func (c *EC2) CreateTransitGatewayPeeringAttachment(input *CreateTransitGatewayPeeringAttachmentInput) (*CreateTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.CreateTransitGatewayPeeringAttachmentRequest(input) + return out, req.Send() +} + +// CreateTransitGatewayPeeringAttachmentWithContext is the same as CreateTransitGatewayPeeringAttachment with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTransitGatewayPeeringAttachment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTransitGatewayPeeringAttachmentWithContext(ctx aws.Context, input *CreateTransitGatewayPeeringAttachmentInput, opts ...request.Option) (*CreateTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.CreateTransitGatewayPeeringAttachmentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateTransitGatewayRoute = "CreateTransitGatewayRoute" // CreateTransitGatewayRouteRequest generates a "aws/request.Request" representing the @@ -6703,9 +7185,10 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // make your VPC, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // -// You can optionally request an Amazon-provided IPv6 CIDR block for the VPC. -// The IPv6 CIDR block uses a /56 prefix length, and is allocated from Amazon's -// pool of IPv6 addresses. You cannot choose the IPv6 range for your VPC. +// You can optionally request an IPv6 CIDR block for the VPC. You can request +// an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, +// or an IPv6 CIDR block from an IPv6 address pool that you provisioned through +// bring your own IP addresses (BYOIP (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html)). // // By default, each instance you launch in the VPC has the default DHCP options, // which include only a default DNS server that we provide (AmazonProvidedDNS). @@ -6791,14 +7274,14 @@ func (c *EC2) CreateVpcEndpointRequest(input *CreateVpcEndpointInput) (req *requ // // Creates a VPC endpoint for a specified service. An endpoint enables you to // create a private connection between your VPC and the service. The service -// may be provided by AWS, an AWS Marketplace partner, or another AWS account. +// may be provided by AWS, an AWS Marketplace Partner, or another AWS account. // For more information, see VPC Endpoints (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) // in the Amazon Virtual Private Cloud User Guide. // // A gateway endpoint serves as a target for a route in your route table for // traffic destined for the AWS service. You can specify an endpoint policy -// to attach to the endpoint that will control access to the service from your -// VPC. You can also specify the VPC route tables that use the endpoint. +// to attach to the endpoint, which will control access to the service from +// your VPC. You can also specify the VPC route tables that use the endpoint. // // An interface endpoint is a network interface in your subnet that serves as // an endpoint for communicating with the specified service. You can specify @@ -6968,6 +7451,11 @@ func (c *EC2) CreateVpcEndpointServiceConfigurationRequest(input *CreateVpcEndpo // (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) // in the Amazon Virtual Private Cloud User Guide. // +// If you set the private DNS name, you must prove that you own the private +// DNS domain name. For more information, see VPC Endpoint Service Private DNS +// Name Verification (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html) +// in the Amazon Virtual Private Cloud User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -8249,6 +8737,154 @@ func (c *EC2) DeleteLaunchTemplateVersionsWithContext(ctx aws.Context, input *De return out, req.Send() } +const opDeleteLocalGatewayRoute = "DeleteLocalGatewayRoute" + +// DeleteLocalGatewayRouteRequest generates a "aws/request.Request" representing the +// client's request for the DeleteLocalGatewayRoute operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteLocalGatewayRoute for more information on using the DeleteLocalGatewayRoute +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteLocalGatewayRouteRequest method. +// req, resp := client.DeleteLocalGatewayRouteRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLocalGatewayRoute +func (c *EC2) DeleteLocalGatewayRouteRequest(input *DeleteLocalGatewayRouteInput) (req *request.Request, output *DeleteLocalGatewayRouteOutput) { + op := &request.Operation{ + Name: opDeleteLocalGatewayRoute, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteLocalGatewayRouteInput{} + } + + output = &DeleteLocalGatewayRouteOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteLocalGatewayRoute API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified route from the specified local gateway route table. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteLocalGatewayRoute for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLocalGatewayRoute +func (c *EC2) DeleteLocalGatewayRoute(input *DeleteLocalGatewayRouteInput) (*DeleteLocalGatewayRouteOutput, error) { + req, out := c.DeleteLocalGatewayRouteRequest(input) + return out, req.Send() +} + +// DeleteLocalGatewayRouteWithContext is the same as DeleteLocalGatewayRoute with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteLocalGatewayRoute for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteLocalGatewayRouteWithContext(ctx aws.Context, input *DeleteLocalGatewayRouteInput, opts ...request.Option) (*DeleteLocalGatewayRouteOutput, error) { + req, out := c.DeleteLocalGatewayRouteRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteLocalGatewayRouteTableVpcAssociation = "DeleteLocalGatewayRouteTableVpcAssociation" + +// DeleteLocalGatewayRouteTableVpcAssociationRequest generates a "aws/request.Request" representing the +// client's request for the DeleteLocalGatewayRouteTableVpcAssociation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteLocalGatewayRouteTableVpcAssociation for more information on using the DeleteLocalGatewayRouteTableVpcAssociation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteLocalGatewayRouteTableVpcAssociationRequest method. +// req, resp := client.DeleteLocalGatewayRouteTableVpcAssociationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLocalGatewayRouteTableVpcAssociation +func (c *EC2) DeleteLocalGatewayRouteTableVpcAssociationRequest(input *DeleteLocalGatewayRouteTableVpcAssociationInput) (req *request.Request, output *DeleteLocalGatewayRouteTableVpcAssociationOutput) { + op := &request.Operation{ + Name: opDeleteLocalGatewayRouteTableVpcAssociation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteLocalGatewayRouteTableVpcAssociationInput{} + } + + output = &DeleteLocalGatewayRouteTableVpcAssociationOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteLocalGatewayRouteTableVpcAssociation API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified association between a VPC and local gateway route table. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteLocalGatewayRouteTableVpcAssociation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteLocalGatewayRouteTableVpcAssociation +func (c *EC2) DeleteLocalGatewayRouteTableVpcAssociation(input *DeleteLocalGatewayRouteTableVpcAssociationInput) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error) { + req, out := c.DeleteLocalGatewayRouteTableVpcAssociationRequest(input) + return out, req.Send() +} + +// DeleteLocalGatewayRouteTableVpcAssociationWithContext is the same as DeleteLocalGatewayRouteTableVpcAssociation with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteLocalGatewayRouteTableVpcAssociation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteLocalGatewayRouteTableVpcAssociationWithContext(ctx aws.Context, input *DeleteLocalGatewayRouteTableVpcAssociationInput, opts ...request.Option) (*DeleteLocalGatewayRouteTableVpcAssociationOutput, error) { + req, out := c.DeleteLocalGatewayRouteTableVpcAssociationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteNatGateway = "DeleteNatGateway" // DeleteNatGatewayRequest generates a "aws/request.Request" representing the @@ -9708,6 +10344,154 @@ func (c *EC2) DeleteTransitGatewayWithContext(ctx aws.Context, input *DeleteTran return out, req.Send() } +const opDeleteTransitGatewayMulticastDomain = "DeleteTransitGatewayMulticastDomain" + +// DeleteTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTransitGatewayMulticastDomain operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTransitGatewayMulticastDomain for more information on using the DeleteTransitGatewayMulticastDomain +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTransitGatewayMulticastDomainRequest method. +// req, resp := client.DeleteTransitGatewayMulticastDomainRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMulticastDomain +func (c *EC2) DeleteTransitGatewayMulticastDomainRequest(input *DeleteTransitGatewayMulticastDomainInput) (req *request.Request, output *DeleteTransitGatewayMulticastDomainOutput) { + op := &request.Operation{ + Name: opDeleteTransitGatewayMulticastDomain, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTransitGatewayMulticastDomainInput{} + } + + output = &DeleteTransitGatewayMulticastDomainOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTransitGatewayMulticastDomain API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified transit gateway multicast domain. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTransitGatewayMulticastDomain for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayMulticastDomain +func (c *EC2) DeleteTransitGatewayMulticastDomain(input *DeleteTransitGatewayMulticastDomainInput) (*DeleteTransitGatewayMulticastDomainOutput, error) { + req, out := c.DeleteTransitGatewayMulticastDomainRequest(input) + return out, req.Send() +} + +// DeleteTransitGatewayMulticastDomainWithContext is the same as DeleteTransitGatewayMulticastDomain with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTransitGatewayMulticastDomain for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTransitGatewayMulticastDomainWithContext(ctx aws.Context, input *DeleteTransitGatewayMulticastDomainInput, opts ...request.Option) (*DeleteTransitGatewayMulticastDomainOutput, error) { + req, out := c.DeleteTransitGatewayMulticastDomainRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTransitGatewayPeeringAttachment = "DeleteTransitGatewayPeeringAttachment" + +// DeleteTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTransitGatewayPeeringAttachment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTransitGatewayPeeringAttachment for more information on using the DeleteTransitGatewayPeeringAttachment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTransitGatewayPeeringAttachmentRequest method. +// req, resp := client.DeleteTransitGatewayPeeringAttachmentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayPeeringAttachment +func (c *EC2) DeleteTransitGatewayPeeringAttachmentRequest(input *DeleteTransitGatewayPeeringAttachmentInput) (req *request.Request, output *DeleteTransitGatewayPeeringAttachmentOutput) { + op := &request.Operation{ + Name: opDeleteTransitGatewayPeeringAttachment, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTransitGatewayPeeringAttachmentInput{} + } + + output = &DeleteTransitGatewayPeeringAttachmentOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTransitGatewayPeeringAttachment API operation for Amazon Elastic Compute Cloud. +// +// Deletes a transit gateway peering attachment. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTransitGatewayPeeringAttachment for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayPeeringAttachment +func (c *EC2) DeleteTransitGatewayPeeringAttachment(input *DeleteTransitGatewayPeeringAttachmentInput) (*DeleteTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.DeleteTransitGatewayPeeringAttachmentRequest(input) + return out, req.Send() +} + +// DeleteTransitGatewayPeeringAttachmentWithContext is the same as DeleteTransitGatewayPeeringAttachment with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTransitGatewayPeeringAttachment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTransitGatewayPeeringAttachmentWithContext(ctx aws.Context, input *DeleteTransitGatewayPeeringAttachmentInput, opts ...request.Option) (*DeleteTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.DeleteTransitGatewayPeeringAttachmentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTransitGatewayRoute = "DeleteTransitGatewayRoute" // DeleteTransitGatewayRouteRequest generates a "aws/request.Request" representing the @@ -10605,11 +11389,10 @@ func (c *EC2) DeleteVpnGatewayRequest(input *DeleteVpnGatewayInput) (req *reques // DeleteVpnGateway API operation for Amazon Elastic Compute Cloud. // -// Deletes the specified virtual private gateway. We recommend that before you -// delete a virtual private gateway, you detach it from the VPC and delete the -// VPN connection. Note that you don't need to delete the virtual private gateway -// if you plan to delete and recreate the VPN connection between your VPC and -// your network. +// Deletes the specified virtual private gateway. You must first detach the +// virtual private gateway from the VPC. Note that you don't need to delete +// the virtual private gateway if you plan to delete and recreate the VPN connection +// between your VPC and your network. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10802,6 +11585,156 @@ func (c *EC2) DeregisterImageWithContext(ctx aws.Context, input *DeregisterImage return out, req.Send() } +const opDeregisterTransitGatewayMulticastGroupMembers = "DeregisterTransitGatewayMulticastGroupMembers" + +// DeregisterTransitGatewayMulticastGroupMembersRequest generates a "aws/request.Request" representing the +// client's request for the DeregisterTransitGatewayMulticastGroupMembers operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeregisterTransitGatewayMulticastGroupMembers for more information on using the DeregisterTransitGatewayMulticastGroupMembers +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeregisterTransitGatewayMulticastGroupMembersRequest method. +// req, resp := client.DeregisterTransitGatewayMulticastGroupMembersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterTransitGatewayMulticastGroupMembers +func (c *EC2) DeregisterTransitGatewayMulticastGroupMembersRequest(input *DeregisterTransitGatewayMulticastGroupMembersInput) (req *request.Request, output *DeregisterTransitGatewayMulticastGroupMembersOutput) { + op := &request.Operation{ + Name: opDeregisterTransitGatewayMulticastGroupMembers, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeregisterTransitGatewayMulticastGroupMembersInput{} + } + + output = &DeregisterTransitGatewayMulticastGroupMembersOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeregisterTransitGatewayMulticastGroupMembers API operation for Amazon Elastic Compute Cloud. +// +// Deregisters the specified members (network interfaces) from the transit gateway +// multicast group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeregisterTransitGatewayMulticastGroupMembers for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterTransitGatewayMulticastGroupMembers +func (c *EC2) DeregisterTransitGatewayMulticastGroupMembers(input *DeregisterTransitGatewayMulticastGroupMembersInput) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error) { + req, out := c.DeregisterTransitGatewayMulticastGroupMembersRequest(input) + return out, req.Send() +} + +// DeregisterTransitGatewayMulticastGroupMembersWithContext is the same as DeregisterTransitGatewayMulticastGroupMembers with the addition of +// the ability to pass a context and additional request options. +// +// See DeregisterTransitGatewayMulticastGroupMembers for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeregisterTransitGatewayMulticastGroupMembersWithContext(ctx aws.Context, input *DeregisterTransitGatewayMulticastGroupMembersInput, opts ...request.Option) (*DeregisterTransitGatewayMulticastGroupMembersOutput, error) { + req, out := c.DeregisterTransitGatewayMulticastGroupMembersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeregisterTransitGatewayMulticastGroupSources = "DeregisterTransitGatewayMulticastGroupSources" + +// DeregisterTransitGatewayMulticastGroupSourcesRequest generates a "aws/request.Request" representing the +// client's request for the DeregisterTransitGatewayMulticastGroupSources operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeregisterTransitGatewayMulticastGroupSources for more information on using the DeregisterTransitGatewayMulticastGroupSources +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeregisterTransitGatewayMulticastGroupSourcesRequest method. +// req, resp := client.DeregisterTransitGatewayMulticastGroupSourcesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterTransitGatewayMulticastGroupSources +func (c *EC2) DeregisterTransitGatewayMulticastGroupSourcesRequest(input *DeregisterTransitGatewayMulticastGroupSourcesInput) (req *request.Request, output *DeregisterTransitGatewayMulticastGroupSourcesOutput) { + op := &request.Operation{ + Name: opDeregisterTransitGatewayMulticastGroupSources, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeregisterTransitGatewayMulticastGroupSourcesInput{} + } + + output = &DeregisterTransitGatewayMulticastGroupSourcesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeregisterTransitGatewayMulticastGroupSources API operation for Amazon Elastic Compute Cloud. +// +// Deregisters the specified sources (network interfaces) from the transit gateway +// multicast group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeregisterTransitGatewayMulticastGroupSources for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeregisterTransitGatewayMulticastGroupSources +func (c *EC2) DeregisterTransitGatewayMulticastGroupSources(input *DeregisterTransitGatewayMulticastGroupSourcesInput) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error) { + req, out := c.DeregisterTransitGatewayMulticastGroupSourcesRequest(input) + return out, req.Send() +} + +// DeregisterTransitGatewayMulticastGroupSourcesWithContext is the same as DeregisterTransitGatewayMulticastGroupSources with the addition of +// the ability to pass a context and additional request options. +// +// See DeregisterTransitGatewayMulticastGroupSources for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeregisterTransitGatewayMulticastGroupSourcesWithContext(ctx aws.Context, input *DeregisterTransitGatewayMulticastGroupSourcesInput, opts ...request.Option) (*DeregisterTransitGatewayMulticastGroupSourcesOutput, error) { + req, out := c.DeregisterTransitGatewayMulticastGroupSourcesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeAccountAttributes = "DescribeAccountAttributes" // DescribeAccountAttributesRequest generates a "aws/request.Request" representing the @@ -10854,8 +11787,10 @@ func (c *EC2) DescribeAccountAttributesRequest(input *DescribeAccountAttributesI // // * default-vpc: The ID of the default VPC for your account, or none. // -// * max-instances: The maximum number of On-Demand Instances that you can -// run. +// * max-instances: This attribute is no longer supported. The returned value +// does not reflect your actual vCPU limit for running On-Demand Instances. +// For more information, see On-Demand Instance Limits (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits) +// in the Amazon Elastic Compute Cloud User Guide. // // * vpc-max-security-groups-per-interface: The maximum number of security // groups that you can assign to a network interface. @@ -11104,12 +12039,13 @@ func (c *EC2) DescribeAvailabilityZonesRequest(input *DescribeAvailabilityZonesI // DescribeAvailabilityZones API operation for Amazon Elastic Compute Cloud. // -// Describes the Availability Zones that are available to you. The results include -// zones only for the Region you're currently using. If there is an event impacting -// an Availability Zone, you can use this request to view the state and any -// provided message for that Availability Zone. +// Describes the Availability Zones and Local Zones that are available to you. +// If there is an event impacting an Availability Zone or Local Zone, you can +// use this request to view the state and any provided messages for that Availability +// Zone or Local Zone. // -// For more information, see Regions and Availability Zones (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html) +// For more information about Availability Zones and Local Zones, see Regions +// and Availability Zones (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11272,7 +12208,7 @@ func (c *EC2) DescribeByoipCidrsRequest(input *DescribeByoipCidrsInput) (req *re // Describes the IP address ranges that were specified in calls to ProvisionByoipCidr. // // To describe the address pools that were created when you provisioned the -// address ranges, use DescribePublicIpv4Pools. +// address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12283,6 +13219,139 @@ func (c *EC2) DescribeClientVpnTargetNetworksPagesWithContext(ctx aws.Context, i return p.Err() } +const opDescribeCoipPools = "DescribeCoipPools" + +// DescribeCoipPoolsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeCoipPools operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeCoipPools for more information on using the DescribeCoipPools +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeCoipPoolsRequest method. +// req, resp := client.DescribeCoipPoolsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCoipPools +func (c *EC2) DescribeCoipPoolsRequest(input *DescribeCoipPoolsInput) (req *request.Request, output *DescribeCoipPoolsOutput) { + op := &request.Operation{ + Name: opDescribeCoipPools, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeCoipPoolsInput{} + } + + output = &DescribeCoipPoolsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeCoipPools API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified customer-owned address pools or all of your customer-owned +// address pools. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeCoipPools for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeCoipPools +func (c *EC2) DescribeCoipPools(input *DescribeCoipPoolsInput) (*DescribeCoipPoolsOutput, error) { + req, out := c.DescribeCoipPoolsRequest(input) + return out, req.Send() +} + +// DescribeCoipPoolsWithContext is the same as DescribeCoipPools with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeCoipPools for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCoipPoolsWithContext(ctx aws.Context, input *DescribeCoipPoolsInput, opts ...request.Option) (*DescribeCoipPoolsOutput, error) { + req, out := c.DescribeCoipPoolsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeCoipPoolsPages iterates over the pages of a DescribeCoipPools operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeCoipPools method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeCoipPools operation. +// pageNum := 0 +// err := client.DescribeCoipPoolsPages(params, +// func(page *ec2.DescribeCoipPoolsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeCoipPoolsPages(input *DescribeCoipPoolsInput, fn func(*DescribeCoipPoolsOutput, bool) bool) error { + return c.DescribeCoipPoolsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeCoipPoolsPagesWithContext same as DescribeCoipPoolsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeCoipPoolsPagesWithContext(ctx aws.Context, input *DescribeCoipPoolsInput, fn func(*DescribeCoipPoolsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeCoipPoolsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeCoipPoolsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeCoipPoolsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeConversionTasks = "DescribeConversionTasks" // DescribeConversionTasksRequest generates a "aws/request.Request" representing the @@ -12812,6 +13881,12 @@ func (c *EC2) DescribeExportImageTasksRequest(input *DescribeExportImageTasksInp Name: opDescribeExportImageTasks, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -12855,6 +13930,58 @@ func (c *EC2) DescribeExportImageTasksWithContext(ctx aws.Context, input *Descri return out, req.Send() } +// DescribeExportImageTasksPages iterates over the pages of a DescribeExportImageTasks operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeExportImageTasks method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeExportImageTasks operation. +// pageNum := 0 +// err := client.DescribeExportImageTasksPages(params, +// func(page *ec2.DescribeExportImageTasksOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeExportImageTasksPages(input *DescribeExportImageTasksInput, fn func(*DescribeExportImageTasksOutput, bool) bool) error { + return c.DescribeExportImageTasksPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeExportImageTasksPagesWithContext same as DescribeExportImageTasksPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeExportImageTasksPagesWithContext(ctx aws.Context, input *DescribeExportImageTasksInput, fn func(*DescribeExportImageTasksOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeExportImageTasksInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeExportImageTasksRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeExportImageTasksOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeExportTasks = "DescribeExportTasks" // DescribeExportTasksRequest generates a "aws/request.Request" representing the @@ -12930,6 +14057,138 @@ func (c *EC2) DescribeExportTasksWithContext(ctx aws.Context, input *DescribeExp return out, req.Send() } +const opDescribeFastSnapshotRestores = "DescribeFastSnapshotRestores" + +// DescribeFastSnapshotRestoresRequest generates a "aws/request.Request" representing the +// client's request for the DescribeFastSnapshotRestores operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeFastSnapshotRestores for more information on using the DescribeFastSnapshotRestores +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeFastSnapshotRestoresRequest method. +// req, resp := client.DescribeFastSnapshotRestoresRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFastSnapshotRestores +func (c *EC2) DescribeFastSnapshotRestoresRequest(input *DescribeFastSnapshotRestoresInput) (req *request.Request, output *DescribeFastSnapshotRestoresOutput) { + op := &request.Operation{ + Name: opDescribeFastSnapshotRestores, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeFastSnapshotRestoresInput{} + } + + output = &DescribeFastSnapshotRestoresOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeFastSnapshotRestores API operation for Amazon Elastic Compute Cloud. +// +// Describes the state of fast snapshot restores for your snapshots. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeFastSnapshotRestores for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeFastSnapshotRestores +func (c *EC2) DescribeFastSnapshotRestores(input *DescribeFastSnapshotRestoresInput) (*DescribeFastSnapshotRestoresOutput, error) { + req, out := c.DescribeFastSnapshotRestoresRequest(input) + return out, req.Send() +} + +// DescribeFastSnapshotRestoresWithContext is the same as DescribeFastSnapshotRestores with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeFastSnapshotRestores for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeFastSnapshotRestoresWithContext(ctx aws.Context, input *DescribeFastSnapshotRestoresInput, opts ...request.Option) (*DescribeFastSnapshotRestoresOutput, error) { + req, out := c.DescribeFastSnapshotRestoresRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeFastSnapshotRestoresPages iterates over the pages of a DescribeFastSnapshotRestores operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeFastSnapshotRestores method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeFastSnapshotRestores operation. +// pageNum := 0 +// err := client.DescribeFastSnapshotRestoresPages(params, +// func(page *ec2.DescribeFastSnapshotRestoresOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeFastSnapshotRestoresPages(input *DescribeFastSnapshotRestoresInput, fn func(*DescribeFastSnapshotRestoresOutput, bool) bool) error { + return c.DescribeFastSnapshotRestoresPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeFastSnapshotRestoresPagesWithContext same as DescribeFastSnapshotRestoresPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeFastSnapshotRestoresPagesWithContext(ctx aws.Context, input *DescribeFastSnapshotRestoresInput, fn func(*DescribeFastSnapshotRestoresOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeFastSnapshotRestoresInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeFastSnapshotRestoresRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeFastSnapshotRestoresOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeFleetHistory = "DescribeFleetHistory" // DescribeFleetHistoryRequest generates a "aws/request.Request" representing the @@ -12976,6 +14235,10 @@ func (c *EC2) DescribeFleetHistoryRequest(input *DescribeFleetHistoryInput) (req // // Describes the events for the specified EC2 Fleet during the specified time. // +// EC2 Fleet events are delayed by up to 30 seconds before they can be described. +// This ensures that you can query by the last evaluated time and not miss a +// recorded event. EC2 Fleet events are available for 48 hours. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -13128,7 +14391,7 @@ func (c *EC2) DescribeFleetsRequest(input *DescribeFleetsInput) (req *request.Re // DescribeFleets API operation for Amazon Elastic Compute Cloud. // -// Describes the specified EC2 Fleets or all your EC2 Fleets. +// Describes the specified EC2 Fleets or all of your EC2 Fleets. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13604,8 +14867,8 @@ func (c *EC2) DescribeHostReservationOfferingsRequest(input *DescribeHostReserva // // Describes the Dedicated Host reservations that are available to purchase. // -// The results describe all the Dedicated Host reservation offerings, including -// offerings that may not match the instance family and Region of your Dedicated +// The results describe all of the Dedicated Host reservation offerings, including +// offerings that might not match the instance family and Region of your Dedicated // Hosts. When purchasing an offering, ensure that the instance family and Region // of the offering matches that of the Dedicated Hosts with which it is to be // associated. For more information about supported instance types, see Dedicated @@ -14826,19 +16089,19 @@ func (c *EC2) DescribeInstanceCreditSpecificationsRequest(input *DescribeInstanc // DescribeInstanceCreditSpecifications API operation for Amazon Elastic Compute Cloud. // -// Describes the credit option for CPU usage of the specified T2 or T3 instances. -// The credit options are standard and unlimited. +// Describes the credit option for CPU usage of the specified burstable performance +// instances. The credit options are standard and unlimited. // -// If you do not specify an instance ID, Amazon EC2 returns T2 and T3 instances -// with the unlimited credit option, as well as instances that were previously -// configured as T2 or T3 with the unlimited credit option. For example, if -// you resize a T2 instance, while it is configured as unlimited, to an M4 instance, -// Amazon EC2 returns the M4 instance. +// If you do not specify an instance ID, Amazon EC2 returns burstable performance +// instances with the unlimited credit option, as well as instances that were +// previously configured as T2, T3, and T3a with the unlimited credit option. +// For example, if you resize a T2 instance, while it is configured as unlimited, +// to an M4 instance, Amazon EC2 returns the M4 instance. // // If you specify one or more instance IDs, Amazon EC2 returns the credit option // (standard or unlimited) of those instances. If you specify an instance ID -// that is not valid, such as an instance that is not a T2 or T3 instance, an -// error is returned. +// that is not valid, such as an instance that is not a burstable performance +// instance, an error is returned. // // Recently terminated instances might appear in the returned results. This // interval is usually less than one hour. @@ -15084,6 +16347,273 @@ func (c *EC2) DescribeInstanceStatusPagesWithContext(ctx aws.Context, input *Des return p.Err() } +const opDescribeInstanceTypeOfferings = "DescribeInstanceTypeOfferings" + +// DescribeInstanceTypeOfferingsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceTypeOfferings operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceTypeOfferings for more information on using the DescribeInstanceTypeOfferings +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeInstanceTypeOfferingsRequest method. +// req, resp := client.DescribeInstanceTypeOfferingsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTypeOfferings +func (c *EC2) DescribeInstanceTypeOfferingsRequest(input *DescribeInstanceTypeOfferingsInput) (req *request.Request, output *DescribeInstanceTypeOfferingsOutput) { + op := &request.Operation{ + Name: opDescribeInstanceTypeOfferings, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceTypeOfferingsInput{} + } + + output = &DescribeInstanceTypeOfferingsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceTypeOfferings API operation for Amazon Elastic Compute Cloud. +// +// Returns a list of all instance types offered. The results can be filtered +// by location (Region or Availability Zone). If no location is specified, the +// instance types offered in the current Region are returned. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceTypeOfferings for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTypeOfferings +func (c *EC2) DescribeInstanceTypeOfferings(input *DescribeInstanceTypeOfferingsInput) (*DescribeInstanceTypeOfferingsOutput, error) { + req, out := c.DescribeInstanceTypeOfferingsRequest(input) + return out, req.Send() +} + +// DescribeInstanceTypeOfferingsWithContext is the same as DescribeInstanceTypeOfferings with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceTypeOfferings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTypeOfferingsWithContext(ctx aws.Context, input *DescribeInstanceTypeOfferingsInput, opts ...request.Option) (*DescribeInstanceTypeOfferingsOutput, error) { + req, out := c.DescribeInstanceTypeOfferingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceTypeOfferingsPages iterates over the pages of a DescribeInstanceTypeOfferings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceTypeOfferings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceTypeOfferings operation. +// pageNum := 0 +// err := client.DescribeInstanceTypeOfferingsPages(params, +// func(page *ec2.DescribeInstanceTypeOfferingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeInstanceTypeOfferingsPages(input *DescribeInstanceTypeOfferingsInput, fn func(*DescribeInstanceTypeOfferingsOutput, bool) bool) error { + return c.DescribeInstanceTypeOfferingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceTypeOfferingsPagesWithContext same as DescribeInstanceTypeOfferingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTypeOfferingsPagesWithContext(ctx aws.Context, input *DescribeInstanceTypeOfferingsInput, fn func(*DescribeInstanceTypeOfferingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceTypeOfferingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceTypeOfferingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceTypeOfferingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeInstanceTypes = "DescribeInstanceTypes" + +// DescribeInstanceTypesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeInstanceTypes operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeInstanceTypes for more information on using the DescribeInstanceTypes +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeInstanceTypesRequest method. +// req, resp := client.DescribeInstanceTypesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTypes +func (c *EC2) DescribeInstanceTypesRequest(input *DescribeInstanceTypesInput) (req *request.Request, output *DescribeInstanceTypesOutput) { + op := &request.Operation{ + Name: opDescribeInstanceTypes, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeInstanceTypesInput{} + } + + output = &DescribeInstanceTypesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeInstanceTypes API operation for Amazon Elastic Compute Cloud. +// +// Returns a list of all instance types offered in your current AWS Region. +// The results can be filtered by the attributes of the instance types. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeInstanceTypes for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeInstanceTypes +func (c *EC2) DescribeInstanceTypes(input *DescribeInstanceTypesInput) (*DescribeInstanceTypesOutput, error) { + req, out := c.DescribeInstanceTypesRequest(input) + return out, req.Send() +} + +// DescribeInstanceTypesWithContext is the same as DescribeInstanceTypes with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeInstanceTypes for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTypesWithContext(ctx aws.Context, input *DescribeInstanceTypesInput, opts ...request.Option) (*DescribeInstanceTypesOutput, error) { + req, out := c.DescribeInstanceTypesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeInstanceTypesPages iterates over the pages of a DescribeInstanceTypes operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeInstanceTypes method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeInstanceTypes operation. +// pageNum := 0 +// err := client.DescribeInstanceTypesPages(params, +// func(page *ec2.DescribeInstanceTypesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeInstanceTypesPages(input *DescribeInstanceTypesInput, fn func(*DescribeInstanceTypesOutput, bool) bool) error { + return c.DescribeInstanceTypesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeInstanceTypesPagesWithContext same as DescribeInstanceTypesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeInstanceTypesPagesWithContext(ctx aws.Context, input *DescribeInstanceTypesInput, fn func(*DescribeInstanceTypesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeInstanceTypesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeInstanceTypesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeInstanceTypesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeInstances = "DescribeInstances" // DescribeInstancesRequest generates a "aws/request.Request" representing the @@ -15363,6 +16893,138 @@ func (c *EC2) DescribeInternetGatewaysPagesWithContext(ctx aws.Context, input *D return p.Err() } +const opDescribeIpv6Pools = "DescribeIpv6Pools" + +// DescribeIpv6PoolsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeIpv6Pools operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeIpv6Pools for more information on using the DescribeIpv6Pools +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeIpv6PoolsRequest method. +// req, resp := client.DescribeIpv6PoolsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpv6Pools +func (c *EC2) DescribeIpv6PoolsRequest(input *DescribeIpv6PoolsInput) (req *request.Request, output *DescribeIpv6PoolsOutput) { + op := &request.Operation{ + Name: opDescribeIpv6Pools, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeIpv6PoolsInput{} + } + + output = &DescribeIpv6PoolsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeIpv6Pools API operation for Amazon Elastic Compute Cloud. +// +// Describes your IPv6 address pools. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeIpv6Pools for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeIpv6Pools +func (c *EC2) DescribeIpv6Pools(input *DescribeIpv6PoolsInput) (*DescribeIpv6PoolsOutput, error) { + req, out := c.DescribeIpv6PoolsRequest(input) + return out, req.Send() +} + +// DescribeIpv6PoolsWithContext is the same as DescribeIpv6Pools with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeIpv6Pools for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeIpv6PoolsWithContext(ctx aws.Context, input *DescribeIpv6PoolsInput, opts ...request.Option) (*DescribeIpv6PoolsOutput, error) { + req, out := c.DescribeIpv6PoolsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeIpv6PoolsPages iterates over the pages of a DescribeIpv6Pools operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeIpv6Pools method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeIpv6Pools operation. +// pageNum := 0 +// err := client.DescribeIpv6PoolsPages(params, +// func(page *ec2.DescribeIpv6PoolsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeIpv6PoolsPages(input *DescribeIpv6PoolsInput, fn func(*DescribeIpv6PoolsOutput, bool) bool) error { + return c.DescribeIpv6PoolsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeIpv6PoolsPagesWithContext same as DescribeIpv6PoolsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeIpv6PoolsPagesWithContext(ctx aws.Context, input *DescribeIpv6PoolsInput, fn func(*DescribeIpv6PoolsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeIpv6PoolsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeIpv6PoolsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeIpv6PoolsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeKeyPairs = "DescribeKeyPairs" // DescribeKeyPairsRequest generates a "aws/request.Request" representing the @@ -15705,6 +17367,802 @@ func (c *EC2) DescribeLaunchTemplatesPagesWithContext(ctx aws.Context, input *De return p.Err() } +const opDescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations = "DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations" + +// DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations for more information on using the DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest method. +// req, resp := client.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations +func (c *EC2) DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(input *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) (req *request.Request, output *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) { + op := &request.Operation{ + Name: opDescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput{} + } + + output = &DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations API operation for Amazon Elastic Compute Cloud. +// +// Describes the associations between virtual interface groups and local gateway +// route tables. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations +func (c *EC2) DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(input *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error) { + req, out := c.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsWithContext is the same as DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, opts ...request.Option) (*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error) { + req, out := c.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPages iterates over the pages of a DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations operation. +// pageNum := 0 +// err := client.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPages(params, +// func(page *ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPages(input *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, fn func(*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, bool) bool) error { + return c.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPagesWithContext same as DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPagesWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, fn func(*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLocalGatewayRouteTableVpcAssociations = "DescribeLocalGatewayRouteTableVpcAssociations" + +// DescribeLocalGatewayRouteTableVpcAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGatewayRouteTableVpcAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGatewayRouteTableVpcAssociations for more information on using the DescribeLocalGatewayRouteTableVpcAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewayRouteTableVpcAssociationsRequest method. +// req, resp := client.DescribeLocalGatewayRouteTableVpcAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTableVpcAssociations +func (c *EC2) DescribeLocalGatewayRouteTableVpcAssociationsRequest(input *DescribeLocalGatewayRouteTableVpcAssociationsInput) (req *request.Request, output *DescribeLocalGatewayRouteTableVpcAssociationsOutput) { + op := &request.Operation{ + Name: opDescribeLocalGatewayRouteTableVpcAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewayRouteTableVpcAssociationsInput{} + } + + output = &DescribeLocalGatewayRouteTableVpcAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGatewayRouteTableVpcAssociations API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified associations between VPCs and local gateway route +// tables. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGatewayRouteTableVpcAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTableVpcAssociations +func (c *EC2) DescribeLocalGatewayRouteTableVpcAssociations(input *DescribeLocalGatewayRouteTableVpcAssociationsInput) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error) { + req, out := c.DescribeLocalGatewayRouteTableVpcAssociationsRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTableVpcAssociationsWithContext is the same as DescribeLocalGatewayRouteTableVpcAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGatewayRouteTableVpcAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTableVpcAssociationsWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTableVpcAssociationsInput, opts ...request.Option) (*DescribeLocalGatewayRouteTableVpcAssociationsOutput, error) { + req, out := c.DescribeLocalGatewayRouteTableVpcAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTableVpcAssociationsPages iterates over the pages of a DescribeLocalGatewayRouteTableVpcAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGatewayRouteTableVpcAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGatewayRouteTableVpcAssociations operation. +// pageNum := 0 +// err := client.DescribeLocalGatewayRouteTableVpcAssociationsPages(params, +// func(page *ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewayRouteTableVpcAssociationsPages(input *DescribeLocalGatewayRouteTableVpcAssociationsInput, fn func(*DescribeLocalGatewayRouteTableVpcAssociationsOutput, bool) bool) error { + return c.DescribeLocalGatewayRouteTableVpcAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewayRouteTableVpcAssociationsPagesWithContext same as DescribeLocalGatewayRouteTableVpcAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTableVpcAssociationsPagesWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTableVpcAssociationsInput, fn func(*DescribeLocalGatewayRouteTableVpcAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewayRouteTableVpcAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewayRouteTableVpcAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewayRouteTableVpcAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLocalGatewayRouteTables = "DescribeLocalGatewayRouteTables" + +// DescribeLocalGatewayRouteTablesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGatewayRouteTables operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGatewayRouteTables for more information on using the DescribeLocalGatewayRouteTables +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewayRouteTablesRequest method. +// req, resp := client.DescribeLocalGatewayRouteTablesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTables +func (c *EC2) DescribeLocalGatewayRouteTablesRequest(input *DescribeLocalGatewayRouteTablesInput) (req *request.Request, output *DescribeLocalGatewayRouteTablesOutput) { + op := &request.Operation{ + Name: opDescribeLocalGatewayRouteTables, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewayRouteTablesInput{} + } + + output = &DescribeLocalGatewayRouteTablesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGatewayRouteTables API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more local gateway route tables. By default, all local gateway +// route tables are described. Alternatively, you can filter the results. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGatewayRouteTables for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayRouteTables +func (c *EC2) DescribeLocalGatewayRouteTables(input *DescribeLocalGatewayRouteTablesInput) (*DescribeLocalGatewayRouteTablesOutput, error) { + req, out := c.DescribeLocalGatewayRouteTablesRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTablesWithContext is the same as DescribeLocalGatewayRouteTables with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGatewayRouteTables for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTablesWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTablesInput, opts ...request.Option) (*DescribeLocalGatewayRouteTablesOutput, error) { + req, out := c.DescribeLocalGatewayRouteTablesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewayRouteTablesPages iterates over the pages of a DescribeLocalGatewayRouteTables operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGatewayRouteTables method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGatewayRouteTables operation. +// pageNum := 0 +// err := client.DescribeLocalGatewayRouteTablesPages(params, +// func(page *ec2.DescribeLocalGatewayRouteTablesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewayRouteTablesPages(input *DescribeLocalGatewayRouteTablesInput, fn func(*DescribeLocalGatewayRouteTablesOutput, bool) bool) error { + return c.DescribeLocalGatewayRouteTablesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewayRouteTablesPagesWithContext same as DescribeLocalGatewayRouteTablesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayRouteTablesPagesWithContext(ctx aws.Context, input *DescribeLocalGatewayRouteTablesInput, fn func(*DescribeLocalGatewayRouteTablesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewayRouteTablesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewayRouteTablesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewayRouteTablesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLocalGatewayVirtualInterfaceGroups = "DescribeLocalGatewayVirtualInterfaceGroups" + +// DescribeLocalGatewayVirtualInterfaceGroupsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGatewayVirtualInterfaceGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGatewayVirtualInterfaceGroups for more information on using the DescribeLocalGatewayVirtualInterfaceGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewayVirtualInterfaceGroupsRequest method. +// req, resp := client.DescribeLocalGatewayVirtualInterfaceGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayVirtualInterfaceGroups +func (c *EC2) DescribeLocalGatewayVirtualInterfaceGroupsRequest(input *DescribeLocalGatewayVirtualInterfaceGroupsInput) (req *request.Request, output *DescribeLocalGatewayVirtualInterfaceGroupsOutput) { + op := &request.Operation{ + Name: opDescribeLocalGatewayVirtualInterfaceGroups, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewayVirtualInterfaceGroupsInput{} + } + + output = &DescribeLocalGatewayVirtualInterfaceGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGatewayVirtualInterfaceGroups API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified local gateway virtual interface groups. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGatewayVirtualInterfaceGroups for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayVirtualInterfaceGroups +func (c *EC2) DescribeLocalGatewayVirtualInterfaceGroups(input *DescribeLocalGatewayVirtualInterfaceGroupsInput) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error) { + req, out := c.DescribeLocalGatewayVirtualInterfaceGroupsRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewayVirtualInterfaceGroupsWithContext is the same as DescribeLocalGatewayVirtualInterfaceGroups with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGatewayVirtualInterfaceGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayVirtualInterfaceGroupsWithContext(ctx aws.Context, input *DescribeLocalGatewayVirtualInterfaceGroupsInput, opts ...request.Option) (*DescribeLocalGatewayVirtualInterfaceGroupsOutput, error) { + req, out := c.DescribeLocalGatewayVirtualInterfaceGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewayVirtualInterfaceGroupsPages iterates over the pages of a DescribeLocalGatewayVirtualInterfaceGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGatewayVirtualInterfaceGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGatewayVirtualInterfaceGroups operation. +// pageNum := 0 +// err := client.DescribeLocalGatewayVirtualInterfaceGroupsPages(params, +// func(page *ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewayVirtualInterfaceGroupsPages(input *DescribeLocalGatewayVirtualInterfaceGroupsInput, fn func(*DescribeLocalGatewayVirtualInterfaceGroupsOutput, bool) bool) error { + return c.DescribeLocalGatewayVirtualInterfaceGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewayVirtualInterfaceGroupsPagesWithContext same as DescribeLocalGatewayVirtualInterfaceGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayVirtualInterfaceGroupsPagesWithContext(ctx aws.Context, input *DescribeLocalGatewayVirtualInterfaceGroupsInput, fn func(*DescribeLocalGatewayVirtualInterfaceGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewayVirtualInterfaceGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewayVirtualInterfaceGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewayVirtualInterfaceGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLocalGatewayVirtualInterfaces = "DescribeLocalGatewayVirtualInterfaces" + +// DescribeLocalGatewayVirtualInterfacesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGatewayVirtualInterfaces operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGatewayVirtualInterfaces for more information on using the DescribeLocalGatewayVirtualInterfaces +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewayVirtualInterfacesRequest method. +// req, resp := client.DescribeLocalGatewayVirtualInterfacesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayVirtualInterfaces +func (c *EC2) DescribeLocalGatewayVirtualInterfacesRequest(input *DescribeLocalGatewayVirtualInterfacesInput) (req *request.Request, output *DescribeLocalGatewayVirtualInterfacesOutput) { + op := &request.Operation{ + Name: opDescribeLocalGatewayVirtualInterfaces, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewayVirtualInterfacesInput{} + } + + output = &DescribeLocalGatewayVirtualInterfacesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGatewayVirtualInterfaces API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified local gateway virtual interfaces. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGatewayVirtualInterfaces for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGatewayVirtualInterfaces +func (c *EC2) DescribeLocalGatewayVirtualInterfaces(input *DescribeLocalGatewayVirtualInterfacesInput) (*DescribeLocalGatewayVirtualInterfacesOutput, error) { + req, out := c.DescribeLocalGatewayVirtualInterfacesRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewayVirtualInterfacesWithContext is the same as DescribeLocalGatewayVirtualInterfaces with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGatewayVirtualInterfaces for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayVirtualInterfacesWithContext(ctx aws.Context, input *DescribeLocalGatewayVirtualInterfacesInput, opts ...request.Option) (*DescribeLocalGatewayVirtualInterfacesOutput, error) { + req, out := c.DescribeLocalGatewayVirtualInterfacesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewayVirtualInterfacesPages iterates over the pages of a DescribeLocalGatewayVirtualInterfaces operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGatewayVirtualInterfaces method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGatewayVirtualInterfaces operation. +// pageNum := 0 +// err := client.DescribeLocalGatewayVirtualInterfacesPages(params, +// func(page *ec2.DescribeLocalGatewayVirtualInterfacesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewayVirtualInterfacesPages(input *DescribeLocalGatewayVirtualInterfacesInput, fn func(*DescribeLocalGatewayVirtualInterfacesOutput, bool) bool) error { + return c.DescribeLocalGatewayVirtualInterfacesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewayVirtualInterfacesPagesWithContext same as DescribeLocalGatewayVirtualInterfacesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewayVirtualInterfacesPagesWithContext(ctx aws.Context, input *DescribeLocalGatewayVirtualInterfacesInput, fn func(*DescribeLocalGatewayVirtualInterfacesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewayVirtualInterfacesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewayVirtualInterfacesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewayVirtualInterfacesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeLocalGateways = "DescribeLocalGateways" + +// DescribeLocalGatewaysRequest generates a "aws/request.Request" representing the +// client's request for the DescribeLocalGateways operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeLocalGateways for more information on using the DescribeLocalGateways +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeLocalGatewaysRequest method. +// req, resp := client.DescribeLocalGatewaysRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGateways +func (c *EC2) DescribeLocalGatewaysRequest(input *DescribeLocalGatewaysInput) (req *request.Request, output *DescribeLocalGatewaysOutput) { + op := &request.Operation{ + Name: opDescribeLocalGateways, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeLocalGatewaysInput{} + } + + output = &DescribeLocalGatewaysOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeLocalGateways API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more local gateways. By default, all local gateways are +// described. Alternatively, you can filter the results. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeLocalGateways for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeLocalGateways +func (c *EC2) DescribeLocalGateways(input *DescribeLocalGatewaysInput) (*DescribeLocalGatewaysOutput, error) { + req, out := c.DescribeLocalGatewaysRequest(input) + return out, req.Send() +} + +// DescribeLocalGatewaysWithContext is the same as DescribeLocalGateways with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeLocalGateways for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewaysWithContext(ctx aws.Context, input *DescribeLocalGatewaysInput, opts ...request.Option) (*DescribeLocalGatewaysOutput, error) { + req, out := c.DescribeLocalGatewaysRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeLocalGatewaysPages iterates over the pages of a DescribeLocalGateways operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeLocalGateways method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeLocalGateways operation. +// pageNum := 0 +// err := client.DescribeLocalGatewaysPages(params, +// func(page *ec2.DescribeLocalGatewaysOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeLocalGatewaysPages(input *DescribeLocalGatewaysInput, fn func(*DescribeLocalGatewaysOutput, bool) bool) error { + return c.DescribeLocalGatewaysPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeLocalGatewaysPagesWithContext same as DescribeLocalGatewaysPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeLocalGatewaysPagesWithContext(ctx aws.Context, input *DescribeLocalGatewaysInput, fn func(*DescribeLocalGatewaysOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeLocalGatewaysInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeLocalGatewaysRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeLocalGatewaysOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeMovingAddresses = "DescribeMovingAddresses" // DescribeMovingAddressesRequest generates a "aws/request.Request" representing the @@ -18243,7 +20701,7 @@ func (c *EC2) DescribeSnapshotsRequest(input *DescribeSnapshotsInput) (req *requ // * implicit: An AWS account has implicit create volume permissions for // all snapshots it owns. // -// The list of snapshots returned can be modified by specifying snapshot IDs, +// The list of snapshots returned can be filtered by specifying snapshot IDs, // snapshot owners, or AWS accounts with create volume permissions. If no options // are specified, Amazon EC2 returns all snapshots for which you have create // volume permissions. @@ -18270,6 +20728,8 @@ func (c *EC2) DescribeSnapshotsRequest(input *DescribeSnapshotsInput) (req *requ // a NextToken value that can be passed to a subsequent DescribeSnapshots request // to retrieve the remaining results. // +// To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. +// // For more information about EBS snapshots, see Amazon EBS Snapshots (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -19941,6 +22401,270 @@ func (c *EC2) DescribeTransitGatewayAttachmentsPagesWithContext(ctx aws.Context, return p.Err() } +const opDescribeTransitGatewayMulticastDomains = "DescribeTransitGatewayMulticastDomains" + +// DescribeTransitGatewayMulticastDomainsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTransitGatewayMulticastDomains operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTransitGatewayMulticastDomains for more information on using the DescribeTransitGatewayMulticastDomains +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTransitGatewayMulticastDomainsRequest method. +// req, resp := client.DescribeTransitGatewayMulticastDomainsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayMulticastDomains +func (c *EC2) DescribeTransitGatewayMulticastDomainsRequest(input *DescribeTransitGatewayMulticastDomainsInput) (req *request.Request, output *DescribeTransitGatewayMulticastDomainsOutput) { + op := &request.Operation{ + Name: opDescribeTransitGatewayMulticastDomains, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTransitGatewayMulticastDomainsInput{} + } + + output = &DescribeTransitGatewayMulticastDomainsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTransitGatewayMulticastDomains API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more transit gateway multicast domains. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTransitGatewayMulticastDomains for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayMulticastDomains +func (c *EC2) DescribeTransitGatewayMulticastDomains(input *DescribeTransitGatewayMulticastDomainsInput) (*DescribeTransitGatewayMulticastDomainsOutput, error) { + req, out := c.DescribeTransitGatewayMulticastDomainsRequest(input) + return out, req.Send() +} + +// DescribeTransitGatewayMulticastDomainsWithContext is the same as DescribeTransitGatewayMulticastDomains with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTransitGatewayMulticastDomains for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayMulticastDomainsWithContext(ctx aws.Context, input *DescribeTransitGatewayMulticastDomainsInput, opts ...request.Option) (*DescribeTransitGatewayMulticastDomainsOutput, error) { + req, out := c.DescribeTransitGatewayMulticastDomainsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTransitGatewayMulticastDomainsPages iterates over the pages of a DescribeTransitGatewayMulticastDomains operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTransitGatewayMulticastDomains method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTransitGatewayMulticastDomains operation. +// pageNum := 0 +// err := client.DescribeTransitGatewayMulticastDomainsPages(params, +// func(page *ec2.DescribeTransitGatewayMulticastDomainsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTransitGatewayMulticastDomainsPages(input *DescribeTransitGatewayMulticastDomainsInput, fn func(*DescribeTransitGatewayMulticastDomainsOutput, bool) bool) error { + return c.DescribeTransitGatewayMulticastDomainsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTransitGatewayMulticastDomainsPagesWithContext same as DescribeTransitGatewayMulticastDomainsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayMulticastDomainsPagesWithContext(ctx aws.Context, input *DescribeTransitGatewayMulticastDomainsInput, fn func(*DescribeTransitGatewayMulticastDomainsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTransitGatewayMulticastDomainsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTransitGatewayMulticastDomainsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTransitGatewayMulticastDomainsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeTransitGatewayPeeringAttachments = "DescribeTransitGatewayPeeringAttachments" + +// DescribeTransitGatewayPeeringAttachmentsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTransitGatewayPeeringAttachments operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTransitGatewayPeeringAttachments for more information on using the DescribeTransitGatewayPeeringAttachments +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTransitGatewayPeeringAttachmentsRequest method. +// req, resp := client.DescribeTransitGatewayPeeringAttachmentsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayPeeringAttachments +func (c *EC2) DescribeTransitGatewayPeeringAttachmentsRequest(input *DescribeTransitGatewayPeeringAttachmentsInput) (req *request.Request, output *DescribeTransitGatewayPeeringAttachmentsOutput) { + op := &request.Operation{ + Name: opDescribeTransitGatewayPeeringAttachments, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTransitGatewayPeeringAttachmentsInput{} + } + + output = &DescribeTransitGatewayPeeringAttachmentsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTransitGatewayPeeringAttachments API operation for Amazon Elastic Compute Cloud. +// +// Describes your transit gateway peering attachments. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTransitGatewayPeeringAttachments for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayPeeringAttachments +func (c *EC2) DescribeTransitGatewayPeeringAttachments(input *DescribeTransitGatewayPeeringAttachmentsInput) (*DescribeTransitGatewayPeeringAttachmentsOutput, error) { + req, out := c.DescribeTransitGatewayPeeringAttachmentsRequest(input) + return out, req.Send() +} + +// DescribeTransitGatewayPeeringAttachmentsWithContext is the same as DescribeTransitGatewayPeeringAttachments with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTransitGatewayPeeringAttachments for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayPeeringAttachmentsWithContext(ctx aws.Context, input *DescribeTransitGatewayPeeringAttachmentsInput, opts ...request.Option) (*DescribeTransitGatewayPeeringAttachmentsOutput, error) { + req, out := c.DescribeTransitGatewayPeeringAttachmentsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTransitGatewayPeeringAttachmentsPages iterates over the pages of a DescribeTransitGatewayPeeringAttachments operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTransitGatewayPeeringAttachments method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTransitGatewayPeeringAttachments operation. +// pageNum := 0 +// err := client.DescribeTransitGatewayPeeringAttachmentsPages(params, +// func(page *ec2.DescribeTransitGatewayPeeringAttachmentsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTransitGatewayPeeringAttachmentsPages(input *DescribeTransitGatewayPeeringAttachmentsInput, fn func(*DescribeTransitGatewayPeeringAttachmentsOutput, bool) bool) error { + return c.DescribeTransitGatewayPeeringAttachmentsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTransitGatewayPeeringAttachmentsPagesWithContext same as DescribeTransitGatewayPeeringAttachmentsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayPeeringAttachmentsPagesWithContext(ctx aws.Context, input *DescribeTransitGatewayPeeringAttachmentsInput, fn func(*DescribeTransitGatewayPeeringAttachmentsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTransitGatewayPeeringAttachmentsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTransitGatewayPeeringAttachmentsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTransitGatewayPeeringAttachmentsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeTransitGatewayRouteTables = "DescribeTransitGatewayRouteTables" // DescribeTransitGatewayRouteTablesRequest generates a "aws/request.Request" representing the @@ -22794,6 +25518,81 @@ func (c *EC2) DisableEbsEncryptionByDefaultWithContext(ctx aws.Context, input *D return out, req.Send() } +const opDisableFastSnapshotRestores = "DisableFastSnapshotRestores" + +// DisableFastSnapshotRestoresRequest generates a "aws/request.Request" representing the +// client's request for the DisableFastSnapshotRestores operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableFastSnapshotRestores for more information on using the DisableFastSnapshotRestores +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableFastSnapshotRestoresRequest method. +// req, resp := client.DisableFastSnapshotRestoresRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableFastSnapshotRestores +func (c *EC2) DisableFastSnapshotRestoresRequest(input *DisableFastSnapshotRestoresInput) (req *request.Request, output *DisableFastSnapshotRestoresOutput) { + op := &request.Operation{ + Name: opDisableFastSnapshotRestores, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableFastSnapshotRestoresInput{} + } + + output = &DisableFastSnapshotRestoresOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableFastSnapshotRestores API operation for Amazon Elastic Compute Cloud. +// +// Disables fast snapshot restores for the specified snapshots in the specified +// Availability Zones. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableFastSnapshotRestores for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableFastSnapshotRestores +func (c *EC2) DisableFastSnapshotRestores(input *DisableFastSnapshotRestoresInput) (*DisableFastSnapshotRestoresOutput, error) { + req, out := c.DisableFastSnapshotRestoresRequest(input) + return out, req.Send() +} + +// DisableFastSnapshotRestoresWithContext is the same as DisableFastSnapshotRestores with the addition of +// the ability to pass a context and additional request options. +// +// See DisableFastSnapshotRestores for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableFastSnapshotRestoresWithContext(ctx aws.Context, input *DisableFastSnapshotRestoresInput, opts ...request.Option) (*DisableFastSnapshotRestoresOutput, error) { + req, out := c.DisableFastSnapshotRestoresRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableTransitGatewayRouteTablePropagation = "DisableTransitGatewayRouteTablePropagation" // DisableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -23497,6 +26296,80 @@ func (c *EC2) DisassociateSubnetCidrBlockWithContext(ctx aws.Context, input *Dis return out, req.Send() } +const opDisassociateTransitGatewayMulticastDomain = "DisassociateTransitGatewayMulticastDomain" + +// DisassociateTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateTransitGatewayMulticastDomain operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateTransitGatewayMulticastDomain for more information on using the DisassociateTransitGatewayMulticastDomain +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateTransitGatewayMulticastDomainRequest method. +// req, resp := client.DisassociateTransitGatewayMulticastDomainRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateTransitGatewayMulticastDomain +func (c *EC2) DisassociateTransitGatewayMulticastDomainRequest(input *DisassociateTransitGatewayMulticastDomainInput) (req *request.Request, output *DisassociateTransitGatewayMulticastDomainOutput) { + op := &request.Operation{ + Name: opDisassociateTransitGatewayMulticastDomain, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateTransitGatewayMulticastDomainInput{} + } + + output = &DisassociateTransitGatewayMulticastDomainOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateTransitGatewayMulticastDomain API operation for Amazon Elastic Compute Cloud. +// +// Disassociates the specified subnets from the transit gateway multicast domain. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisassociateTransitGatewayMulticastDomain for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateTransitGatewayMulticastDomain +func (c *EC2) DisassociateTransitGatewayMulticastDomain(input *DisassociateTransitGatewayMulticastDomainInput) (*DisassociateTransitGatewayMulticastDomainOutput, error) { + req, out := c.DisassociateTransitGatewayMulticastDomainRequest(input) + return out, req.Send() +} + +// DisassociateTransitGatewayMulticastDomainWithContext is the same as DisassociateTransitGatewayMulticastDomain with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateTransitGatewayMulticastDomain for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisassociateTransitGatewayMulticastDomainWithContext(ctx aws.Context, input *DisassociateTransitGatewayMulticastDomainInput, opts ...request.Option) (*DisassociateTransitGatewayMulticastDomainOutput, error) { + req, out := c.DisassociateTransitGatewayMulticastDomainRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateTransitGatewayRouteTable = "DisassociateTransitGatewayRouteTable" // DisassociateTransitGatewayRouteTableRequest generates a "aws/request.Request" representing the @@ -23741,6 +26614,88 @@ func (c *EC2) EnableEbsEncryptionByDefaultWithContext(ctx aws.Context, input *En return out, req.Send() } +const opEnableFastSnapshotRestores = "EnableFastSnapshotRestores" + +// EnableFastSnapshotRestoresRequest generates a "aws/request.Request" representing the +// client's request for the EnableFastSnapshotRestores operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableFastSnapshotRestores for more information on using the EnableFastSnapshotRestores +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableFastSnapshotRestoresRequest method. +// req, resp := client.EnableFastSnapshotRestoresRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableFastSnapshotRestores +func (c *EC2) EnableFastSnapshotRestoresRequest(input *EnableFastSnapshotRestoresInput) (req *request.Request, output *EnableFastSnapshotRestoresOutput) { + op := &request.Operation{ + Name: opEnableFastSnapshotRestores, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableFastSnapshotRestoresInput{} + } + + output = &EnableFastSnapshotRestoresOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableFastSnapshotRestores API operation for Amazon Elastic Compute Cloud. +// +// Enables fast snapshot restores for the specified snapshots in the specified +// Availability Zones. +// +// You get the full benefit of fast snapshot restores after they enter the enabled +// state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. +// To disable fast snapshot restores, use DisableFastSnapshotRestores. +// +// For more information, see Amazon EBS Fast Snapshot Restore (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableFastSnapshotRestores for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableFastSnapshotRestores +func (c *EC2) EnableFastSnapshotRestores(input *EnableFastSnapshotRestoresInput) (*EnableFastSnapshotRestoresOutput, error) { + req, out := c.EnableFastSnapshotRestoresRequest(input) + return out, req.Send() +} + +// EnableFastSnapshotRestoresWithContext is the same as EnableFastSnapshotRestores with the addition of +// the ability to pass a context and additional request options. +// +// See EnableFastSnapshotRestores for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableFastSnapshotRestoresWithContext(ctx aws.Context, input *EnableFastSnapshotRestoresInput, opts ...request.Option) (*EnableFastSnapshotRestoresOutput, error) { + req, out := c.EnableFastSnapshotRestoresRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableTransitGatewayRouteTablePropagation = "EnableTransitGatewayRouteTablePropagation" // EnableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -24404,6 +27359,10 @@ func (c *EC2) ExportTransitGatewayRoutesRequest(input *ExportTransitGatewayRoute // S3 bucket. By default, all routes are exported. Alternatively, you can filter // by CIDR range. // +// The routes are saved to the specified bucket in a JSON file. For more information, +// see Export Route Tables to Amazon S3 (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html#tgw-export-route-tables) +// in Transit Gateways. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -24432,6 +27391,139 @@ func (c *EC2) ExportTransitGatewayRoutesWithContext(ctx aws.Context, input *Expo return out, req.Send() } +const opGetAssociatedIpv6PoolCidrs = "GetAssociatedIpv6PoolCidrs" + +// GetAssociatedIpv6PoolCidrsRequest generates a "aws/request.Request" representing the +// client's request for the GetAssociatedIpv6PoolCidrs operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAssociatedIpv6PoolCidrs for more information on using the GetAssociatedIpv6PoolCidrs +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetAssociatedIpv6PoolCidrsRequest method. +// req, resp := client.GetAssociatedIpv6PoolCidrsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedIpv6PoolCidrs +func (c *EC2) GetAssociatedIpv6PoolCidrsRequest(input *GetAssociatedIpv6PoolCidrsInput) (req *request.Request, output *GetAssociatedIpv6PoolCidrsOutput) { + op := &request.Operation{ + Name: opGetAssociatedIpv6PoolCidrs, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetAssociatedIpv6PoolCidrsInput{} + } + + output = &GetAssociatedIpv6PoolCidrsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAssociatedIpv6PoolCidrs API operation for Amazon Elastic Compute Cloud. +// +// Gets information about the IPv6 CIDR block associations for a specified IPv6 +// address pool. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetAssociatedIpv6PoolCidrs for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetAssociatedIpv6PoolCidrs +func (c *EC2) GetAssociatedIpv6PoolCidrs(input *GetAssociatedIpv6PoolCidrsInput) (*GetAssociatedIpv6PoolCidrsOutput, error) { + req, out := c.GetAssociatedIpv6PoolCidrsRequest(input) + return out, req.Send() +} + +// GetAssociatedIpv6PoolCidrsWithContext is the same as GetAssociatedIpv6PoolCidrs with the addition of +// the ability to pass a context and additional request options. +// +// See GetAssociatedIpv6PoolCidrs for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAssociatedIpv6PoolCidrsWithContext(ctx aws.Context, input *GetAssociatedIpv6PoolCidrsInput, opts ...request.Option) (*GetAssociatedIpv6PoolCidrsOutput, error) { + req, out := c.GetAssociatedIpv6PoolCidrsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetAssociatedIpv6PoolCidrsPages iterates over the pages of a GetAssociatedIpv6PoolCidrs operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetAssociatedIpv6PoolCidrs method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetAssociatedIpv6PoolCidrs operation. +// pageNum := 0 +// err := client.GetAssociatedIpv6PoolCidrsPages(params, +// func(page *ec2.GetAssociatedIpv6PoolCidrsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) GetAssociatedIpv6PoolCidrsPages(input *GetAssociatedIpv6PoolCidrsInput, fn func(*GetAssociatedIpv6PoolCidrsOutput, bool) bool) error { + return c.GetAssociatedIpv6PoolCidrsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetAssociatedIpv6PoolCidrsPagesWithContext same as GetAssociatedIpv6PoolCidrsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetAssociatedIpv6PoolCidrsPagesWithContext(ctx aws.Context, input *GetAssociatedIpv6PoolCidrsInput, fn func(*GetAssociatedIpv6PoolCidrsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetAssociatedIpv6PoolCidrsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetAssociatedIpv6PoolCidrsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetAssociatedIpv6PoolCidrsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetCapacityReservationUsage = "GetCapacityReservationUsage" // GetCapacityReservationUsageRequest generates a "aws/request.Request" representing the @@ -24510,6 +27602,80 @@ func (c *EC2) GetCapacityReservationUsageWithContext(ctx aws.Context, input *Get return out, req.Send() } +const opGetCoipPoolUsage = "GetCoipPoolUsage" + +// GetCoipPoolUsageRequest generates a "aws/request.Request" representing the +// client's request for the GetCoipPoolUsage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetCoipPoolUsage for more information on using the GetCoipPoolUsage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetCoipPoolUsageRequest method. +// req, resp := client.GetCoipPoolUsageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetCoipPoolUsage +func (c *EC2) GetCoipPoolUsageRequest(input *GetCoipPoolUsageInput) (req *request.Request, output *GetCoipPoolUsageOutput) { + op := &request.Operation{ + Name: opGetCoipPoolUsage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetCoipPoolUsageInput{} + } + + output = &GetCoipPoolUsageOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetCoipPoolUsage API operation for Amazon Elastic Compute Cloud. +// +// Describes the allocations from the specified customer-owned address pool. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetCoipPoolUsage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetCoipPoolUsage +func (c *EC2) GetCoipPoolUsage(input *GetCoipPoolUsageInput) (*GetCoipPoolUsageOutput, error) { + req, out := c.GetCoipPoolUsageRequest(input) + return out, req.Send() +} + +// GetCoipPoolUsageWithContext is the same as GetCoipPoolUsage with the addition of +// the ability to pass a context and additional request options. +// +// See GetCoipPoolUsage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetCoipPoolUsageWithContext(ctx aws.Context, input *GetCoipPoolUsageInput, opts ...request.Option) (*GetCoipPoolUsageOutput, error) { + req, out := c.GetCoipPoolUsageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetConsoleOutput = "GetConsoleOutput" // GetConsoleOutputRequest generates a "aws/request.Request" representing the @@ -24676,6 +27842,84 @@ func (c *EC2) GetConsoleScreenshotWithContext(ctx aws.Context, input *GetConsole return out, req.Send() } +const opGetDefaultCreditSpecification = "GetDefaultCreditSpecification" + +// GetDefaultCreditSpecificationRequest generates a "aws/request.Request" representing the +// client's request for the GetDefaultCreditSpecification operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetDefaultCreditSpecification for more information on using the GetDefaultCreditSpecification +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetDefaultCreditSpecificationRequest method. +// req, resp := client.GetDefaultCreditSpecificationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetDefaultCreditSpecification +func (c *EC2) GetDefaultCreditSpecificationRequest(input *GetDefaultCreditSpecificationInput) (req *request.Request, output *GetDefaultCreditSpecificationOutput) { + op := &request.Operation{ + Name: opGetDefaultCreditSpecification, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetDefaultCreditSpecificationInput{} + } + + output = &GetDefaultCreditSpecificationOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetDefaultCreditSpecification API operation for Amazon Elastic Compute Cloud. +// +// Describes the default credit option for CPU usage of a burstable performance +// instance family. +// +// For more information, see Burstable Performance Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetDefaultCreditSpecification for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetDefaultCreditSpecification +func (c *EC2) GetDefaultCreditSpecification(input *GetDefaultCreditSpecificationInput) (*GetDefaultCreditSpecificationOutput, error) { + req, out := c.GetDefaultCreditSpecificationRequest(input) + return out, req.Send() +} + +// GetDefaultCreditSpecificationWithContext is the same as GetDefaultCreditSpecification with the addition of +// the ability to pass a context and additional request options. +// +// See GetDefaultCreditSpecification for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetDefaultCreditSpecificationWithContext(ctx aws.Context, input *GetDefaultCreditSpecificationInput, opts ...request.Option) (*GetDefaultCreditSpecificationOutput, error) { + req, out := c.GetDefaultCreditSpecificationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetEbsDefaultKmsKeyId = "GetEbsDefaultKmsKeyId" // GetEbsDefaultKmsKeyIdRequest generates a "aws/request.Request" representing the @@ -25288,6 +28532,139 @@ func (c *EC2) GetTransitGatewayAttachmentPropagationsPagesWithContext(ctx aws.Co return p.Err() } +const opGetTransitGatewayMulticastDomainAssociations = "GetTransitGatewayMulticastDomainAssociations" + +// GetTransitGatewayMulticastDomainAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the GetTransitGatewayMulticastDomainAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetTransitGatewayMulticastDomainAssociations for more information on using the GetTransitGatewayMulticastDomainAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetTransitGatewayMulticastDomainAssociationsRequest method. +// req, resp := client.GetTransitGatewayMulticastDomainAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetTransitGatewayMulticastDomainAssociations +func (c *EC2) GetTransitGatewayMulticastDomainAssociationsRequest(input *GetTransitGatewayMulticastDomainAssociationsInput) (req *request.Request, output *GetTransitGatewayMulticastDomainAssociationsOutput) { + op := &request.Operation{ + Name: opGetTransitGatewayMulticastDomainAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &GetTransitGatewayMulticastDomainAssociationsInput{} + } + + output = &GetTransitGatewayMulticastDomainAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetTransitGatewayMulticastDomainAssociations API operation for Amazon Elastic Compute Cloud. +// +// Gets information about the associations for the transit gateway multicast +// domain. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetTransitGatewayMulticastDomainAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetTransitGatewayMulticastDomainAssociations +func (c *EC2) GetTransitGatewayMulticastDomainAssociations(input *GetTransitGatewayMulticastDomainAssociationsInput) (*GetTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.GetTransitGatewayMulticastDomainAssociationsRequest(input) + return out, req.Send() +} + +// GetTransitGatewayMulticastDomainAssociationsWithContext is the same as GetTransitGatewayMulticastDomainAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See GetTransitGatewayMulticastDomainAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetTransitGatewayMulticastDomainAssociationsWithContext(ctx aws.Context, input *GetTransitGatewayMulticastDomainAssociationsInput, opts ...request.Option) (*GetTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.GetTransitGatewayMulticastDomainAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// GetTransitGatewayMulticastDomainAssociationsPages iterates over the pages of a GetTransitGatewayMulticastDomainAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See GetTransitGatewayMulticastDomainAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a GetTransitGatewayMulticastDomainAssociations operation. +// pageNum := 0 +// err := client.GetTransitGatewayMulticastDomainAssociationsPages(params, +// func(page *ec2.GetTransitGatewayMulticastDomainAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) GetTransitGatewayMulticastDomainAssociationsPages(input *GetTransitGatewayMulticastDomainAssociationsInput, fn func(*GetTransitGatewayMulticastDomainAssociationsOutput, bool) bool) error { + return c.GetTransitGatewayMulticastDomainAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// GetTransitGatewayMulticastDomainAssociationsPagesWithContext same as GetTransitGatewayMulticastDomainAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetTransitGatewayMulticastDomainAssociationsPagesWithContext(ctx aws.Context, input *GetTransitGatewayMulticastDomainAssociationsInput, fn func(*GetTransitGatewayMulticastDomainAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *GetTransitGatewayMulticastDomainAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.GetTransitGatewayMulticastDomainAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*GetTransitGatewayMulticastDomainAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opGetTransitGatewayRouteTableAssociations = "GetTransitGatewayRouteTableAssociations" // GetTransitGatewayRouteTableAssociationsRequest generates a "aws/request.Request" representing the @@ -26022,6 +29399,83 @@ func (c *EC2) ImportVolumeWithContext(ctx aws.Context, input *ImportVolumeInput, return out, req.Send() } +const opModifyAvailabilityZoneGroup = "ModifyAvailabilityZoneGroup" + +// ModifyAvailabilityZoneGroupRequest generates a "aws/request.Request" representing the +// client's request for the ModifyAvailabilityZoneGroup operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyAvailabilityZoneGroup for more information on using the ModifyAvailabilityZoneGroup +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyAvailabilityZoneGroupRequest method. +// req, resp := client.ModifyAvailabilityZoneGroupRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyAvailabilityZoneGroup +func (c *EC2) ModifyAvailabilityZoneGroupRequest(input *ModifyAvailabilityZoneGroupInput) (req *request.Request, output *ModifyAvailabilityZoneGroupOutput) { + op := &request.Operation{ + Name: opModifyAvailabilityZoneGroup, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyAvailabilityZoneGroupInput{} + } + + output = &ModifyAvailabilityZoneGroupOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyAvailabilityZoneGroup API operation for Amazon Elastic Compute Cloud. +// +// Enables or disables an Availability Zone group for your account. +// +// Use describe-availability-zones (https://docs.aws.amazon.com/AWSEC2ApiDocReef/build/server-root/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) +// to view the value for GroupName. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyAvailabilityZoneGroup for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyAvailabilityZoneGroup +func (c *EC2) ModifyAvailabilityZoneGroup(input *ModifyAvailabilityZoneGroupInput) (*ModifyAvailabilityZoneGroupOutput, error) { + req, out := c.ModifyAvailabilityZoneGroupRequest(input) + return out, req.Send() +} + +// ModifyAvailabilityZoneGroupWithContext is the same as ModifyAvailabilityZoneGroup with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyAvailabilityZoneGroup for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyAvailabilityZoneGroupWithContext(ctx aws.Context, input *ModifyAvailabilityZoneGroupInput, opts ...request.Option) (*ModifyAvailabilityZoneGroupOutput, error) { + req, out := c.ModifyAvailabilityZoneGroupRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyCapacityReservation = "ModifyCapacityReservation" // ModifyCapacityReservationRequest generates a "aws/request.Request" representing the @@ -26145,10 +29599,8 @@ func (c *EC2) ModifyClientVpnEndpointRequest(input *ModifyClientVpnEndpointInput // ModifyClientVpnEndpoint API operation for Amazon Elastic Compute Cloud. // -// Modifies the specified Client VPN endpoint. You can only modify an endpoint's -// server certificate information, client connection logging information, DNS -// server, and description. Modifying the DNS server resets existing client -// connections. +// Modifies the specified Client VPN endpoint. Modifying the DNS server resets +// existing client connections. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -26178,6 +29630,94 @@ func (c *EC2) ModifyClientVpnEndpointWithContext(ctx aws.Context, input *ModifyC return out, req.Send() } +const opModifyDefaultCreditSpecification = "ModifyDefaultCreditSpecification" + +// ModifyDefaultCreditSpecificationRequest generates a "aws/request.Request" representing the +// client's request for the ModifyDefaultCreditSpecification operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyDefaultCreditSpecification for more information on using the ModifyDefaultCreditSpecification +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyDefaultCreditSpecificationRequest method. +// req, resp := client.ModifyDefaultCreditSpecificationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyDefaultCreditSpecification +func (c *EC2) ModifyDefaultCreditSpecificationRequest(input *ModifyDefaultCreditSpecificationInput) (req *request.Request, output *ModifyDefaultCreditSpecificationOutput) { + op := &request.Operation{ + Name: opModifyDefaultCreditSpecification, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyDefaultCreditSpecificationInput{} + } + + output = &ModifyDefaultCreditSpecificationOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyDefaultCreditSpecification API operation for Amazon Elastic Compute Cloud. +// +// Modifies the default credit option for CPU usage of burstable performance +// instances. The default credit option is set at the account level per AWS +// Region, and is specified per instance family. All new burstable performance +// instances in the account launch using the default credit option. +// +// ModifyDefaultCreditSpecification is an asynchronous operation, which works +// at an AWS Region level and modifies the credit option for each Availability +// Zone. All zones in a Region are updated within five minutes. But if instances +// are launched during this operation, they might not get the new credit option +// until the zone is updated. To verify whether the update has occurred, you +// can call GetDefaultCreditSpecification and check DefaultCreditSpecification +// for updates. +// +// For more information, see Burstable Performance Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyDefaultCreditSpecification for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyDefaultCreditSpecification +func (c *EC2) ModifyDefaultCreditSpecification(input *ModifyDefaultCreditSpecificationInput) (*ModifyDefaultCreditSpecificationOutput, error) { + req, out := c.ModifyDefaultCreditSpecificationRequest(input) + return out, req.Send() +} + +// ModifyDefaultCreditSpecificationWithContext is the same as ModifyDefaultCreditSpecification with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyDefaultCreditSpecification for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyDefaultCreditSpecificationWithContext(ctx aws.Context, input *ModifyDefaultCreditSpecificationInput, opts ...request.Option) (*ModifyDefaultCreditSpecificationOutput, error) { + req, out := c.ModifyDefaultCreditSpecificationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyEbsDefaultKmsKeyId = "ModifyEbsDefaultKmsKeyId" // ModifyEbsDefaultKmsKeyIdRequest generates a "aws/request.Request" representing the @@ -26226,9 +29766,10 @@ func (c *EC2) ModifyEbsDefaultKmsKeyIdRequest(input *ModifyEbsDefaultKmsKeyIdInp // for your account in this Region. // // AWS creates a unique AWS managed CMK in each Region for use with encryption -// by default. If you change the default CMK to a customer managed CMK, it is -// used instead of the AWS managed CMK. To reset the default CMK to the AWS -// managed CMK for EBS, use ResetEbsDefaultKmsKeyId. +// by default. If you change the default CMK to a symmetric customer managed +// CMK, it is used instead of the AWS managed CMK. To reset the default CMK +// to the AWS managed CMK for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does +// not support asymmetric CMKs. // // If you delete or disable the customer managed CMK that you specified for // use with encryption by default, your instances will fail to launch. @@ -26493,6 +30034,10 @@ func (c *EC2) ModifyHostsRequest(input *ModifyHostsInput) (req *request.Request, // no host ID is provided, the instance is launched onto a suitable host with // auto-placement enabled. // +// You can also use this API action to modify a Dedicated Host to support either +// multiple instance types in an instance family, or to support a specific instance +// type only. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -27006,8 +30551,8 @@ func (c *EC2) ModifyInstanceCreditSpecificationRequest(input *ModifyInstanceCred // ModifyInstanceCreditSpecification API operation for Amazon Elastic Compute Cloud. // -// Modifies the credit option for CPU usage on a running or stopped T2 or T3 -// instance. The credit options are standard and unlimited. +// Modifies the credit option for CPU usage on a running or stopped burstable +// performance instance. The credit options are standard and unlimited. // // For more information, see Burstable Performance Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -28562,6 +32107,11 @@ func (c *EC2) ModifyVpcEndpointServiceConfigurationRequest(input *ModifyVpcEndpo // acceptance is required for requests to connect to your endpoint service through // an interface VPC endpoint. // +// If you set or modify the private DNS name, you must prove that you own the +// private DNS domain name. For more information, see VPC Endpoint Service Private +// DNS Name Verification (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html) +// in the Amazon Virtual Private Cloud User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -28932,9 +32482,9 @@ func (c *EC2) ModifyVpnConnectionRequest(input *ModifyVpnConnectionInput) (req * // gateway route table. // // After you perform this operation, the AWS VPN endpoint's IP addresses on -// the AWS side and the tunnel options remain intact. Your s2slong; connection -// will be temporarily unavailable for approximately 10 minutes while we provision -// the new endpoints +// the AWS side and the tunnel options remain intact. Your AWS Site-to-Site +// VPN connection will be temporarily unavailable for a brief period while we +// provision the new endpoints. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29319,9 +32869,10 @@ func (c *EC2) ProvisionByoipCidrRequest(input *ProvisionByoipCidrInput) (req *re // ProvisionByoipCidr API operation for Amazon Elastic Compute Cloud. // -// Provisions an address range for use with your AWS resources through bring -// your own IP addresses (BYOIP) and creates a corresponding address pool. After -// the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr. +// Provisions an IPv4 or IPv6 address range for use with your AWS resources +// through bring your own IP addresses (BYOIP) and creates a corresponding address +// pool. After the address range is provisioned, it is ready to be advertised +// using AdvertiseByoipCidr. // // AWS verifies that you own the address range and are authorized to advertise // it. You must ensure that the address range is registered to you and that @@ -29334,8 +32885,8 @@ func (c *EC2) ProvisionByoipCidrRequest(input *ProvisionByoipCidrInput) (req *re // immediately, but the address range is not ready to use until its status changes // from pending-provision to provisioned. To monitor the status of an address // range, use DescribeByoipCidrs. To allocate an Elastic IP address from your -// address pool, use AllocateAddress with either the specific address from the -// address pool or the ID of the address pool. +// IPv4 address pool, use AllocateAddress with either the specific address from +// the address pool or the ID of the address pool. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29761,20 +33312,23 @@ func (c *EC2) RegisterImageRequest(input *RegisterImageInput) (req *request.Requ // and SUSE Linux Enterprise Server (SLES), use the EC2 billing product code // associated with an AMI to verify the subscription status for package updates. // To create a new AMI for operating systems that require a billing product -// code, do the following: +// code, instead of registering the AMI, do the following to preserve the billing +// product code association: // // Launch an instance from an existing AMI with that billing product code. // // Customize the instance. // -// Create a new AMI from the instance using CreateImage to preserve the billing -// product code association. +// Create an AMI from the instance using CreateImage. // // If you purchase a Reserved Instance to apply to an On-Demand Instance that // was launched from an AMI with a billing product code, make sure that the // Reserved Instance has the matching billing product code. If you purchase // a Reserved Instance without the matching billing product code, the Reserved -// Instance will not be applied to the On-Demand Instance. +// Instance will not be applied to the On-Demand Instance. For information about +// how to obtain the platform details and billing information of an AMI, see +// Obtaining Billing Information (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) +// in the Amazon Elastic Compute Cloud User Guide. // // If needed, you can deregister an AMI at any time. Any modifications you make // to an AMI backed by an instance store volume invalidates its registration. @@ -29809,6 +33363,244 @@ func (c *EC2) RegisterImageWithContext(ctx aws.Context, input *RegisterImageInpu return out, req.Send() } +const opRegisterTransitGatewayMulticastGroupMembers = "RegisterTransitGatewayMulticastGroupMembers" + +// RegisterTransitGatewayMulticastGroupMembersRequest generates a "aws/request.Request" representing the +// client's request for the RegisterTransitGatewayMulticastGroupMembers operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RegisterTransitGatewayMulticastGroupMembers for more information on using the RegisterTransitGatewayMulticastGroupMembers +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RegisterTransitGatewayMulticastGroupMembersRequest method. +// req, resp := client.RegisterTransitGatewayMulticastGroupMembersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterTransitGatewayMulticastGroupMembers +func (c *EC2) RegisterTransitGatewayMulticastGroupMembersRequest(input *RegisterTransitGatewayMulticastGroupMembersInput) (req *request.Request, output *RegisterTransitGatewayMulticastGroupMembersOutput) { + op := &request.Operation{ + Name: opRegisterTransitGatewayMulticastGroupMembers, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RegisterTransitGatewayMulticastGroupMembersInput{} + } + + output = &RegisterTransitGatewayMulticastGroupMembersOutput{} + req = c.newRequest(op, input, output) + return +} + +// RegisterTransitGatewayMulticastGroupMembers API operation for Amazon Elastic Compute Cloud. +// +// Registers members (network interfaces) with the transit gateway multicast +// group. A member is a network interface associated with a supported EC2 instance +// that receives multicast traffic. For information about supported instances, +// see Multicast Consideration (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits) +// in Amazon VPC Transit Gateways. +// +// After you add the members, use SearchTransitGatewayMulticastGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html) +// to verify that the members were added to the transit gateway multicast group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation RegisterTransitGatewayMulticastGroupMembers for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterTransitGatewayMulticastGroupMembers +func (c *EC2) RegisterTransitGatewayMulticastGroupMembers(input *RegisterTransitGatewayMulticastGroupMembersInput) (*RegisterTransitGatewayMulticastGroupMembersOutput, error) { + req, out := c.RegisterTransitGatewayMulticastGroupMembersRequest(input) + return out, req.Send() +} + +// RegisterTransitGatewayMulticastGroupMembersWithContext is the same as RegisterTransitGatewayMulticastGroupMembers with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterTransitGatewayMulticastGroupMembers for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) RegisterTransitGatewayMulticastGroupMembersWithContext(ctx aws.Context, input *RegisterTransitGatewayMulticastGroupMembersInput, opts ...request.Option) (*RegisterTransitGatewayMulticastGroupMembersOutput, error) { + req, out := c.RegisterTransitGatewayMulticastGroupMembersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRegisterTransitGatewayMulticastGroupSources = "RegisterTransitGatewayMulticastGroupSources" + +// RegisterTransitGatewayMulticastGroupSourcesRequest generates a "aws/request.Request" representing the +// client's request for the RegisterTransitGatewayMulticastGroupSources operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RegisterTransitGatewayMulticastGroupSources for more information on using the RegisterTransitGatewayMulticastGroupSources +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RegisterTransitGatewayMulticastGroupSourcesRequest method. +// req, resp := client.RegisterTransitGatewayMulticastGroupSourcesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterTransitGatewayMulticastGroupSources +func (c *EC2) RegisterTransitGatewayMulticastGroupSourcesRequest(input *RegisterTransitGatewayMulticastGroupSourcesInput) (req *request.Request, output *RegisterTransitGatewayMulticastGroupSourcesOutput) { + op := &request.Operation{ + Name: opRegisterTransitGatewayMulticastGroupSources, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RegisterTransitGatewayMulticastGroupSourcesInput{} + } + + output = &RegisterTransitGatewayMulticastGroupSourcesOutput{} + req = c.newRequest(op, input, output) + return +} + +// RegisterTransitGatewayMulticastGroupSources API operation for Amazon Elastic Compute Cloud. +// +// Registers sources (network interfaces) with the specified transit gateway +// multicast group. +// +// A multicast source is a network interface attached to a supported instance +// that sends multicast traffic. For information about supported instances, +// see Multicast Considerations (https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-limits.html#multicast-limits) +// in Amazon VPC Transit Gateways. +// +// After you add the source, use SearchTransitGatewayMulticastGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayMulticastGroups.html) +// to verify that the source was added to the multicast group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation RegisterTransitGatewayMulticastGroupSources for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RegisterTransitGatewayMulticastGroupSources +func (c *EC2) RegisterTransitGatewayMulticastGroupSources(input *RegisterTransitGatewayMulticastGroupSourcesInput) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error) { + req, out := c.RegisterTransitGatewayMulticastGroupSourcesRequest(input) + return out, req.Send() +} + +// RegisterTransitGatewayMulticastGroupSourcesWithContext is the same as RegisterTransitGatewayMulticastGroupSources with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterTransitGatewayMulticastGroupSources for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) RegisterTransitGatewayMulticastGroupSourcesWithContext(ctx aws.Context, input *RegisterTransitGatewayMulticastGroupSourcesInput, opts ...request.Option) (*RegisterTransitGatewayMulticastGroupSourcesOutput, error) { + req, out := c.RegisterTransitGatewayMulticastGroupSourcesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opRejectTransitGatewayPeeringAttachment = "RejectTransitGatewayPeeringAttachment" + +// RejectTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the +// client's request for the RejectTransitGatewayPeeringAttachment operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RejectTransitGatewayPeeringAttachment for more information on using the RejectTransitGatewayPeeringAttachment +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RejectTransitGatewayPeeringAttachmentRequest method. +// req, resp := client.RejectTransitGatewayPeeringAttachmentRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectTransitGatewayPeeringAttachment +func (c *EC2) RejectTransitGatewayPeeringAttachmentRequest(input *RejectTransitGatewayPeeringAttachmentInput) (req *request.Request, output *RejectTransitGatewayPeeringAttachmentOutput) { + op := &request.Operation{ + Name: opRejectTransitGatewayPeeringAttachment, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RejectTransitGatewayPeeringAttachmentInput{} + } + + output = &RejectTransitGatewayPeeringAttachmentOutput{} + req = c.newRequest(op, input, output) + return +} + +// RejectTransitGatewayPeeringAttachment API operation for Amazon Elastic Compute Cloud. +// +// Rejects a transit gateway peering attachment request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation RejectTransitGatewayPeeringAttachment for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectTransitGatewayPeeringAttachment +func (c *EC2) RejectTransitGatewayPeeringAttachment(input *RejectTransitGatewayPeeringAttachmentInput) (*RejectTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.RejectTransitGatewayPeeringAttachmentRequest(input) + return out, req.Send() +} + +// RejectTransitGatewayPeeringAttachmentWithContext is the same as RejectTransitGatewayPeeringAttachment with the addition of +// the ability to pass a context and additional request options. +// +// See RejectTransitGatewayPeeringAttachment for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) RejectTransitGatewayPeeringAttachmentWithContext(ctx aws.Context, input *RejectTransitGatewayPeeringAttachmentInput, opts ...request.Option) (*RejectTransitGatewayPeeringAttachmentOutput, error) { + req, out := c.RejectTransitGatewayPeeringAttachmentRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRejectTransitGatewayVpcAttachment = "RejectTransitGatewayVpcAttachment" // RejectTransitGatewayVpcAttachmentRequest generates a "aws/request.Request" representing the @@ -30497,9 +34289,9 @@ func (c *EC2) ReplaceRouteRequest(input *ReplaceRouteInput) (req *request.Reques // ReplaceRoute API operation for Amazon Elastic Compute Cloud. // // Replaces an existing route within a route table in a VPC. You must provide -// only one of the following: internet gateway or virtual private gateway, NAT -// instance, NAT gateway, VPC peering connection, network interface, or egress-only -// internet gateway. +// only one of the following: internet gateway, virtual private gateway, NAT +// instance, NAT gateway, VPC peering connection, network interface, egress-only +// internet gateway, or transit gateway. // // For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. @@ -30576,15 +34368,15 @@ func (c *EC2) ReplaceRouteTableAssociationRequest(input *ReplaceRouteTableAssoci // ReplaceRouteTableAssociation API operation for Amazon Elastic Compute Cloud. // -// Changes the route table associated with a given subnet in a VPC. After the -// operation completes, the subnet uses the routes in the new route table it's -// associated with. For more information about route tables, see Route Tables -// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) +// Changes the route table associated with a given subnet, internet gateway, +// or virtual private gateway in a VPC. After the operation completes, the subnet +// or gateway uses the routes in the new route table. For more information about +// route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // -// You can also use ReplaceRouteTableAssociation to change which table is the -// main route table in the VPC. You just specify the main route table's association -// ID and the route table to be the new main route table. +// You can also use this operation to change which table is the main route table +// in the VPC. Specify the main route table's association ID and the route table +// ID of the new main route table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -30832,9 +34624,9 @@ func (c *EC2) RequestSpotFleetRequest(input *RequestSpotFleetInput) (req *reques // ensuring that the Spot Instances in your Spot Fleet are in different Spot // pools, you can improve the availability of your fleet. // -// You can specify tags for the Spot Instances. You cannot tag other resource -// types in a Spot Fleet request because only the instance resource type is -// supported. +// You can specify tags for the Spot Fleet request and instances launched by +// the fleet. You cannot tag other resource types in a Spot Fleet request because +// only the spot-fleet-request and instance resource types are supported. // // For more information, see Spot Fleet Requests (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html) // in the Amazon EC2 User Guide for Linux Instances. @@ -31953,6 +35745,271 @@ func (c *EC2) RunScheduledInstancesWithContext(ctx aws.Context, input *RunSchedu return out, req.Send() } +const opSearchLocalGatewayRoutes = "SearchLocalGatewayRoutes" + +// SearchLocalGatewayRoutesRequest generates a "aws/request.Request" representing the +// client's request for the SearchLocalGatewayRoutes operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SearchLocalGatewayRoutes for more information on using the SearchLocalGatewayRoutes +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the SearchLocalGatewayRoutesRequest method. +// req, resp := client.SearchLocalGatewayRoutesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SearchLocalGatewayRoutes +func (c *EC2) SearchLocalGatewayRoutesRequest(input *SearchLocalGatewayRoutesInput) (req *request.Request, output *SearchLocalGatewayRoutesOutput) { + op := &request.Operation{ + Name: opSearchLocalGatewayRoutes, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &SearchLocalGatewayRoutesInput{} + } + + output = &SearchLocalGatewayRoutesOutput{} + req = c.newRequest(op, input, output) + return +} + +// SearchLocalGatewayRoutes API operation for Amazon Elastic Compute Cloud. +// +// Searches for routes in the specified local gateway route table. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation SearchLocalGatewayRoutes for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SearchLocalGatewayRoutes +func (c *EC2) SearchLocalGatewayRoutes(input *SearchLocalGatewayRoutesInput) (*SearchLocalGatewayRoutesOutput, error) { + req, out := c.SearchLocalGatewayRoutesRequest(input) + return out, req.Send() +} + +// SearchLocalGatewayRoutesWithContext is the same as SearchLocalGatewayRoutes with the addition of +// the ability to pass a context and additional request options. +// +// See SearchLocalGatewayRoutes for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) SearchLocalGatewayRoutesWithContext(ctx aws.Context, input *SearchLocalGatewayRoutesInput, opts ...request.Option) (*SearchLocalGatewayRoutesOutput, error) { + req, out := c.SearchLocalGatewayRoutesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// SearchLocalGatewayRoutesPages iterates over the pages of a SearchLocalGatewayRoutes operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See SearchLocalGatewayRoutes method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a SearchLocalGatewayRoutes operation. +// pageNum := 0 +// err := client.SearchLocalGatewayRoutesPages(params, +// func(page *ec2.SearchLocalGatewayRoutesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) SearchLocalGatewayRoutesPages(input *SearchLocalGatewayRoutesInput, fn func(*SearchLocalGatewayRoutesOutput, bool) bool) error { + return c.SearchLocalGatewayRoutesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// SearchLocalGatewayRoutesPagesWithContext same as SearchLocalGatewayRoutesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) SearchLocalGatewayRoutesPagesWithContext(ctx aws.Context, input *SearchLocalGatewayRoutesInput, fn func(*SearchLocalGatewayRoutesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *SearchLocalGatewayRoutesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.SearchLocalGatewayRoutesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*SearchLocalGatewayRoutesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opSearchTransitGatewayMulticastGroups = "SearchTransitGatewayMulticastGroups" + +// SearchTransitGatewayMulticastGroupsRequest generates a "aws/request.Request" representing the +// client's request for the SearchTransitGatewayMulticastGroups operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SearchTransitGatewayMulticastGroups for more information on using the SearchTransitGatewayMulticastGroups +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the SearchTransitGatewayMulticastGroupsRequest method. +// req, resp := client.SearchTransitGatewayMulticastGroupsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SearchTransitGatewayMulticastGroups +func (c *EC2) SearchTransitGatewayMulticastGroupsRequest(input *SearchTransitGatewayMulticastGroupsInput) (req *request.Request, output *SearchTransitGatewayMulticastGroupsOutput) { + op := &request.Operation{ + Name: opSearchTransitGatewayMulticastGroups, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &SearchTransitGatewayMulticastGroupsInput{} + } + + output = &SearchTransitGatewayMulticastGroupsOutput{} + req = c.newRequest(op, input, output) + return +} + +// SearchTransitGatewayMulticastGroups API operation for Amazon Elastic Compute Cloud. +// +// Searches one or more transit gateway multicast groups and returns the group +// membership information. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation SearchTransitGatewayMulticastGroups for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SearchTransitGatewayMulticastGroups +func (c *EC2) SearchTransitGatewayMulticastGroups(input *SearchTransitGatewayMulticastGroupsInput) (*SearchTransitGatewayMulticastGroupsOutput, error) { + req, out := c.SearchTransitGatewayMulticastGroupsRequest(input) + return out, req.Send() +} + +// SearchTransitGatewayMulticastGroupsWithContext is the same as SearchTransitGatewayMulticastGroups with the addition of +// the ability to pass a context and additional request options. +// +// See SearchTransitGatewayMulticastGroups for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) SearchTransitGatewayMulticastGroupsWithContext(ctx aws.Context, input *SearchTransitGatewayMulticastGroupsInput, opts ...request.Option) (*SearchTransitGatewayMulticastGroupsOutput, error) { + req, out := c.SearchTransitGatewayMulticastGroupsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// SearchTransitGatewayMulticastGroupsPages iterates over the pages of a SearchTransitGatewayMulticastGroups operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See SearchTransitGatewayMulticastGroups method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a SearchTransitGatewayMulticastGroups operation. +// pageNum := 0 +// err := client.SearchTransitGatewayMulticastGroupsPages(params, +// func(page *ec2.SearchTransitGatewayMulticastGroupsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) SearchTransitGatewayMulticastGroupsPages(input *SearchTransitGatewayMulticastGroupsInput, fn func(*SearchTransitGatewayMulticastGroupsOutput, bool) bool) error { + return c.SearchTransitGatewayMulticastGroupsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// SearchTransitGatewayMulticastGroupsPagesWithContext same as SearchTransitGatewayMulticastGroupsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) SearchTransitGatewayMulticastGroupsPagesWithContext(ctx aws.Context, input *SearchTransitGatewayMulticastGroupsInput, fn func(*SearchTransitGatewayMulticastGroupsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *SearchTransitGatewayMulticastGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.SearchTransitGatewayMulticastGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*SearchTransitGatewayMulticastGroupsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opSearchTransitGatewayRoutes = "SearchTransitGatewayRoutes" // SearchTransitGatewayRoutesRequest generates a "aws/request.Request" representing the @@ -32215,6 +36272,89 @@ func (c *EC2) StartInstancesWithContext(ctx aws.Context, input *StartInstancesIn return out, req.Send() } +const opStartVpcEndpointServicePrivateDnsVerification = "StartVpcEndpointServicePrivateDnsVerification" + +// StartVpcEndpointServicePrivateDnsVerificationRequest generates a "aws/request.Request" representing the +// client's request for the StartVpcEndpointServicePrivateDnsVerification operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartVpcEndpointServicePrivateDnsVerification for more information on using the StartVpcEndpointServicePrivateDnsVerification +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the StartVpcEndpointServicePrivateDnsVerificationRequest method. +// req, resp := client.StartVpcEndpointServicePrivateDnsVerificationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartVpcEndpointServicePrivateDnsVerification +func (c *EC2) StartVpcEndpointServicePrivateDnsVerificationRequest(input *StartVpcEndpointServicePrivateDnsVerificationInput) (req *request.Request, output *StartVpcEndpointServicePrivateDnsVerificationOutput) { + op := &request.Operation{ + Name: opStartVpcEndpointServicePrivateDnsVerification, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartVpcEndpointServicePrivateDnsVerificationInput{} + } + + output = &StartVpcEndpointServicePrivateDnsVerificationOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartVpcEndpointServicePrivateDnsVerification API operation for Amazon Elastic Compute Cloud. +// +// Initiates the verification process to prove that the service provider owns +// the private DNS name domain for the endpoint service. +// +// The service provider must successfully perform the verification before the +// consumer can use the name to access the service. +// +// Before the service provider runs this command, they must add a record to +// the DNS server. For more information, see Adding a TXT Record to Your Domain's +// DNS Server (https://docs.aws.amazon.com/vpc/latest/userguide/ndpoint-services-dns-validation.html#add-dns-txt-record) +// in the Amazon VPC User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation StartVpcEndpointServicePrivateDnsVerification for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartVpcEndpointServicePrivateDnsVerification +func (c *EC2) StartVpcEndpointServicePrivateDnsVerification(input *StartVpcEndpointServicePrivateDnsVerificationInput) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error) { + req, out := c.StartVpcEndpointServicePrivateDnsVerificationRequest(input) + return out, req.Send() +} + +// StartVpcEndpointServicePrivateDnsVerificationWithContext is the same as StartVpcEndpointServicePrivateDnsVerification with the addition of +// the ability to pass a context and additional request options. +// +// See StartVpcEndpointServicePrivateDnsVerification for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) StartVpcEndpointServicePrivateDnsVerificationWithContext(ctx aws.Context, input *StartVpcEndpointServicePrivateDnsVerificationInput, opts ...request.Option) (*StartVpcEndpointServicePrivateDnsVerificationOutput, error) { + req, out := c.StartVpcEndpointServicePrivateDnsVerificationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opStopInstances = "StopInstances" // StopInstancesRequest generates a "aws/request.Request" representing the @@ -32277,9 +36417,10 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // your Linux instance, Amazon EC2 charges a one-minute minimum for instance // usage, and thereafter charges per second for instance usage. // -// You can't start, stop, or hibernate Spot Instances, and you can't stop or -// hibernate instance store-backed instances. For information about using hibernation -// for Spot Instances, see Hibernating Interrupted Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances) +// You can't stop or hibernate instance store-backed instances. You can't use +// the Stop action to hibernate Spot Instances, but you can specify that Amazon +// EC2 should hibernate Spot Instances when they are interrupted. For more information, +// see Hibernating Interrupted Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances) // in the Amazon Elastic Compute Cloud User Guide. // // When you stop or hibernate an instance, we shut it down. You can restart @@ -32935,8 +37076,7 @@ func (c *EC2) WithdrawByoipCidrRequest(input *WithdrawByoipCidrInput) (req *requ // WithdrawByoipCidr API operation for Amazon Elastic Compute Cloud. // -// Stops advertising an IPv4 address range that is provisioned as an address -// pool. +// Stops advertising an address range that is provisioned as an address pool. // // You can perform this operation at most once every 10 seconds, even if you // specify different address ranges each time. @@ -33068,6 +37208,79 @@ func (s *AcceptReservedInstancesExchangeQuoteOutput) SetExchangeId(v string) *Ac return s } +type AcceptTransitGatewayPeeringAttachmentInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the transit gateway attachment. + // + // TransitGatewayAttachmentId is a required field + TransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s AcceptTransitGatewayPeeringAttachmentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptTransitGatewayPeeringAttachmentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AcceptTransitGatewayPeeringAttachmentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AcceptTransitGatewayPeeringAttachmentInput"} + if s.TransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayAttachmentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *AcceptTransitGatewayPeeringAttachmentInput) SetDryRun(v bool) *AcceptTransitGatewayPeeringAttachmentInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *AcceptTransitGatewayPeeringAttachmentInput) SetTransitGatewayAttachmentId(v string) *AcceptTransitGatewayPeeringAttachmentInput { + s.TransitGatewayAttachmentId = &v + return s +} + +type AcceptTransitGatewayPeeringAttachmentOutput struct { + _ struct{} `type:"structure"` + + // The transit gateway peering attachment. + TransitGatewayPeeringAttachment *TransitGatewayPeeringAttachment `locationName:"transitGatewayPeeringAttachment" type:"structure"` +} + +// String returns the string representation +func (s AcceptTransitGatewayPeeringAttachmentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptTransitGatewayPeeringAttachmentOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayPeeringAttachment sets the TransitGatewayPeeringAttachment field's value. +func (s *AcceptTransitGatewayPeeringAttachmentOutput) SetTransitGatewayPeeringAttachment(v *TransitGatewayPeeringAttachment) *AcceptTransitGatewayPeeringAttachmentOutput { + s.TransitGatewayPeeringAttachment = v + return s +} + type AcceptTransitGatewayVpcAttachmentInput struct { _ struct{} `type:"structure"` @@ -33150,7 +37363,7 @@ type AcceptVpcEndpointConnectionsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The ID of the endpoint service. + // The ID of the VPC endpoint service. // // ServiceId is a required field ServiceId *string `type:"string" required:"true"` @@ -33408,6 +37621,12 @@ type Address struct { // VPC. AssociationId *string `locationName:"associationId" type:"string"` + // The customer-owned IP address. + CustomerOwnedIp *string `locationName:"customerOwnedIp" type:"string"` + + // The ID of the customer-owned address pool. + CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` + // Indicates whether this Elastic IP address is for use with instances in EC2-Classic // (standard) or instances in a VPC (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` @@ -33415,6 +37634,9 @@ type Address struct { // The ID of the instance that the address is associated with (if any). InstanceId *string `locationName:"instanceId" type:"string"` + // The name of the location from which the IP address is advertised. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` @@ -33456,6 +37678,18 @@ func (s *Address) SetAssociationId(v string) *Address { return s } +// SetCustomerOwnedIp sets the CustomerOwnedIp field's value. +func (s *Address) SetCustomerOwnedIp(v string) *Address { + s.CustomerOwnedIp = &v + return s +} + +// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. +func (s *Address) SetCustomerOwnedIpv4Pool(v string) *Address { + s.CustomerOwnedIpv4Pool = &v + return s +} + // SetDomain sets the Domain field's value. func (s *Address) SetDomain(v string) *Address { s.Domain = &v @@ -33468,6 +37702,12 @@ func (s *Address) SetInstanceId(v string) *Address { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *Address) SetNetworkBorderGroup(v string) *Address { + s.NetworkBorderGroup = &v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *Address) SetNetworkInterfaceId(v string) *Address { s.NetworkInterfaceId = &v @@ -33507,8 +37747,8 @@ func (s *Address) SetTags(v []*Tag) *Address { type AdvertiseByoipCidrInput struct { _ struct{} `type:"structure"` - // The IPv4 address range, in CIDR notation. This must be the exact range that - // you provisioned. You can't advertise only a portion of the provisioned range. + // The address range, in CIDR notation. This must be the exact range that you + // provisioned. You can't advertise only a portion of the provisioned range. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -33585,6 +37825,11 @@ type AllocateAddressInput struct { // pool. Address *string `type:"string"` + // The ID of a customer-owned address pool. Use this parameter to let Amazon + // EC2 select an address from the address pool. Alternatively, specify a specific + // address from the address pool. + CustomerOwnedIpv4Pool *string `type:"string"` + // Set to vpc to allocate the address for use with instances in a VPC. // // Default: The address is for use with instances in EC2-Classic. @@ -33596,6 +37841,21 @@ type AllocateAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // The location from which the IP address is advertised. Use this parameter + // to limit the address to this location. + // + // A network border group is a unique set of Availability Zones or Local Zones + // from where AWS advertises IP addresses and limits the addresses to the group. + // IP addresses cannot move between network border groups. + // + // Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) + // to view the network border groups. + // + // You cannot use a network border group with EC2 Classic. If you attempt this + // operation on EC2 classic, you will receive an InvalidParameterCombination + // error. For more information, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + NetworkBorderGroup *string `type:"string"` + // The ID of an address pool that you own. Use this parameter to let Amazon // EC2 select an address from the address pool. To specify a specific address // from the address pool, use the Address parameter instead. @@ -33618,6 +37878,12 @@ func (s *AllocateAddressInput) SetAddress(v string) *AllocateAddressInput { return s } +// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. +func (s *AllocateAddressInput) SetCustomerOwnedIpv4Pool(v string) *AllocateAddressInput { + s.CustomerOwnedIpv4Pool = &v + return s +} + // SetDomain sets the Domain field's value. func (s *AllocateAddressInput) SetDomain(v string) *AllocateAddressInput { s.Domain = &v @@ -33630,6 +37896,12 @@ func (s *AllocateAddressInput) SetDryRun(v bool) *AllocateAddressInput { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *AllocateAddressInput) SetNetworkBorderGroup(v string) *AllocateAddressInput { + s.NetworkBorderGroup = &v + return s +} + // SetPublicIpv4Pool sets the PublicIpv4Pool field's value. func (s *AllocateAddressInput) SetPublicIpv4Pool(v string) *AllocateAddressInput { s.PublicIpv4Pool = &v @@ -33643,10 +37915,19 @@ type AllocateAddressOutput struct { // IP address for use with instances in a VPC. AllocationId *string `locationName:"allocationId" type:"string"` + // The customer-owned IP address. + CustomerOwnedIp *string `locationName:"customerOwnedIp" type:"string"` + + // The ID of the customer-owned address pool. + CustomerOwnedIpv4Pool *string `locationName:"customerOwnedIpv4Pool" type:"string"` + // Indicates whether this Elastic IP address is for use with instances in EC2-Classic // (standard) or instances in a VPC (vpc). Domain *string `locationName:"domain" type:"string" enum:"DomainType"` + // The location from which the IP address is advertised. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + // The Elastic IP address. PublicIp *string `locationName:"publicIp" type:"string"` @@ -33670,12 +37951,30 @@ func (s *AllocateAddressOutput) SetAllocationId(v string) *AllocateAddressOutput return s } +// SetCustomerOwnedIp sets the CustomerOwnedIp field's value. +func (s *AllocateAddressOutput) SetCustomerOwnedIp(v string) *AllocateAddressOutput { + s.CustomerOwnedIp = &v + return s +} + +// SetCustomerOwnedIpv4Pool sets the CustomerOwnedIpv4Pool field's value. +func (s *AllocateAddressOutput) SetCustomerOwnedIpv4Pool(v string) *AllocateAddressOutput { + s.CustomerOwnedIpv4Pool = &v + return s +} + // SetDomain sets the Domain field's value. func (s *AllocateAddressOutput) SetDomain(v string) *AllocateAddressOutput { s.Domain = &v return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *AllocateAddressOutput) SetNetworkBorderGroup(v string) *AllocateAddressOutput { + s.NetworkBorderGroup = &v + return s +} + // SetPublicIp sets the PublicIp field's value. func (s *AllocateAddressOutput) SetPublicIp(v string) *AllocateAddressOutput { s.PublicIp = &v @@ -33717,12 +38016,23 @@ type AllocateHostsInput struct { // Default: off HostRecovery *string `type:"string" enum:"HostRecovery"` - // Specifies the instance type for which to configure your Dedicated Hosts. - // When you specify the instance type, that is the only instance type that you - // can launch onto that host. + // Specifies the instance family to be supported by the Dedicated Hosts. If + // you specify an instance family, the Dedicated Hosts support multiple instance + // types within that instance family. // - // InstanceType is a required field - InstanceType *string `locationName:"instanceType" type:"string" required:"true"` + // If you want the Dedicated Hosts to support a specific instance type only, + // omit this parameter and specify InstanceType instead. You cannot specify + // InstanceFamily and InstanceType in the same request. + InstanceFamily *string `type:"string"` + + // Specifies the instance type to be supported by the Dedicated Hosts. If you + // specify an instance type, the Dedicated Hosts support instances of the specified + // instance type only. + // + // If you want the Dedicated Hosts to support multiple instance types in a specific + // instance family, omit this parameter and specify InstanceFamily instead. + // You cannot specify InstanceType and InstanceFamily in the same request. + InstanceType *string `locationName:"instanceType" type:"string"` // The number of Dedicated Hosts to allocate to your account with these parameters. // @@ -33749,9 +38059,6 @@ func (s *AllocateHostsInput) Validate() error { if s.AvailabilityZone == nil { invalidParams.Add(request.NewErrParamRequired("AvailabilityZone")) } - if s.InstanceType == nil { - invalidParams.Add(request.NewErrParamRequired("InstanceType")) - } if s.Quantity == nil { invalidParams.Add(request.NewErrParamRequired("Quantity")) } @@ -33786,6 +38093,12 @@ func (s *AllocateHostsInput) SetHostRecovery(v string) *AllocateHostsInput { return s } +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *AllocateHostsInput) SetInstanceFamily(v string) *AllocateHostsInput { + s.InstanceFamily = &v + return s +} + // SetInstanceType sets the InstanceType field's value. func (s *AllocateHostsInput) SetInstanceType(v string) *AllocateHostsInput { s.InstanceType = &v @@ -34572,15 +38885,16 @@ type AssociateRouteTableInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // The ID of the internet gateway or virtual private gateway. + GatewayId *string `type:"string"` + // The ID of the route table. // // RouteTableId is a required field RouteTableId *string `locationName:"routeTableId" type:"string" required:"true"` // The ID of the subnet. - // - // SubnetId is a required field - SubnetId *string `locationName:"subnetId" type:"string" required:"true"` + SubnetId *string `locationName:"subnetId" type:"string"` } // String returns the string representation @@ -34599,9 +38913,6 @@ func (s *AssociateRouteTableInput) Validate() error { if s.RouteTableId == nil { invalidParams.Add(request.NewErrParamRequired("RouteTableId")) } - if s.SubnetId == nil { - invalidParams.Add(request.NewErrParamRequired("SubnetId")) - } if invalidParams.Len() > 0 { return invalidParams @@ -34615,6 +38926,12 @@ func (s *AssociateRouteTableInput) SetDryRun(v bool) *AssociateRouteTableInput { return s } +// SetGatewayId sets the GatewayId field's value. +func (s *AssociateRouteTableInput) SetGatewayId(v string) *AssociateRouteTableInput { + s.GatewayId = &v + return s +} + // SetRouteTableId sets the RouteTableId field's value. func (s *AssociateRouteTableInput) SetRouteTableId(v string) *AssociateRouteTableInput { s.RouteTableId = &v @@ -34633,6 +38950,9 @@ type AssociateRouteTableOutput struct { // The route table association ID. This ID is required for disassociating the // route table. AssociationId *string `locationName:"associationId" type:"string"` + + // The state of the association. + AssociationState *RouteTableAssociationState `locationName:"associationState" type:"structure"` } // String returns the string representation @@ -34651,6 +38971,12 @@ func (s *AssociateRouteTableOutput) SetAssociationId(v string) *AssociateRouteTa return s } +// SetAssociationState sets the AssociationState field's value. +func (s *AssociateRouteTableOutput) SetAssociationState(v *RouteTableAssociationState) *AssociateRouteTableOutput { + s.AssociationState = v + return s +} + type AssociateSubnetCidrBlockInput struct { _ struct{} `type:"structure"` @@ -34735,6 +39061,83 @@ func (s *AssociateSubnetCidrBlockOutput) SetSubnetId(v string) *AssociateSubnetC return s } +type AssociateTransitGatewayMulticastDomainInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of the subnets to associate with the transit gateway multicast domain. + SubnetIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway attachment to associate with the transit gateway + // multicast domain. + TransitGatewayAttachmentId *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s AssociateTransitGatewayMulticastDomainInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateTransitGatewayMulticastDomainInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *AssociateTransitGatewayMulticastDomainInput) SetDryRun(v bool) *AssociateTransitGatewayMulticastDomainInput { + s.DryRun = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *AssociateTransitGatewayMulticastDomainInput) SetSubnetIds(v []*string) *AssociateTransitGatewayMulticastDomainInput { + s.SubnetIds = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *AssociateTransitGatewayMulticastDomainInput) SetTransitGatewayAttachmentId(v string) *AssociateTransitGatewayMulticastDomainInput { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *AssociateTransitGatewayMulticastDomainInput) SetTransitGatewayMulticastDomainId(v string) *AssociateTransitGatewayMulticastDomainInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type AssociateTransitGatewayMulticastDomainOutput struct { + _ struct{} `type:"structure"` + + // Information about the transit gateway multicast domain associations. + Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` +} + +// String returns the string representation +func (s AssociateTransitGatewayMulticastDomainOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateTransitGatewayMulticastDomainOutput) GoString() string { + return s.String() +} + +// SetAssociations sets the Associations field's value. +func (s *AssociateTransitGatewayMulticastDomainOutput) SetAssociations(v *TransitGatewayMulticastDomainAssociations) *AssociateTransitGatewayMulticastDomainOutput { + s.Associations = v + return s +} + type AssociateTransitGatewayRouteTableInput struct { _ struct{} `type:"structure"` @@ -34833,6 +39236,23 @@ type AssociateVpcCidrBlockInput struct { // An IPv4 CIDR block to associate with the VPC. CidrBlock *string `type:"string"` + // An IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + // in the request. + // + // To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + Ipv6CidrBlock *string `type:"string"` + + // The name of the location from which we advertise the IPV6 CIDR block. Use + // this parameter to limit the CiDR block to this location. + // + // You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + // + // You can have one IPv6 CIDR block association per network border group. + Ipv6CidrBlockNetworkBorderGroup *string `type:"string"` + + // The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. + Ipv6Pool *string `type:"string"` + // The ID of the VPC. // // VpcId is a required field @@ -34874,6 +39294,24 @@ func (s *AssociateVpcCidrBlockInput) SetCidrBlock(v string) *AssociateVpcCidrBlo return s } +// SetIpv6CidrBlock sets the Ipv6CidrBlock field's value. +func (s *AssociateVpcCidrBlockInput) SetIpv6CidrBlock(v string) *AssociateVpcCidrBlockInput { + s.Ipv6CidrBlock = &v + return s +} + +// SetIpv6CidrBlockNetworkBorderGroup sets the Ipv6CidrBlockNetworkBorderGroup field's value. +func (s *AssociateVpcCidrBlockInput) SetIpv6CidrBlockNetworkBorderGroup(v string) *AssociateVpcCidrBlockInput { + s.Ipv6CidrBlockNetworkBorderGroup = &v + return s +} + +// SetIpv6Pool sets the Ipv6Pool field's value. +func (s *AssociateVpcCidrBlockInput) SetIpv6Pool(v string) *AssociateVpcCidrBlockInput { + s.Ipv6Pool = &v + return s +} + // SetVpcId sets the VpcId field's value. func (s *AssociateVpcCidrBlockInput) SetVpcId(v string) *AssociateVpcCidrBlockInput { s.VpcId = &v @@ -35271,7 +39709,6 @@ func (s *AttachNetworkInterfaceOutput) SetAttachmentId(v string) *AttachNetworkI return s } -// Contains the parameters for AttachVolume. type AttachVolumeInput struct { _ struct{} `type:"structure"` @@ -35974,23 +40411,37 @@ func (s AuthorizeSecurityGroupIngressOutput) GoString() string { return s.String() } -// Describes an Availability Zone. +// Describes an Availability Zone or Local Zone. type AvailabilityZone struct { _ struct{} `type:"structure"` - // Any messages about the Availability Zone. + // For Availability Zones, this parameter has the same value as the Region name. + // + // For Local Zones, the name of the associated group, for example us-west-2-lax-1. + GroupName *string `locationName:"groupName" type:"string"` + + // Any messages about the Availability Zone or Local Zone. Messages []*AvailabilityZoneMessage `locationName:"messageSet" locationNameList:"item" type:"list"` + // The name of the location from which the address is advertised. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` + + // For Availability Zones, this parameter always has the value of opt-in-not-required. + // + // For Local Zones, this parameter is the opt in status. The possible values + // are opted-in, and not-opted-in. + OptInStatus *string `locationName:"optInStatus" type:"string" enum:"AvailabilityZoneOptInStatus"` + // The name of the Region. RegionName *string `locationName:"regionName" type:"string"` - // The state of the Availability Zone. + // The state of the Availability Zone or Local Zone. State *string `locationName:"zoneState" type:"string" enum:"AvailabilityZoneState"` - // The ID of the Availability Zone. + // The ID of the Availability Zone or Local Zone. ZoneId *string `locationName:"zoneId" type:"string"` - // The name of the Availability Zone. + // The name of the Availability Zone or Local Zone. ZoneName *string `locationName:"zoneName" type:"string"` } @@ -36004,12 +40455,30 @@ func (s AvailabilityZone) GoString() string { return s.String() } +// SetGroupName sets the GroupName field's value. +func (s *AvailabilityZone) SetGroupName(v string) *AvailabilityZone { + s.GroupName = &v + return s +} + // SetMessages sets the Messages field's value. func (s *AvailabilityZone) SetMessages(v []*AvailabilityZoneMessage) *AvailabilityZone { s.Messages = v return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *AvailabilityZone) SetNetworkBorderGroup(v string) *AvailabilityZone { + s.NetworkBorderGroup = &v + return s +} + +// SetOptInStatus sets the OptInStatus field's value. +func (s *AvailabilityZone) SetOptInStatus(v string) *AvailabilityZone { + s.OptInStatus = &v + return s +} + // SetRegionName sets the RegionName field's value. func (s *AvailabilityZone) SetRegionName(v string) *AvailabilityZone { s.RegionName = &v @@ -36034,11 +40503,11 @@ func (s *AvailabilityZone) SetZoneName(v string) *AvailabilityZone { return s } -// Describes a message about an Availability Zone. +// Describes a message about an Availability Zone or Local Zone. type AvailabilityZoneMessage struct { _ struct{} `type:"structure"` - // The message about the Availability Zone. + // The message about the Availability Zone or Local Zone. Message *string `locationName:"message" type:"string"` } @@ -36058,14 +40527,19 @@ func (s *AvailabilityZoneMessage) SetMessage(v string) *AvailabilityZoneMessage return s } -// The capacity information for instances launched onto the Dedicated Host. +// The capacity information for instances that can be launched onto the Dedicated +// Host. type AvailableCapacity struct { _ struct{} `type:"structure"` - // The total number of instances supported by the Dedicated Host. + // The number of instances that can be launched onto the Dedicated Host depending + // on the host's available capacity. For Dedicated Hosts that support multiple + // instance types, this parameter represents the number of instances for each + // instance size that is supported on the host. AvailableInstanceCapacity []*InstanceCapacity `locationName:"availableInstanceCapacity" locationNameList:"item" type:"list"` - // The number of vCPUs available on the Dedicated Host. + // The number of vCPUs available for launching instances onto the Dedicated + // Host. AvailableVCpus *int64 `locationName:"availableVCpus" type:"integer"` } @@ -36401,7 +40875,7 @@ func (s *BundleTaskError) SetMessage(v string) *BundleTaskError { type ByoipCidr struct { _ struct{} `type:"structure"` - // The public IPv4 address range, in CIDR notation. + // The address range, in CIDR notation. Cidr *string `locationName:"cidr" type:"string"` // The description of the address range. @@ -37416,6 +41890,96 @@ func (s *CapacityReservation) SetTotalInstanceCount(v int64) *CapacityReservatio return s } +// Describes the strategy for using unused Capacity Reservations for fulfilling +// On-Demand capacity. +// +// This strategy can only be used if the EC2 Fleet is of type instant. +// +// For more information about Capacity Reservations, see On-Demand Capacity +// Reservations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) +// in the Amazon Elastic Compute Cloud User Guide. For examples of using Capacity +// Reservations in an EC2 Fleet, see EC2 Fleet Example Configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) +// in the Amazon Elastic Compute Cloud User Guide. +type CapacityReservationOptions struct { + _ struct{} `type:"structure"` + + // Indicates whether to use unused Capacity Reservations for fulfilling On-Demand + // capacity. + // + // If you specify use-capacity-reservations-first, the fleet uses unused Capacity + // Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. + // If multiple instance pools have unused Capacity Reservations, the On-Demand + // allocation strategy (lowest-price or prioritized) is applied. If the number + // of unused Capacity Reservations is less than the On-Demand target capacity, + // the remaining On-Demand target capacity is launched according to the On-Demand + // allocation strategy (lowest-price or prioritized). + // + // If you do not specify a value, the fleet fulfils the On-Demand capacity according + // to the chosen On-Demand allocation strategy. + UsageStrategy *string `locationName:"usageStrategy" type:"string" enum:"FleetCapacityReservationUsageStrategy"` +} + +// String returns the string representation +func (s CapacityReservationOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CapacityReservationOptions) GoString() string { + return s.String() +} + +// SetUsageStrategy sets the UsageStrategy field's value. +func (s *CapacityReservationOptions) SetUsageStrategy(v string) *CapacityReservationOptions { + s.UsageStrategy = &v + return s +} + +// Describes the strategy for using unused Capacity Reservations for fulfilling +// On-Demand capacity. +// +// This strategy can only be used if the EC2 Fleet is of type instant. +// +// For more information about Capacity Reservations, see On-Demand Capacity +// Reservations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) +// in the Amazon Elastic Compute Cloud User Guide. For examples of using Capacity +// Reservations in an EC2 Fleet, see EC2 Fleet Example Configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) +// in the Amazon Elastic Compute Cloud User Guide. +type CapacityReservationOptionsRequest struct { + _ struct{} `type:"structure"` + + // Indicates whether to use unused Capacity Reservations for fulfilling On-Demand + // capacity. + // + // If you specify use-capacity-reservations-first, the fleet uses unused Capacity + // Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. + // If multiple instance pools have unused Capacity Reservations, the On-Demand + // allocation strategy (lowest-price or prioritized) is applied. If the number + // of unused Capacity Reservations is less than the On-Demand target capacity, + // the remaining On-Demand target capacity is launched according to the On-Demand + // allocation strategy (lowest-price or prioritized). + // + // If you do not specify a value, the fleet fulfils the On-Demand capacity according + // to the chosen On-Demand allocation strategy. + UsageStrategy *string `type:"string" enum:"FleetCapacityReservationUsageStrategy"` +} + +// String returns the string representation +func (s CapacityReservationOptionsRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CapacityReservationOptionsRequest) GoString() string { + return s.String() +} + +// SetUsageStrategy sets the UsageStrategy field's value. +func (s *CapacityReservationOptionsRequest) SetUsageStrategy(v string) *CapacityReservationOptionsRequest { + s.UsageStrategy = &v + return s +} + // Describes an instance's Capacity Reservation targeting option. You can specify // only one parameter at a time. If you specify CapacityReservationPreference // and CapacityReservationTarget, the request fails. @@ -38251,6 +42815,9 @@ type ClientVpnEndpoint struct { // Information about the DNS servers to be used for DNS resolution. DnsServers []*string `locationName:"dnsServer" locationNameList:"item" type:"list"` + // The IDs of the security groups for the target network. + SecurityGroupIds []*string `locationName:"securityGroupIdSet" locationNameList:"item" type:"list"` + // The ARN of the server certificate. ServerCertificateArn *string `locationName:"serverCertificateArn" type:"string"` @@ -38270,6 +42837,12 @@ type ClientVpnEndpoint struct { // The transport protocol used by the Client VPN endpoint. TransportProtocol *string `locationName:"transportProtocol" type:"string" enum:"TransportProtocol"` + // The ID of the VPC. + VpcId *string `locationName:"vpcId" type:"string"` + + // The port number for the Client VPN endpoint. + VpnPort *int64 `locationName:"vpnPort" type:"integer"` + // The protocol used by the VPN session. VpnProtocol *string `locationName:"vpnProtocol" type:"string" enum:"VpnProtocol"` } @@ -38344,6 +42917,12 @@ func (s *ClientVpnEndpoint) SetDnsServers(v []*string) *ClientVpnEndpoint { return s } +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *ClientVpnEndpoint) SetSecurityGroupIds(v []*string) *ClientVpnEndpoint { + s.SecurityGroupIds = v + return s +} + // SetServerCertificateArn sets the ServerCertificateArn field's value. func (s *ClientVpnEndpoint) SetServerCertificateArn(v string) *ClientVpnEndpoint { s.ServerCertificateArn = &v @@ -38374,6 +42953,18 @@ func (s *ClientVpnEndpoint) SetTransportProtocol(v string) *ClientVpnEndpoint { return s } +// SetVpcId sets the VpcId field's value. +func (s *ClientVpnEndpoint) SetVpcId(v string) *ClientVpnEndpoint { + s.VpcId = &v + return s +} + +// SetVpnPort sets the VpnPort field's value. +func (s *ClientVpnEndpoint) SetVpnPort(v int64) *ClientVpnEndpoint { + s.VpnPort = &v + return s +} + // SetVpnProtocol sets the VpnProtocol field's value. func (s *ClientVpnEndpoint) SetVpnProtocol(v string) *ClientVpnEndpoint { s.VpnProtocol = &v @@ -38540,6 +43131,108 @@ func (s *ClientVpnRouteStatus) SetMessage(v string) *ClientVpnRouteStatus { return s } +// Describes address usage for a customer-owned address pool. +type CoipAddressUsage struct { + _ struct{} `type:"structure"` + + // The allocation ID of the address. + AllocationId *string `locationName:"allocationId" type:"string"` + + // The AWS account ID. + AwsAccountId *string `locationName:"awsAccountId" type:"string"` + + // The AWS service. + AwsService *string `locationName:"awsService" type:"string"` + + // The customer-owned IP address. + CoIp *string `locationName:"coIp" type:"string"` +} + +// String returns the string representation +func (s CoipAddressUsage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CoipAddressUsage) GoString() string { + return s.String() +} + +// SetAllocationId sets the AllocationId field's value. +func (s *CoipAddressUsage) SetAllocationId(v string) *CoipAddressUsage { + s.AllocationId = &v + return s +} + +// SetAwsAccountId sets the AwsAccountId field's value. +func (s *CoipAddressUsage) SetAwsAccountId(v string) *CoipAddressUsage { + s.AwsAccountId = &v + return s +} + +// SetAwsService sets the AwsService field's value. +func (s *CoipAddressUsage) SetAwsService(v string) *CoipAddressUsage { + s.AwsService = &v + return s +} + +// SetCoIp sets the CoIp field's value. +func (s *CoipAddressUsage) SetCoIp(v string) *CoipAddressUsage { + s.CoIp = &v + return s +} + +// Describes a customer-owned address pool. +type CoipPool struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The address ranges of the address pool. + PoolCidrs []*string `locationName:"poolCidrSet" locationNameList:"item" type:"list"` + + // The ID of the address pool. + PoolId *string `locationName:"poolId" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CoipPool) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CoipPool) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *CoipPool) SetLocalGatewayRouteTableId(v string) *CoipPool { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetPoolCidrs sets the PoolCidrs field's value. +func (s *CoipPool) SetPoolCidrs(v []*string) *CoipPool { + s.PoolCidrs = v + return s +} + +// SetPoolId sets the PoolId field's value. +func (s *CoipPool) SetPoolId(v string) *CoipPool { + s.PoolId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CoipPool) SetTags(v []*Tag) *CoipPool { + s.Tags = v + return s +} + type ConfirmProductInstanceInput struct { _ struct{} `type:"structure"` @@ -39029,11 +43722,11 @@ type CopyImageInput struct { // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use when creating the encrypted volume. This parameter is only - // required if you want to use a non-default CMK; if this parameter is not specified, - // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted - // flag must also be set. + // An identifier for the symmetric AWS Key Management Service (AWS KMS) customer + // master key (CMK) to use when creating the encrypted volume. This parameter + // is only required if you want to use a non-default CMK; if this parameter + // is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, + // the Encrypted flag must also be set. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". For example: @@ -39052,6 +43745,8 @@ type CopyImageInput struct { // // The specified CMK must exist in the Region that the snapshot is being copied // to. + // + // Amazon EBS does not support asymmetric CMKs. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The name of the new AMI in the destination Region. @@ -39171,7 +43866,6 @@ func (s *CopyImageOutput) SetImageId(v string) *CopyImageOutput { return s } -// Contains the parameters for CopySnapshot. type CopySnapshotInput struct { _ struct{} `type:"structure"` @@ -39247,6 +43941,7 @@ type CopySnapshotInput struct { // SourceSnapshotId is a required field SourceSnapshotId *string `type:"string" required:"true"` + // The tags to apply to the new snapshot. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } @@ -39330,13 +44025,13 @@ func (s *CopySnapshotInput) SetTagSpecifications(v []*TagSpecification) *CopySna return s } -// Contains the output of CopySnapshot. type CopySnapshotOutput struct { _ struct{} `type:"structure"` // The ID of the new snapshot. SnapshotId *string `locationName:"snapshotId" type:"string"` + // Any tags applied to the new snapshot. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } @@ -39721,6 +44416,10 @@ type CreateClientVpnEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The IDs of one or more security groups to apply to the target network. You + // must also specify the ID of the VPC that contains the security groups. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` + // The ARN of the server certificate. For more information, see the AWS Certificate // Manager User Guide (https://docs.aws.amazon.com/acm/latest/userguide/). // @@ -39743,6 +44442,18 @@ type CreateClientVpnEndpointInput struct { // // Default value: udp TransportProtocol *string `type:"string" enum:"TransportProtocol"` + + // The ID of the VPC to associate with the Client VPN endpoint. If no security + // group IDs are specified in the request, the default security group for the + // VPC is applied. + VpcId *string `type:"string"` + + // The port number to assign to the Client VPN endpoint for TCP and UDP traffic. + // + // Valid Values: 443 | 1194 + // + // Default Value: 443 + VpnPort *int64 `type:"integer"` } // String returns the string representation @@ -39819,6 +44530,12 @@ func (s *CreateClientVpnEndpointInput) SetDryRun(v bool) *CreateClientVpnEndpoin return s } +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *CreateClientVpnEndpointInput) SetSecurityGroupIds(v []*string) *CreateClientVpnEndpointInput { + s.SecurityGroupIds = v + return s +} + // SetServerCertificateArn sets the ServerCertificateArn field's value. func (s *CreateClientVpnEndpointInput) SetServerCertificateArn(v string) *CreateClientVpnEndpointInput { s.ServerCertificateArn = &v @@ -39843,6 +44560,18 @@ func (s *CreateClientVpnEndpointInput) SetTransportProtocol(v string) *CreateCli return s } +// SetVpcId sets the VpcId field's value. +func (s *CreateClientVpnEndpointInput) SetVpcId(v string) *CreateClientVpnEndpointInput { + s.VpcId = &v + return s +} + +// SetVpnPort sets the VpnPort field's value. +func (s *CreateClientVpnEndpointInput) SetVpnPort(v int64) *CreateClientVpnEndpointInput { + s.VpnPort = &v + return s +} + type CreateClientVpnEndpointOutput struct { _ struct{} `type:"structure"` @@ -40433,12 +45162,12 @@ type CreateFleetError struct { ErrorCode *string `locationName:"errorCode" type:"string"` // The error message that describes why the instance could not be launched. - // For more information about error messages, see ee Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). + // For more information about error messages, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). ErrorMessage *string `locationName:"errorMessage" type:"string"` // The launch templates and overrides that were used for launching the instances. - // Any parameters that you specify in the Overrides override the same parameters - // in the launch template. + // The values that you specify in the Overrides replace the values in the launch + // template. LaunchTemplateAndOverrides *LaunchTemplateAndOverridesResponse `locationName:"launchTemplateAndOverrides" type:"structure"` // Indicates if the instance that could not be launched was a Spot Instance @@ -40483,8 +45212,8 @@ func (s *CreateFleetError) SetLifecycle(v string) *CreateFleetError { type CreateFleetInput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -40677,15 +45406,15 @@ type CreateFleetInstance struct { InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // The launch templates and overrides that were used for launching the instances. - // Any parameters that you specify in the Overrides override the same parameters - // in the launch template. + // The values that you specify in the Overrides replace the values in the launch + // template. LaunchTemplateAndOverrides *LaunchTemplateAndOverridesResponse `locationName:"launchTemplateAndOverrides" type:"structure"` // Indicates if the instance that was launched is a Spot Instance or On-Demand // Instance. Lifecycle *string `locationName:"lifecycle" type:"string" enum:"InstanceLifecycle"` - // The value is Windows for Windows instances; otherwise blank. + // The value is Windows for Windows instances. Otherwise, the value is blank. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` } @@ -40798,7 +45527,9 @@ type CreateFlowLogsInput struct { // for LogDestinationType. // // If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon - // Resource Name (ARN) of the CloudWatch Logs log group. + // Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish + // to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. + // Alternatively, use LogGroupName instead. // // If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You // can also specify a subfolder in the bucket. To specify a subfolder in the @@ -40837,6 +45568,17 @@ type CreateFlowLogsInput struct { // or LogGroupName. LogGroupName *string `type:"string"` + // The maximum interval of time during which a flow of packets is captured and + // aggregated into a flow log record. You can specify 60 seconds (1 minute) + // or 600 seconds (10 minutes). + // + // When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + // the aggregation interval is always 60 seconds or less, regardless of the + // value that you specify. + // + // Default: 600 + MaxAggregationInterval *int64 `type:"integer"` + // The ID of the subnet, network interface, or VPC for which you want to create // a flow log. // @@ -40851,6 +45593,9 @@ type CreateFlowLogsInput struct { // ResourceType is a required field ResourceType *string `type:"string" required:"true" enum:"FlowLogsResourceType"` + // The tags to apply to the flow logs. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The type of traffic to log. You can log traffic that the resource accepts // or rejects, or all traffic. // @@ -40929,6 +45674,12 @@ func (s *CreateFlowLogsInput) SetLogGroupName(v string) *CreateFlowLogsInput { return s } +// SetMaxAggregationInterval sets the MaxAggregationInterval field's value. +func (s *CreateFlowLogsInput) SetMaxAggregationInterval(v int64) *CreateFlowLogsInput { + s.MaxAggregationInterval = &v + return s +} + // SetResourceIds sets the ResourceIds field's value. func (s *CreateFlowLogsInput) SetResourceIds(v []*string) *CreateFlowLogsInput { s.ResourceIds = v @@ -40941,6 +45692,12 @@ func (s *CreateFlowLogsInput) SetResourceType(v string) *CreateFlowLogsInput { return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateFlowLogsInput) SetTagSpecifications(v []*TagSpecification) *CreateFlowLogsInput { + s.TagSpecifications = v + return s +} + // SetTrafficType sets the TrafficType field's value. func (s *CreateFlowLogsInput) SetTrafficType(v string) *CreateFlowLogsInput { s.TrafficType = &v @@ -41443,6 +46200,9 @@ type CreateKeyPairOutput struct { // The name of the key pair. KeyName *string `locationName:"keyName" type:"string"` + + // The ID of the key pair. + KeyPairId *string `locationName:"keyPairId" type:"string"` } // String returns the string representation @@ -41473,6 +46233,12 @@ func (s *CreateKeyPairOutput) SetKeyName(v string) *CreateKeyPairOutput { return s } +// SetKeyPairId sets the KeyPairId field's value. +func (s *CreateKeyPairOutput) SetKeyPairId(v string) *CreateKeyPairOutput { + s.KeyPairId = &v + return s +} + type CreateLaunchTemplateInput struct { _ struct{} `type:"structure"` @@ -41733,6 +46499,195 @@ func (s *CreateLaunchTemplateVersionOutput) SetLaunchTemplateVersion(v *LaunchTe return s } +type CreateLocalGatewayRouteInput struct { + _ struct{} `type:"structure"` + + // The CIDR range used for destination matches. Routing decisions are based + // on the most specific match. + // + // DestinationCidrBlock is a required field + DestinationCidrBlock *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the local gateway route table. + // + // LocalGatewayRouteTableId is a required field + LocalGatewayRouteTableId *string `type:"string" required:"true"` + + // The ID of the virtual interface group. + // + // LocalGatewayVirtualInterfaceGroupId is a required field + LocalGatewayVirtualInterfaceGroupId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateLocalGatewayRouteInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateLocalGatewayRouteInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateLocalGatewayRouteInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLocalGatewayRouteInput"} + if s.DestinationCidrBlock == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationCidrBlock")) + } + if s.LocalGatewayRouteTableId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayRouteTableId")) + } + if s.LocalGatewayVirtualInterfaceGroupId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayVirtualInterfaceGroupId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *CreateLocalGatewayRouteInput) SetDestinationCidrBlock(v string) *CreateLocalGatewayRouteInput { + s.DestinationCidrBlock = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateLocalGatewayRouteInput) SetDryRun(v bool) *CreateLocalGatewayRouteInput { + s.DryRun = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *CreateLocalGatewayRouteInput) SetLocalGatewayRouteTableId(v string) *CreateLocalGatewayRouteInput { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceGroupId sets the LocalGatewayVirtualInterfaceGroupId field's value. +func (s *CreateLocalGatewayRouteInput) SetLocalGatewayVirtualInterfaceGroupId(v string) *CreateLocalGatewayRouteInput { + s.LocalGatewayVirtualInterfaceGroupId = &v + return s +} + +type CreateLocalGatewayRouteOutput struct { + _ struct{} `type:"structure"` + + // Information about the route. + Route *LocalGatewayRoute `locationName:"route" type:"structure"` +} + +// String returns the string representation +func (s CreateLocalGatewayRouteOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateLocalGatewayRouteOutput) GoString() string { + return s.String() +} + +// SetRoute sets the Route field's value. +func (s *CreateLocalGatewayRouteOutput) SetRoute(v *LocalGatewayRoute) *CreateLocalGatewayRouteOutput { + s.Route = v + return s +} + +type CreateLocalGatewayRouteTableVpcAssociationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the local gateway route table. + // + // LocalGatewayRouteTableId is a required field + LocalGatewayRouteTableId *string `type:"string" required:"true"` + + // The ID of the VPC. + // + // VpcId is a required field + VpcId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateLocalGatewayRouteTableVpcAssociationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateLocalGatewayRouteTableVpcAssociationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateLocalGatewayRouteTableVpcAssociationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateLocalGatewayRouteTableVpcAssociationInput"} + if s.LocalGatewayRouteTableId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayRouteTableId")) + } + if s.VpcId == nil { + invalidParams.Add(request.NewErrParamRequired("VpcId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateLocalGatewayRouteTableVpcAssociationInput) SetDryRun(v bool) *CreateLocalGatewayRouteTableVpcAssociationInput { + s.DryRun = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *CreateLocalGatewayRouteTableVpcAssociationInput) SetLocalGatewayRouteTableId(v string) *CreateLocalGatewayRouteTableVpcAssociationInput { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *CreateLocalGatewayRouteTableVpcAssociationInput) SetVpcId(v string) *CreateLocalGatewayRouteTableVpcAssociationInput { + s.VpcId = &v + return s +} + +type CreateLocalGatewayRouteTableVpcAssociationOutput struct { + _ struct{} `type:"structure"` + + // Information about the association. + LocalGatewayRouteTableVpcAssociation *LocalGatewayRouteTableVpcAssociation `locationName:"localGatewayRouteTableVpcAssociation" type:"structure"` +} + +// String returns the string representation +func (s CreateLocalGatewayRouteTableVpcAssociationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateLocalGatewayRouteTableVpcAssociationOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTableVpcAssociation sets the LocalGatewayRouteTableVpcAssociation field's value. +func (s *CreateLocalGatewayRouteTableVpcAssociationOutput) SetLocalGatewayRouteTableVpcAssociation(v *LocalGatewayRouteTableVpcAssociation) *CreateLocalGatewayRouteTableVpcAssociationOutput { + s.LocalGatewayRouteTableVpcAssociation = v + return s +} + type CreateNatGatewayInput struct { _ struct{} `type:"structure"` @@ -41747,12 +46702,21 @@ type CreateNatGatewayInput struct { // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraint: Maximum 64 ASCII characters. - ClientToken *string `type:"string"` + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` // The subnet in which to create the NAT gateway. // // SubnetId is a required field SubnetId *string `type:"string" required:"true"` + + // The tags to assign to the NAT gateway. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } // String returns the string representation @@ -41793,12 +46757,24 @@ func (s *CreateNatGatewayInput) SetClientToken(v string) *CreateNatGatewayInput return s } +// SetDryRun sets the DryRun field's value. +func (s *CreateNatGatewayInput) SetDryRun(v bool) *CreateNatGatewayInput { + s.DryRun = &v + return s +} + // SetSubnetId sets the SubnetId field's value. func (s *CreateNatGatewayInput) SetSubnetId(v string) *CreateNatGatewayInput { s.SubnetId = &v return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateNatGatewayInput) SetTagSpecifications(v []*TagSpecification) *CreateNatGatewayInput { + s.TagSpecifications = v + return s +} + type CreateNatGatewayOutput struct { _ struct{} `type:"structure"` @@ -42556,6 +47532,9 @@ type CreateRouteInput struct { // an instance ID unless exactly one network interface is attached. InstanceId *string `locationName:"instanceId" type:"string"` + // The ID of the local gateway. + LocalGatewayId *string `type:"string"` + // [IPv4 traffic only] The ID of a NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` @@ -42633,6 +47612,12 @@ func (s *CreateRouteInput) SetInstanceId(v string) *CreateRouteInput { return s } +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *CreateRouteInput) SetLocalGatewayId(v string) *CreateRouteInput { + s.LocalGatewayId = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *CreateRouteInput) SetNatGatewayId(v string) *CreateRouteInput { s.NatGatewayId = &v @@ -42867,7 +47852,6 @@ func (s *CreateSecurityGroupOutput) SetGroupId(v string) *CreateSecurityGroupOut return s } -// Contains the parameters for CreateSnapshot. type CreateSnapshotInput struct { _ struct{} `type:"structure"` @@ -42945,9 +47929,10 @@ type CreateSnapshotsInput struct { // A description propagated to every snapshot specified by the instance. Description *string `type:"string"` - // Checks whether you have the required permissions for the action without actually - // making the request. Provides an error response. If you have the required - // permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` // The instance to specify which volumes should be included in the snapshots. @@ -43122,13 +48107,18 @@ func (s *CreateSpotDatafeedSubscriptionOutput) SetSpotDatafeedSubscription(v *Sp type CreateSubnetInput struct { _ struct{} `type:"structure"` - // The Availability Zone for the subnet. + // The Availability Zone or Local Zone for the subnet. // // Default: AWS selects one for you. If you create more than one subnet in your - // VPC, we may not necessarily select a different zone for each subnet. + // VPC, we do not necessarily select a different zone for each subnet. + // + // To create a subnet in a Local Zone, set this value to the Local Zone ID, + // for example us-west-2-lax-1a. For information about the Regions that support + // Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) + // in the Amazon Elastic Compute Cloud User Guide. AvailabilityZone *string `type:"string"` - // The AZ ID of the subnet. + // The AZ ID or the Local Zone ID of the subnet. AvailabilityZoneId *string `type:"string"` // The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. @@ -43146,6 +48136,9 @@ type CreateSubnetInput struct { // must use a /64 prefix length. Ipv6CidrBlock *string `type:"string"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `type:"string"` + // The ID of the VPC. // // VpcId is a required field @@ -43208,6 +48201,12 @@ func (s *CreateSubnetInput) SetIpv6CidrBlock(v string) *CreateSubnetInput { return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *CreateSubnetInput) SetOutpostArn(v string) *CreateSubnetInput { + s.OutpostArn = &v + return s +} + // SetVpcId sets the VpcId field's value. func (s *CreateSubnetInput) SetVpcId(v string) *CreateSubnetInput { s.VpcId = &v @@ -43955,6 +48954,88 @@ func (s *CreateTransitGatewayInput) SetTagSpecifications(v []*TagSpecification) return s } +type CreateTransitGatewayMulticastDomainInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The tags for the transit gateway multicast domain. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the transit gateway. + // + // TransitGatewayId is a required field + TransitGatewayId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateTransitGatewayMulticastDomainInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayMulticastDomainInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTransitGatewayMulticastDomainInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTransitGatewayMulticastDomainInput"} + if s.TransitGatewayId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTransitGatewayMulticastDomainInput) SetDryRun(v bool) *CreateTransitGatewayMulticastDomainInput { + s.DryRun = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTransitGatewayMulticastDomainInput) SetTagSpecifications(v []*TagSpecification) *CreateTransitGatewayMulticastDomainInput { + s.TagSpecifications = v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *CreateTransitGatewayMulticastDomainInput) SetTransitGatewayId(v string) *CreateTransitGatewayMulticastDomainInput { + s.TransitGatewayId = &v + return s +} + +type CreateTransitGatewayMulticastDomainOutput struct { + _ struct{} `type:"structure"` + + // Information about the transit gateway multicast domain. + TransitGatewayMulticastDomain *TransitGatewayMulticastDomain `locationName:"transitGatewayMulticastDomain" type:"structure"` +} + +// String returns the string representation +func (s CreateTransitGatewayMulticastDomainOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayMulticastDomainOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayMulticastDomain sets the TransitGatewayMulticastDomain field's value. +func (s *CreateTransitGatewayMulticastDomainOutput) SetTransitGatewayMulticastDomain(v *TransitGatewayMulticastDomain) *CreateTransitGatewayMulticastDomainOutput { + s.TransitGatewayMulticastDomain = v + return s +} + type CreateTransitGatewayOutput struct { _ struct{} `type:"structure"` @@ -43978,6 +49059,130 @@ func (s *CreateTransitGatewayOutput) SetTransitGateway(v *TransitGateway) *Creat return s } +type CreateTransitGatewayPeeringAttachmentInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The AWS account ID of the owner of the peer transit gateway. + // + // PeerAccountId is a required field + PeerAccountId *string `type:"string" required:"true"` + + // The Region where the peer transit gateway is located. + // + // PeerRegion is a required field + PeerRegion *string `type:"string" required:"true"` + + // The ID of the peer transit gateway with which to create the peering attachment. + // + // PeerTransitGatewayId is a required field + PeerTransitGatewayId *string `type:"string" required:"true"` + + // The tags to apply to the transit gateway peering attachment. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the transit gateway. + // + // TransitGatewayId is a required field + TransitGatewayId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateTransitGatewayPeeringAttachmentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayPeeringAttachmentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTransitGatewayPeeringAttachmentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTransitGatewayPeeringAttachmentInput"} + if s.PeerAccountId == nil { + invalidParams.Add(request.NewErrParamRequired("PeerAccountId")) + } + if s.PeerRegion == nil { + invalidParams.Add(request.NewErrParamRequired("PeerRegion")) + } + if s.PeerTransitGatewayId == nil { + invalidParams.Add(request.NewErrParamRequired("PeerTransitGatewayId")) + } + if s.TransitGatewayId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetDryRun(v bool) *CreateTransitGatewayPeeringAttachmentInput { + s.DryRun = &v + return s +} + +// SetPeerAccountId sets the PeerAccountId field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetPeerAccountId(v string) *CreateTransitGatewayPeeringAttachmentInput { + s.PeerAccountId = &v + return s +} + +// SetPeerRegion sets the PeerRegion field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetPeerRegion(v string) *CreateTransitGatewayPeeringAttachmentInput { + s.PeerRegion = &v + return s +} + +// SetPeerTransitGatewayId sets the PeerTransitGatewayId field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetPeerTransitGatewayId(v string) *CreateTransitGatewayPeeringAttachmentInput { + s.PeerTransitGatewayId = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetTagSpecifications(v []*TagSpecification) *CreateTransitGatewayPeeringAttachmentInput { + s.TagSpecifications = v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *CreateTransitGatewayPeeringAttachmentInput) SetTransitGatewayId(v string) *CreateTransitGatewayPeeringAttachmentInput { + s.TransitGatewayId = &v + return s +} + +type CreateTransitGatewayPeeringAttachmentOutput struct { + _ struct{} `type:"structure"` + + // The transit gateway peering attachment. + TransitGatewayPeeringAttachment *TransitGatewayPeeringAttachment `locationName:"transitGatewayPeeringAttachment" type:"structure"` +} + +// String returns the string representation +func (s CreateTransitGatewayPeeringAttachmentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayPeeringAttachmentOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayPeeringAttachment sets the TransitGatewayPeeringAttachment field's value. +func (s *CreateTransitGatewayPeeringAttachmentOutput) SetTransitGatewayPeeringAttachment(v *TransitGatewayPeeringAttachment) *CreateTransitGatewayPeeringAttachmentOutput { + s.TransitGatewayPeeringAttachment = v + return s +} + type CreateTransitGatewayRouteInput struct { _ struct{} `type:"structure"` @@ -44321,7 +49526,6 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Contains the parameters for CreateVolume. type CreateVolumeInput struct { _ struct{} `type:"structure"` @@ -44377,7 +49581,18 @@ type CreateVolumeInput struct { // fails. KmsKeyId *string `type:"string"` - // The size of the volume, in GiBs. + // Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, + // you can attach the volume to up to 16 Nitro-based instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) + // in the same Availability Zone. For more information, see Amazon EBS Multi-Attach + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html) + // in the Amazon Elastic Compute Cloud User Guide. + MultiAttachEnabled *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `type:"string"` + + // The size of the volume, in GiBs. You must specify either a snapshot ID or + // a volume size. // // Constraints: 1-16,384 for gp2, 4-16,384 for io1, 500-16,384 for st1, 500-16,384 // for sc1, and 1-1,024 for standard. If you specify a snapshot, the volume @@ -44385,13 +49600,10 @@ type CreateVolumeInput struct { // // Default: If you're creating the volume from a snapshot and don't specify // a volume size, the default is the snapshot size. - // - // At least one of Size or SnapshotId is required. Size *int64 `type:"integer"` - // The snapshot from which to create the volume. - // - // At least one of Size or SnapshotId are required. + // The snapshot from which to create the volume. You must specify either a snapshot + // ID or a volume size. SnapshotId *string `type:"string"` // The tags to apply to the volume during creation. @@ -44458,6 +49670,18 @@ func (s *CreateVolumeInput) SetKmsKeyId(v string) *CreateVolumeInput { return s } +// SetMultiAttachEnabled sets the MultiAttachEnabled field's value. +func (s *CreateVolumeInput) SetMultiAttachEnabled(v bool) *CreateVolumeInput { + s.MultiAttachEnabled = &v + return s +} + +// SetOutpostArn sets the OutpostArn field's value. +func (s *CreateVolumeInput) SetOutpostArn(v string) *CreateVolumeInput { + s.OutpostArn = &v + return s +} + // SetSize sets the Size field's value. func (s *CreateVolumeInput) SetSize(v int64) *CreateVolumeInput { s.Size = &v @@ -44552,8 +49776,8 @@ func (s *CreateVolumePermissionModifications) SetRemove(v []*CreateVolumePermiss type CreateVpcEndpointConnectionNotificationInput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // One or more endpoint events for which to receive notifications. Valid values @@ -44645,8 +49869,8 @@ func (s *CreateVpcEndpointConnectionNotificationInput) SetVpcEndpointId(v string type CreateVpcEndpointConnectionNotificationOutput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. ClientToken *string `locationName:"clientToken" type:"string"` // Information about the notification. @@ -44679,8 +49903,8 @@ func (s *CreateVpcEndpointConnectionNotificationOutput) SetConnectionNotificatio type CreateVpcEndpointInput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -44694,10 +49918,10 @@ type CreateVpcEndpointInput struct { // we attach a default policy that allows full access to the service. PolicyDocument *string `type:"string"` - // (Interface endpoint) Indicate whether to associate a private hosted zone + // (Interface endpoint) Indicates whether to associate a private hosted zone // with the specified VPC. The private hosted zone contains a record set for // the default public DNS name for the service for the Region (for example, - // kinesis.us-east-1.amazonaws.com) which resolves to the private IP addresses + // kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses // of the endpoint network interfaces in the VPC. This enables you to make requests // to the default public DNS name for the service instead of the public DNS // names that are automatically generated by the VPC endpoint service. @@ -44726,6 +49950,9 @@ type CreateVpcEndpointInput struct { // endpoint network interface. SubnetIds []*string `locationName:"SubnetId" locationNameList:"item" type:"list"` + // The tags to associate with the endpoint. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The type of endpoint. // // Default: Gateway @@ -44811,6 +50038,12 @@ func (s *CreateVpcEndpointInput) SetSubnetIds(v []*string) *CreateVpcEndpointInp return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVpcEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateVpcEndpointInput { + s.TagSpecifications = v + return s +} + // SetVpcEndpointType sets the VpcEndpointType field's value. func (s *CreateVpcEndpointInput) SetVpcEndpointType(v string) *CreateVpcEndpointInput { s.VpcEndpointType = &v @@ -44827,8 +50060,8 @@ func (s *CreateVpcEndpointInput) SetVpcId(v string) *CreateVpcEndpointInput { type CreateVpcEndpointOutput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. ClientToken *string `locationName:"clientToken" type:"string"` // Information about the endpoint. @@ -44860,12 +50093,12 @@ func (s *CreateVpcEndpointOutput) SetVpcEndpoint(v *VpcEndpoint) *CreateVpcEndpo type CreateVpcEndpointServiceConfigurationInput struct { _ struct{} `type:"structure"` - // Indicate whether requests from service consumers to create an endpoint to + // Indicates whether requests from service consumers to create an endpoint to // your service must be accepted. To accept a request, use AcceptVpcEndpointConnections. AcceptanceRequired *bool `type:"boolean"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -44879,6 +50112,12 @@ type CreateVpcEndpointServiceConfigurationInput struct { // // NetworkLoadBalancerArns is a required field NetworkLoadBalancerArns []*string `locationName:"NetworkLoadBalancerArn" locationNameList:"item" type:"list" required:"true"` + + // The private DNS name to assign to the VPC endpoint service. + PrivateDnsName *string `type:"string"` + + // The tags to associate with the service. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } // String returns the string representation @@ -44928,11 +50167,23 @@ func (s *CreateVpcEndpointServiceConfigurationInput) SetNetworkLoadBalancerArns( return s } +// SetPrivateDnsName sets the PrivateDnsName field's value. +func (s *CreateVpcEndpointServiceConfigurationInput) SetPrivateDnsName(v string) *CreateVpcEndpointServiceConfigurationInput { + s.PrivateDnsName = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateVpcEndpointServiceConfigurationInput) SetTagSpecifications(v []*TagSpecification) *CreateVpcEndpointServiceConfigurationInput { + s.TagSpecifications = v + return s +} + type CreateVpcEndpointServiceConfigurationOutput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. ClientToken *string `locationName:"clientToken" type:"string"` // Information about the service configuration. @@ -44991,6 +50242,21 @@ type CreateVpcInput struct { // // Default: default InstanceTenancy *string `locationName:"instanceTenancy" type:"string" enum:"Tenancy"` + + // The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + // in the request. + // + // To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + Ipv6CidrBlock *string `type:"string"` + + // The name of the location from which we advertise the IPV6 CIDR block. Use + // this parameter to limit the address to this location. + // + // You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + Ipv6CidrBlockNetworkBorderGroup *string `type:"string"` + + // The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block. + Ipv6Pool *string `type:"string"` } // String returns the string representation @@ -45040,6 +50306,24 @@ func (s *CreateVpcInput) SetInstanceTenancy(v string) *CreateVpcInput { return s } +// SetIpv6CidrBlock sets the Ipv6CidrBlock field's value. +func (s *CreateVpcInput) SetIpv6CidrBlock(v string) *CreateVpcInput { + s.Ipv6CidrBlock = &v + return s +} + +// SetIpv6CidrBlockNetworkBorderGroup sets the Ipv6CidrBlockNetworkBorderGroup field's value. +func (s *CreateVpcInput) SetIpv6CidrBlockNetworkBorderGroup(v string) *CreateVpcInput { + s.Ipv6CidrBlockNetworkBorderGroup = &v + return s +} + +// SetIpv6Pool sets the Ipv6Pool field's value. +func (s *CreateVpcInput) SetIpv6Pool(v string) *CreateVpcInput { + s.Ipv6Pool = &v + return s +} + type CreateVpcOutput struct { _ struct{} `type:"structure"` @@ -46722,9 +52006,175 @@ func (s *DeleteLaunchTemplateVersionsResponseSuccessItem) SetVersionNumber(v int return s } +type DeleteLocalGatewayRouteInput struct { + _ struct{} `type:"structure"` + + // The CIDR range for the route. This must match the CIDR for the route exactly. + // + // DestinationCidrBlock is a required field + DestinationCidrBlock *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the local gateway route table. + // + // LocalGatewayRouteTableId is a required field + LocalGatewayRouteTableId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteLocalGatewayRouteInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteLocalGatewayRouteInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteLocalGatewayRouteInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLocalGatewayRouteInput"} + if s.DestinationCidrBlock == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationCidrBlock")) + } + if s.LocalGatewayRouteTableId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayRouteTableId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *DeleteLocalGatewayRouteInput) SetDestinationCidrBlock(v string) *DeleteLocalGatewayRouteInput { + s.DestinationCidrBlock = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteLocalGatewayRouteInput) SetDryRun(v bool) *DeleteLocalGatewayRouteInput { + s.DryRun = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *DeleteLocalGatewayRouteInput) SetLocalGatewayRouteTableId(v string) *DeleteLocalGatewayRouteInput { + s.LocalGatewayRouteTableId = &v + return s +} + +type DeleteLocalGatewayRouteOutput struct { + _ struct{} `type:"structure"` + + // Information about the route. + Route *LocalGatewayRoute `locationName:"route" type:"structure"` +} + +// String returns the string representation +func (s DeleteLocalGatewayRouteOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteLocalGatewayRouteOutput) GoString() string { + return s.String() +} + +// SetRoute sets the Route field's value. +func (s *DeleteLocalGatewayRouteOutput) SetRoute(v *LocalGatewayRoute) *DeleteLocalGatewayRouteOutput { + s.Route = v + return s +} + +type DeleteLocalGatewayRouteTableVpcAssociationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the association. + // + // LocalGatewayRouteTableVpcAssociationId is a required field + LocalGatewayRouteTableVpcAssociationId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteLocalGatewayRouteTableVpcAssociationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteLocalGatewayRouteTableVpcAssociationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteLocalGatewayRouteTableVpcAssociationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteLocalGatewayRouteTableVpcAssociationInput"} + if s.LocalGatewayRouteTableVpcAssociationId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayRouteTableVpcAssociationId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteLocalGatewayRouteTableVpcAssociationInput) SetDryRun(v bool) *DeleteLocalGatewayRouteTableVpcAssociationInput { + s.DryRun = &v + return s +} + +// SetLocalGatewayRouteTableVpcAssociationId sets the LocalGatewayRouteTableVpcAssociationId field's value. +func (s *DeleteLocalGatewayRouteTableVpcAssociationInput) SetLocalGatewayRouteTableVpcAssociationId(v string) *DeleteLocalGatewayRouteTableVpcAssociationInput { + s.LocalGatewayRouteTableVpcAssociationId = &v + return s +} + +type DeleteLocalGatewayRouteTableVpcAssociationOutput struct { + _ struct{} `type:"structure"` + + // Information about the association. + LocalGatewayRouteTableVpcAssociation *LocalGatewayRouteTableVpcAssociation `locationName:"localGatewayRouteTableVpcAssociation" type:"structure"` +} + +// String returns the string representation +func (s DeleteLocalGatewayRouteTableVpcAssociationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteLocalGatewayRouteTableVpcAssociationOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTableVpcAssociation sets the LocalGatewayRouteTableVpcAssociation field's value. +func (s *DeleteLocalGatewayRouteTableVpcAssociationOutput) SetLocalGatewayRouteTableVpcAssociation(v *LocalGatewayRouteTableVpcAssociation) *DeleteLocalGatewayRouteTableVpcAssociationOutput { + s.LocalGatewayRouteTableVpcAssociation = v + return s +} + type DeleteNatGatewayInput struct { _ struct{} `type:"structure"` + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + // The ID of the NAT gateway. // // NatGatewayId is a required field @@ -46754,6 +52204,12 @@ func (s *DeleteNatGatewayInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *DeleteNatGatewayInput) SetDryRun(v bool) *DeleteNatGatewayInput { + s.DryRun = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *DeleteNatGatewayInput) SetNatGatewayId(v string) *DeleteNatGatewayInput { s.NatGatewayId = &v @@ -47479,7 +52935,6 @@ func (s DeleteSecurityGroupOutput) GoString() string { return s.String() } -// Contains the parameters for DeleteSnapshot. type DeleteSnapshotInput struct { _ struct{} `type:"structure"` @@ -48074,6 +53529,79 @@ func (s *DeleteTransitGatewayInput) SetTransitGatewayId(v string) *DeleteTransit return s } +type DeleteTransitGatewayMulticastDomainInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the transit gateway multicast domain. + // + // TransitGatewayMulticastDomainId is a required field + TransitGatewayMulticastDomainId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTransitGatewayMulticastDomainInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayMulticastDomainInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTransitGatewayMulticastDomainInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTransitGatewayMulticastDomainInput"} + if s.TransitGatewayMulticastDomainId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayMulticastDomainId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTransitGatewayMulticastDomainInput) SetDryRun(v bool) *DeleteTransitGatewayMulticastDomainInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *DeleteTransitGatewayMulticastDomainInput) SetTransitGatewayMulticastDomainId(v string) *DeleteTransitGatewayMulticastDomainInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type DeleteTransitGatewayMulticastDomainOutput struct { + _ struct{} `type:"structure"` + + // Information about the deleted transit gateway multicast domain. + TransitGatewayMulticastDomain *TransitGatewayMulticastDomain `locationName:"transitGatewayMulticastDomain" type:"structure"` +} + +// String returns the string representation +func (s DeleteTransitGatewayMulticastDomainOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayMulticastDomainOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayMulticastDomain sets the TransitGatewayMulticastDomain field's value. +func (s *DeleteTransitGatewayMulticastDomainOutput) SetTransitGatewayMulticastDomain(v *TransitGatewayMulticastDomain) *DeleteTransitGatewayMulticastDomainOutput { + s.TransitGatewayMulticastDomain = v + return s +} + type DeleteTransitGatewayOutput struct { _ struct{} `type:"structure"` @@ -48097,6 +53625,79 @@ func (s *DeleteTransitGatewayOutput) SetTransitGateway(v *TransitGateway) *Delet return s } +type DeleteTransitGatewayPeeringAttachmentInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the transit gateway peering attachment. + // + // TransitGatewayAttachmentId is a required field + TransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTransitGatewayPeeringAttachmentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayPeeringAttachmentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTransitGatewayPeeringAttachmentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTransitGatewayPeeringAttachmentInput"} + if s.TransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayAttachmentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTransitGatewayPeeringAttachmentInput) SetDryRun(v bool) *DeleteTransitGatewayPeeringAttachmentInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *DeleteTransitGatewayPeeringAttachmentInput) SetTransitGatewayAttachmentId(v string) *DeleteTransitGatewayPeeringAttachmentInput { + s.TransitGatewayAttachmentId = &v + return s +} + +type DeleteTransitGatewayPeeringAttachmentOutput struct { + _ struct{} `type:"structure"` + + // The transit gateway peering attachment. + TransitGatewayPeeringAttachment *TransitGatewayPeeringAttachment `locationName:"transitGatewayPeeringAttachment" type:"structure"` +} + +// String returns the string representation +func (s DeleteTransitGatewayPeeringAttachmentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayPeeringAttachmentOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayPeeringAttachment sets the TransitGatewayPeeringAttachment field's value. +func (s *DeleteTransitGatewayPeeringAttachmentOutput) SetTransitGatewayPeeringAttachment(v *TransitGatewayPeeringAttachment) *DeleteTransitGatewayPeeringAttachmentOutput { + s.TransitGatewayPeeringAttachment = v + return s +} + type DeleteTransitGatewayRouteInput struct { _ struct{} `type:"structure"` @@ -48330,7 +53931,6 @@ func (s *DeleteTransitGatewayVpcAttachmentOutput) SetTransitGatewayVpcAttachment return s } -// Contains the parameters for DeleteVolume. type DeleteVolumeInput struct { _ struct{} `type:"structure"` @@ -48953,8 +54553,8 @@ func (s DeleteVpnGatewayOutput) GoString() string { type DeprovisionByoipCidrInput struct { _ struct{} `type:"structure"` - // The public IPv4 address range, in CIDR notation. The prefix must be the same - // prefix that you specified when you provisioned the address range. + // The address range, in CIDR notation. The prefix must be the same prefix that + // you specified when you provisioned the address range. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -49089,6 +54689,158 @@ func (s DeregisterImageOutput) GoString() string { return s.String() } +type DeregisterTransitGatewayMulticastGroupMembersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `type:"string"` + + // The IDs of the group members' network interfaces. + NetworkInterfaceIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s DeregisterTransitGatewayMulticastGroupMembersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeregisterTransitGatewayMulticastGroupMembersInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DeregisterTransitGatewayMulticastGroupMembersInput) SetDryRun(v bool) *DeregisterTransitGatewayMulticastGroupMembersInput { + s.DryRun = &v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *DeregisterTransitGatewayMulticastGroupMembersInput) SetGroupIpAddress(v string) *DeregisterTransitGatewayMulticastGroupMembersInput { + s.GroupIpAddress = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *DeregisterTransitGatewayMulticastGroupMembersInput) SetNetworkInterfaceIds(v []*string) *DeregisterTransitGatewayMulticastGroupMembersInput { + s.NetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *DeregisterTransitGatewayMulticastGroupMembersInput) SetTransitGatewayMulticastDomainId(v string) *DeregisterTransitGatewayMulticastGroupMembersInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type DeregisterTransitGatewayMulticastGroupMembersOutput struct { + _ struct{} `type:"structure"` + + // Information about the deregistered members. + DeregisteredMulticastGroupMembers *TransitGatewayMulticastDeregisteredGroupMembers `locationName:"deregisteredMulticastGroupMembers" type:"structure"` +} + +// String returns the string representation +func (s DeregisterTransitGatewayMulticastGroupMembersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeregisterTransitGatewayMulticastGroupMembersOutput) GoString() string { + return s.String() +} + +// SetDeregisteredMulticastGroupMembers sets the DeregisteredMulticastGroupMembers field's value. +func (s *DeregisterTransitGatewayMulticastGroupMembersOutput) SetDeregisteredMulticastGroupMembers(v *TransitGatewayMulticastDeregisteredGroupMembers) *DeregisterTransitGatewayMulticastGroupMembersOutput { + s.DeregisteredMulticastGroupMembers = v + return s +} + +type DeregisterTransitGatewayMulticastGroupSourcesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `type:"string"` + + // The IDs of the group sources' network interfaces. + NetworkInterfaceIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s DeregisterTransitGatewayMulticastGroupSourcesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeregisterTransitGatewayMulticastGroupSourcesInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DeregisterTransitGatewayMulticastGroupSourcesInput) SetDryRun(v bool) *DeregisterTransitGatewayMulticastGroupSourcesInput { + s.DryRun = &v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *DeregisterTransitGatewayMulticastGroupSourcesInput) SetGroupIpAddress(v string) *DeregisterTransitGatewayMulticastGroupSourcesInput { + s.GroupIpAddress = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *DeregisterTransitGatewayMulticastGroupSourcesInput) SetNetworkInterfaceIds(v []*string) *DeregisterTransitGatewayMulticastGroupSourcesInput { + s.NetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *DeregisterTransitGatewayMulticastGroupSourcesInput) SetTransitGatewayMulticastDomainId(v string) *DeregisterTransitGatewayMulticastGroupSourcesInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type DeregisterTransitGatewayMulticastGroupSourcesOutput struct { + _ struct{} `type:"structure"` + + // Information about the deregistered group sources. + DeregisteredMulticastGroupSources *TransitGatewayMulticastDeregisteredGroupSources `locationName:"deregisteredMulticastGroupSources" type:"structure"` +} + +// String returns the string representation +func (s DeregisterTransitGatewayMulticastGroupSourcesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeregisterTransitGatewayMulticastGroupSourcesOutput) GoString() string { + return s.String() +} + +// SetDeregisteredMulticastGroupSources sets the DeregisteredMulticastGroupSources field's value. +func (s *DeregisterTransitGatewayMulticastGroupSourcesOutput) SetDeregisteredMulticastGroupSources(v *TransitGatewayMulticastDeregisteredGroupSources) *DeregisterTransitGatewayMulticastGroupSourcesOutput { + s.DeregisteredMulticastGroupSources = v + return s +} + type DescribeAccountAttributesInput struct { _ struct{} `type:"structure"` @@ -49171,6 +54923,8 @@ type DescribeAddressesInput struct { // * instance-id - The ID of the instance the address is associated with, // if any. // + // * network-border-group - The location from where the IP address is advertised. + // // * network-interface-id - [EC2-VPC] The ID of the network interface that // the address is associated with, if any. // @@ -49318,6 +55072,13 @@ func (s *DescribeAggregateIdFormatOutput) SetUseLongIdsAggregated(v bool) *Descr type DescribeAvailabilityZonesInput struct { _ struct{} `type:"structure"` + // Include all Availability Zones and Local Zones regardless of your opt in + // status. + // + // If you do not use this parameter, the results include only the zones for + // the Regions where you have chosen the option to opt in. + AllAvailabilityZones *bool `type:"boolean"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -49326,23 +55087,31 @@ type DescribeAvailabilityZonesInput struct { // The filters. // - // * message - Information about the Availability Zone. + // * group-name - For Availability Zones, use the Region name. For Local + // Zones, use the name of the group associated with the Local Zone (for example, + // us-west-2-lax-1). // - // * region-name - The name of the Region for the Availability Zone (for - // example, us-east-1). + // * message - The Availability Zone or Local Zone message. // - // * state - The state of the Availability Zone (available | information - // | impaired | unavailable). + // * opt-in-status - The opt in status (opted-in, and not-opted-in | opt-in-not-required). // - // * zone-id - The ID of the Availability Zone (for example, use1-az1). + // * region-name - The name of the Region for the Availability Zone or Local + // Zone (for example, us-east-1). // - // * zone-name - The name of the Availability Zone (for example, us-east-1a). + // * state - The state of the Availability Zone or Local Zone (available + // | information | impaired | unavailable). + // + // * zone-id - The ID of the Availability Zone (for example, use1-az1) or + // the Local Zone (for example, use usw2-lax1-az1). + // + // * zone-name - The name of the Availability Zone (for example, us-east-1a) + // or the Local Zone (for example, use us-west-2-lax-1a). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The IDs of the Availability Zones. + // The IDs of the Availability Zones and Local Zones. ZoneIds []*string `locationName:"ZoneId" locationNameList:"ZoneId" type:"list"` - // The names of the Availability Zones. + // The names of the Availability Zones and Local Zones. ZoneNames []*string `locationName:"ZoneName" locationNameList:"ZoneName" type:"list"` } @@ -49356,6 +55125,12 @@ func (s DescribeAvailabilityZonesInput) GoString() string { return s.String() } +// SetAllAvailabilityZones sets the AllAvailabilityZones field's value. +func (s *DescribeAvailabilityZonesInput) SetAllAvailabilityZones(v bool) *DescribeAvailabilityZonesInput { + s.AllAvailabilityZones = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *DescribeAvailabilityZonesInput) SetDryRun(v bool) *DescribeAvailabilityZonesInput { s.DryRun = &v @@ -49383,7 +55158,7 @@ func (s *DescribeAvailabilityZonesInput) SetZoneNames(v []*string) *DescribeAvai type DescribeAvailabilityZonesOutput struct { _ struct{} `type:"structure"` - // Information about the Availability Zones. + // Information about the Availability Zones and Local Zones. AvailabilityZones []*AvailabilityZone `locationName:"availabilityZoneInfo" locationNameList:"item" type:"list"` } @@ -49603,6 +55378,57 @@ type DescribeCapacityReservationsInput struct { DryRun *bool `type:"boolean"` // One or more filters. + // + // * instance-type - The type of instance for which the Capacity Reservation + // reserves capacity. + // + // * owner-id - The ID of the AWS account that owns the Capacity Reservation. + // + // * availability-zone-id - The Availability Zone ID of the Capacity Reservation. + // + // * instance-platform - The type of operating system for which the Capacity + // Reservation reserves capacity. + // + // * availability-zone - The Availability Zone ID of the Capacity Reservation. + // + // * tenancy - Indicates the tenancy of the Capacity Reservation. A Capacity + // Reservation can have one of the following tenancy settings: default - + // The Capacity Reservation is created on hardware that is shared with other + // AWS accounts. dedicated - The Capacity Reservation is created on single-tenant + // hardware that is dedicated to a single AWS account. + // + // * state - The current state of the Capacity Reservation. A Capacity Reservation + // can be in one of the following states: active- The Capacity Reservation + // is active and the capacity is available for your use. expired - The Capacity + // Reservation expired automatically at the date and time specified in your + // request. The reserved capacity is no longer available for your use. cancelled + // - The Capacity Reservation was manually cancelled. The reserved capacity + // is no longer available for your use. pending - The Capacity Reservation + // request was successful but the capacity provisioning is still pending. + // failed - The Capacity Reservation request has failed. A request might + // fail due to invalid request parameters, capacity constraints, or instance + // limit constraints. Failed requests are retained for 60 minutes. + // + // * end-date - The date and time at which the Capacity Reservation expires. + // When a Capacity Reservation expires, the reserved capacity is released + // and you can no longer launch instances into it. The Capacity Reservation's + // state changes to expired when it reaches its end date and time. + // + // * end-date-type - Indicates the way in which the Capacity Reservation + // ends. A Capacity Reservation can have one of the following end types: + // unlimited - The Capacity Reservation remains active until you explicitly + // cancel it. limited - The Capacity Reservation expires automatically at + // a specified date and time. + // + // * instance-match-criteria - Indicates the type of instance launches that + // the Capacity Reservation accepts. The options include: open - The Capacity + // Reservation accepts all instances that have matching attributes (instance + // type, platform, and Availability Zone). Instances that have matching attributes + // launch into the Capacity Reservation automatically without specifying + // any additional parameters. targeted - The Capacity Reservation only accepts + // instances that have matching attributes (instance type, platform, and + // Availability Zone), and explicitly target the Capacity Reservation. This + // ensures that only permitted instances can use the reserved capacity. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -49844,6 +55670,14 @@ type DescribeClientVpnAuthorizationRulesInput struct { DryRun *bool `type:"boolean"` // One or more filters. Filter names and values are case-sensitive. + // + // * description - The description of the authorization rule. + // + // * destination-cidr - The CIDR of the network to which the authorization + // rule applies. + // + // * group-id - The ID of the Active Directory group to which the authorization + // rule grants access. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -49959,6 +55793,11 @@ type DescribeClientVpnConnectionsInput struct { DryRun *bool `type:"boolean"` // One or more filters. Filter names and values are case-sensitive. + // + // * connection-id - The ID of the connection. + // + // * username - For Active Directory client authentication, the user name + // of the client who established the client connection. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -50072,6 +55911,10 @@ type DescribeClientVpnEndpointsInput struct { DryRun *bool `type:"boolean"` // One or more filters. Filter names and values are case-sensitive. + // + // * endpoint-id - The ID of the Client VPN endpoint. + // + // * transport-protocol - The transport protocol (tcp | udp). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -50184,6 +56027,13 @@ type DescribeClientVpnRoutesInput struct { DryRun *bool `type:"boolean"` // One or more filters. Filter names and values are case-sensitive. + // + // * destination-cidr - The CIDR of the route destination. + // + // * origin - How the route was associated with the Client VPN endpoint (associate + // | add-route). + // + // * target-subnet - The ID of the subnet through which traffic is routed. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -50302,6 +56152,12 @@ type DescribeClientVpnTargetNetworksInput struct { DryRun *bool `type:"boolean"` // One or more filters. Filter names and values are case-sensitive. + // + // * association-id - The ID of the association. + // + // * target-network-id - The ID of the subnet specified as the target network. + // + // * vpc-id - The ID of the VPC in which the target network is located. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -50408,6 +56264,119 @@ func (s *DescribeClientVpnTargetNetworksOutput) SetNextToken(v string) *Describe return s } +type DescribeCoipPoolsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. The following are the possible values: + // + // * coip-pool.pool-id + // + // * coip-pool.local-gateway-route-table-id + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the address pools. + PoolIds []*string `locationName:"PoolId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeCoipPoolsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeCoipPoolsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCoipPoolsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCoipPoolsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeCoipPoolsInput) SetDryRun(v bool) *DescribeCoipPoolsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeCoipPoolsInput) SetFilters(v []*Filter) *DescribeCoipPoolsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeCoipPoolsInput) SetMaxResults(v int64) *DescribeCoipPoolsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCoipPoolsInput) SetNextToken(v string) *DescribeCoipPoolsInput { + s.NextToken = &v + return s +} + +// SetPoolIds sets the PoolIds field's value. +func (s *DescribeCoipPoolsInput) SetPoolIds(v []*string) *DescribeCoipPoolsInput { + s.PoolIds = v + return s +} + +type DescribeCoipPoolsOutput struct { + _ struct{} `type:"structure"` + + // Information about the address pools. + CoipPools []*CoipPool `locationName:"coipPoolSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeCoipPoolsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeCoipPoolsOutput) GoString() string { + return s.String() +} + +// SetCoipPools sets the CoipPools field's value. +func (s *DescribeCoipPoolsOutput) SetCoipPools(v []*CoipPool) *DescribeCoipPoolsOutput { + s.CoipPools = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeCoipPoolsOutput) SetNextToken(v string) *DescribeCoipPoolsOutput { + s.NextToken = &v + return s +} + type DescribeConversionTasksInput struct { _ struct{} `type:"structure"` @@ -50702,6 +56671,19 @@ type DescribeEgressOnlyInternetGatewaysInput struct { // One or more egress-only internet gateway IDs. EgressOnlyInternetGatewayIds []*string `locationName:"EgressOnlyInternetGatewayId" locationNameList:"item" type:"list"` + // One or more filters. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + // The maximum number of results to return with a single call. To retrieve the // remaining results, make another call with the returned nextToken value. MaxResults *int64 `min:"5" type:"integer"` @@ -50745,6 +56727,12 @@ func (s *DescribeEgressOnlyInternetGatewaysInput) SetEgressOnlyInternetGatewayId return s } +// SetFilters sets the Filters field's value. +func (s *DescribeEgressOnlyInternetGatewaysInput) SetFilters(v []*Filter) *DescribeEgressOnlyInternetGatewaysInput { + s.Filters = v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *DescribeEgressOnlyInternetGatewaysInput) SetMaxResults(v int64) *DescribeEgressOnlyInternetGatewaysInput { s.MaxResults = &v @@ -51039,6 +57027,9 @@ type DescribeExportTasksInput struct { // The export task IDs. ExportTaskIds []*string `locationName:"exportTaskId" locationNameList:"ExportTaskId" type:"list"` + + // the filters for the export tasks. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` } // String returns the string representation @@ -51057,6 +57048,12 @@ func (s *DescribeExportTasksInput) SetExportTaskIds(v []*string) *DescribeExport return s } +// SetFilters sets the Filters field's value. +func (s *DescribeExportTasksInput) SetFilters(v []*Filter) *DescribeExportTasksInput { + s.Filters = v + return s +} + type DescribeExportTasksOutput struct { _ struct{} `type:"structure"` @@ -51080,6 +57077,222 @@ func (s *DescribeExportTasksOutput) SetExportTasks(v []*ExportTask) *DescribeExp return s } +// Describes fast snapshot restores for a snapshot. +type DescribeFastSnapshotRestoreSuccessItem struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The time at which fast snapshot restores entered the disabled state. + DisabledTime *time.Time `locationName:"disabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the disabling state. + DisablingTime *time.Time `locationName:"disablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabled state. + EnabledTime *time.Time `locationName:"enabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabling state. + EnablingTime *time.Time `locationName:"enablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the optimizing state. + OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` + + // The alias of the snapshot owner. + OwnerAlias *string `locationName:"ownerAlias" type:"string"` + + // The ID of the AWS account that owns the snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` + + // The state of fast snapshot restores. + State *string `locationName:"state" type:"string" enum:"FastSnapshotRestoreStateCode"` + + // The reason for the state transition. The possible values are as follows: + // + // * Client.UserInitiated - The state successfully transitioned to enabling + // or disabling. + // + // * Client.UserInitiated - Lifecycle state transition - The state successfully + // transitioned to optimizing, enabled, or disabled. + StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` +} + +// String returns the string representation +func (s DescribeFastSnapshotRestoreSuccessItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeFastSnapshotRestoreSuccessItem) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetAvailabilityZone(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.AvailabilityZone = &v + return s +} + +// SetDisabledTime sets the DisabledTime field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetDisabledTime(v time.Time) *DescribeFastSnapshotRestoreSuccessItem { + s.DisabledTime = &v + return s +} + +// SetDisablingTime sets the DisablingTime field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetDisablingTime(v time.Time) *DescribeFastSnapshotRestoreSuccessItem { + s.DisablingTime = &v + return s +} + +// SetEnabledTime sets the EnabledTime field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetEnabledTime(v time.Time) *DescribeFastSnapshotRestoreSuccessItem { + s.EnabledTime = &v + return s +} + +// SetEnablingTime sets the EnablingTime field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetEnablingTime(v time.Time) *DescribeFastSnapshotRestoreSuccessItem { + s.EnablingTime = &v + return s +} + +// SetOptimizingTime sets the OptimizingTime field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetOptimizingTime(v time.Time) *DescribeFastSnapshotRestoreSuccessItem { + s.OptimizingTime = &v + return s +} + +// SetOwnerAlias sets the OwnerAlias field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetOwnerAlias(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.OwnerAlias = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetOwnerId(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.OwnerId = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetSnapshotId(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.SnapshotId = &v + return s +} + +// SetState sets the State field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetState(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.State = &v + return s +} + +// SetStateTransitionReason sets the StateTransitionReason field's value. +func (s *DescribeFastSnapshotRestoreSuccessItem) SetStateTransitionReason(v string) *DescribeFastSnapshotRestoreSuccessItem { + s.StateTransitionReason = &v + return s +} + +type DescribeFastSnapshotRestoresInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. The possible values are: + // + // * availability-zone: The Availability Zone of the snapshot. + // + // * owner-id: The ID of the AWS account that owns the snapshot. + // + // * snapshot-id: The ID of the snapshot. + // + // * state: The state of fast snapshot restores for the snapshot (enabling + // | optimizing | enabled | disabling | disabled). + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeFastSnapshotRestoresInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeFastSnapshotRestoresInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeFastSnapshotRestoresInput) SetDryRun(v bool) *DescribeFastSnapshotRestoresInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeFastSnapshotRestoresInput) SetFilters(v []*Filter) *DescribeFastSnapshotRestoresInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeFastSnapshotRestoresInput) SetMaxResults(v int64) *DescribeFastSnapshotRestoresInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeFastSnapshotRestoresInput) SetNextToken(v string) *DescribeFastSnapshotRestoresInput { + s.NextToken = &v + return s +} + +type DescribeFastSnapshotRestoresOutput struct { + _ struct{} `type:"structure"` + + // Information about the state of fast snapshot restores. + FastSnapshotRestores []*DescribeFastSnapshotRestoreSuccessItem `locationName:"fastSnapshotRestoreSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeFastSnapshotRestoresOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeFastSnapshotRestoresOutput) GoString() string { + return s.String() +} + +// SetFastSnapshotRestores sets the FastSnapshotRestores field's value. +func (s *DescribeFastSnapshotRestoresOutput) SetFastSnapshotRestores(v []*DescribeFastSnapshotRestoreSuccessItem) *DescribeFastSnapshotRestoresOutput { + s.FastSnapshotRestores = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeFastSnapshotRestoresOutput) SetNextToken(v string) *DescribeFastSnapshotRestoresOutput { + s.NextToken = &v + return s +} + // Describes the instances that could not be launched by the fleet. type DescribeFleetError struct { _ struct{} `type:"structure"` @@ -51089,12 +57302,12 @@ type DescribeFleetError struct { ErrorCode *string `locationName:"errorCode" type:"string"` // The error message that describes why the instance could not be launched. - // For more information about error messages, see ee Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). + // For more information about error messages, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). ErrorMessage *string `locationName:"errorMessage" type:"string"` // The launch templates and overrides that were used for launching the instances. - // Any parameters that you specify in the Overrides override the same parameters - // in the launch template. + // The values that you specify in the Overrides replace the values in the launch + // template. LaunchTemplateAndOverrides *LaunchTemplateAndOverridesResponse `locationName:"launchTemplateAndOverrides" type:"structure"` // Indicates if the instance that could not be launched was a Spot Instance @@ -51504,15 +57717,15 @@ type DescribeFleetsInstances struct { InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // The launch templates and overrides that were used for launching the instances. - // Any parameters that you specify in the Overrides override the same parameters - // in the launch template. + // The values that you specify in the Overrides replace the values in the launch + // template. LaunchTemplateAndOverrides *LaunchTemplateAndOverridesResponse `locationName:"launchTemplateAndOverrides" type:"structure"` // Indicates if the instance that was launched is a Spot Instance or On-Demand // Instance. Lifecycle *string `locationName:"lifecycle" type:"string" enum:"InstanceLifecycle"` - // The value is Windows for Windows instances; otherwise blank. + // The value is Windows for Windows instances. Otherwise, the value is blank. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` } @@ -51612,6 +57825,16 @@ type DescribeFlowLogsInput struct { // * resource-id - The ID of the VPC, subnet, or network interface. // // * traffic-type - The type of traffic (ACCEPT | REJECT | ALL). + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. Filter []*Filter `locationNameList:"Filter" type:"list"` // One or more flow log IDs. @@ -53520,6 +59743,305 @@ func (s *DescribeInstanceStatusOutput) SetNextToken(v string) *DescribeInstanceS return s } +type DescribeInstanceTypeOfferingsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + // + // * location - This depends on the location type. For example, if the location + // type is region (default), the location is the Region code (for example, + // us-east-2.) + // + // * instance-type - The instance type. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The location type. + LocationType *string `type:"string" enum:"LocationType"` + + // The maximum number of results to return for the request in a single page. + // The remaining results can be seen by sending another request with the next + // token value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token to retrieve the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceTypeOfferingsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceTypeOfferingsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceTypeOfferingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceTypeOfferingsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceTypeOfferingsInput) SetDryRun(v bool) *DescribeInstanceTypeOfferingsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceTypeOfferingsInput) SetFilters(v []*Filter) *DescribeInstanceTypeOfferingsInput { + s.Filters = v + return s +} + +// SetLocationType sets the LocationType field's value. +func (s *DescribeInstanceTypeOfferingsInput) SetLocationType(v string) *DescribeInstanceTypeOfferingsInput { + s.LocationType = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceTypeOfferingsInput) SetMaxResults(v int64) *DescribeInstanceTypeOfferingsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTypeOfferingsInput) SetNextToken(v string) *DescribeInstanceTypeOfferingsInput { + s.NextToken = &v + return s +} + +type DescribeInstanceTypeOfferingsOutput struct { + _ struct{} `type:"structure"` + + // The instance types offered. + InstanceTypeOfferings []*InstanceTypeOffering `locationName:"instanceTypeOfferingSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceTypeOfferingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceTypeOfferingsOutput) GoString() string { + return s.String() +} + +// SetInstanceTypeOfferings sets the InstanceTypeOfferings field's value. +func (s *DescribeInstanceTypeOfferingsOutput) SetInstanceTypeOfferings(v []*InstanceTypeOffering) *DescribeInstanceTypeOfferingsOutput { + s.InstanceTypeOfferings = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTypeOfferingsOutput) SetNextToken(v string) *DescribeInstanceTypeOfferingsOutput { + s.NextToken = &v + return s +} + +type DescribeInstanceTypesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. Filter names and values are case-sensitive. + // + // * auto-recovery-supported - Indicates whether auto recovery is supported. + // (true | false) + // + // * bare-metal - Indicates whether it is a bare metal instance type. (true + // | false) + // + // * burstable-performance-supported - Indicates whether it is a burstable + // performance instance type. (true | false) + // + // * current-generation - Indicates whether this instance type is the latest + // generation instance type of an instance family. (true | false) + // + // * ebs-info.ebs-optimized-support - Indicates whether the instance type + // is EBS-optimized. (supported | unsupported | default) + // + // * ebs-info.encryption-support - Indicates whether EBS encryption is supported. + // (supported | unsupported) + // + // * free-tier-eligible - Indicates whether the instance type is eligible + // to use in the free tier. (true | false) + // + // * hibernation-supported - Indicates whether On-Demand hibernation is supported. + // (true | false) + // + // * hypervisor - The hypervisor used. (nitro | xen) + // + // * instance-storage-info.disk.count - The number of local disks. + // + // * instance-storage-info.disk.size-in-gb - The storage size of each instance + // storage disk, in GB. + // + // * instance-storage-info.disk.type - The storage technology for the local + // instance storage disks. (hdd | ssd) + // + // * instance-storage-info.total-size-in-gb - The total amount of storage + // available from all local instance storage, in GB. + // + // * instance-storage-supported - Indicates whether the instance type has + // local instance storage. (true | false) + // + // * memory-info.size-in-mib - The memory size. + // + // * network-info.ena-support - Indicates whether Elastic Network Adapter + // (ENA) is supported or required. (required | supported | unsupported) + // + // * network-info.ipv4-addresses-per-interface - The maximum number of private + // IPv4 addresses per network interface. + // + // * network-info.ipv6-addresses-per-interface - The maximum number of private + // IPv6 addresses per network interface. + // + // * network-info.ipv6-supported - Indicates whether the instance type supports + // IPv6. (true | false) + // + // * network-info.maximum-network-interfaces - The maximum number of network + // interfaces per instance. + // + // * network-info.network-performance - Describes the network performance. + // + // * processor-info.sustained-clock-speed-in-ghz - The CPU clock speed, in + // GHz. + // + // * vcpu-info.default-cores - The default number of cores for the instance + // type. + // + // * vcpu-info.default-threads-per-core - The default number of threads per + // core for the instance type. + // + // * vcpu-info.default-vcpus - The default number of vCPUs for the instance + // type. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The instance types. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon Elastic Compute Cloud User Guide. + InstanceTypes []*string `locationName:"InstanceType" type:"list"` + + // The maximum number of results to return for the request in a single page. + // The remaining results can be seen by sending another request with the next + // token value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token to retrieve the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceTypesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceTypesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeInstanceTypesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeInstanceTypesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeInstanceTypesInput) SetDryRun(v bool) *DescribeInstanceTypesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeInstanceTypesInput) SetFilters(v []*Filter) *DescribeInstanceTypesInput { + s.Filters = v + return s +} + +// SetInstanceTypes sets the InstanceTypes field's value. +func (s *DescribeInstanceTypesInput) SetInstanceTypes(v []*string) *DescribeInstanceTypesInput { + s.InstanceTypes = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeInstanceTypesInput) SetMaxResults(v int64) *DescribeInstanceTypesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTypesInput) SetNextToken(v string) *DescribeInstanceTypesInput { + s.NextToken = &v + return s +} + +type DescribeInstanceTypesOutput struct { + _ struct{} `type:"structure"` + + // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon Elastic Compute Cloud User Guide. + InstanceTypes []*InstanceTypeInfo `locationName:"instanceTypeSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeInstanceTypesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeInstanceTypesOutput) GoString() string { + return s.String() +} + +// SetInstanceTypes sets the InstanceTypes field's value. +func (s *DescribeInstanceTypesOutput) SetInstanceTypes(v []*InstanceTypeInfo) *DescribeInstanceTypesOutput { + s.InstanceTypes = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeInstanceTypesOutput) SetNextToken(v string) *DescribeInstanceTypesOutput { + s.NextToken = &v + return s +} + type DescribeInstancesInput struct { _ struct{} `type:"structure"` @@ -53570,11 +60092,13 @@ type DescribeInstancesInput struct { // * host-id - The ID of the Dedicated Host on which the instance is running, // if applicable. // - // * hypervisor - The hypervisor type of the instance (ovm | xen). + // * hypervisor - The hypervisor type of the instance (ovm | xen). The value + // xen is used for both Xen and Nitro hypervisors. // // * iam-instance-profile.arn - The instance profile associated with the - // instance. Specified as an ARN. image-id - The ID of the image used to - // launch the instance. + // instance. Specified as an ARN. + // + // * image-id - The ID of the image used to launch the instance. // // * instance-id - The ID of the instance. // @@ -53607,14 +60131,14 @@ type DescribeInstancesInput struct { // // * launch-time - The time when the instance was launched. // - // * metadata-http-tokens - The metadata request authorization state (optional - // | required) + // * metadata-options.http-tokens - The metadata request authorization state + // (optional | required) // - // * metadata-http-put-response-hop-limit - The http metadata request put - // response hop limit (integer, possible values 1 to 64) + // * metadata-options.http-put-response-hop-limit - The http metadata request + // put response hop limit (integer, possible values 1 to 64) // - // * metadata-http-endpoint - Enable or disable metadata access on http endpoint - // (enabled | disabled) + // * metadata-options.http-endpoint - Enable or disable metadata access on + // http endpoint (enabled | disabled) // // * monitoring-state - Indicates whether detailed monitoring is enabled // (disabled | enabled). @@ -53994,6 +60518,125 @@ func (s *DescribeInternetGatewaysOutput) SetNextToken(v string) *DescribeInterne return s } +type DescribeIpv6PoolsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the IPv6 address pools. + PoolIds []*string `locationName:"PoolId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeIpv6PoolsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeIpv6PoolsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeIpv6PoolsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeIpv6PoolsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeIpv6PoolsInput) SetDryRun(v bool) *DescribeIpv6PoolsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeIpv6PoolsInput) SetFilters(v []*Filter) *DescribeIpv6PoolsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeIpv6PoolsInput) SetMaxResults(v int64) *DescribeIpv6PoolsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpv6PoolsInput) SetNextToken(v string) *DescribeIpv6PoolsInput { + s.NextToken = &v + return s +} + +// SetPoolIds sets the PoolIds field's value. +func (s *DescribeIpv6PoolsInput) SetPoolIds(v []*string) *DescribeIpv6PoolsInput { + s.PoolIds = v + return s +} + +type DescribeIpv6PoolsOutput struct { + _ struct{} `type:"structure"` + + // Information about the IPv6 address pools. + Ipv6Pools []*Ipv6Pool `locationName:"ipv6PoolSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeIpv6PoolsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeIpv6PoolsOutput) GoString() string { + return s.String() +} + +// SetIpv6Pools sets the Ipv6Pools field's value. +func (s *DescribeIpv6PoolsOutput) SetIpv6Pools(v []*Ipv6Pool) *DescribeIpv6PoolsOutput { + s.Ipv6Pools = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeIpv6PoolsOutput) SetNextToken(v string) *DescribeIpv6PoolsOutput { + s.NextToken = &v + return s +} + type DescribeKeyPairsInput struct { _ struct{} `type:"structure"` @@ -54014,6 +60657,9 @@ type DescribeKeyPairsInput struct { // // Default: Describes all your key pairs. KeyNames []*string `locationName:"KeyName" locationNameList:"KeyName" type:"list"` + + // The IDs of the key pairs. + KeyPairIds []*string `locationName:"KeyPairId" locationNameList:"KeyPairId" type:"list"` } // String returns the string representation @@ -54044,6 +60690,12 @@ func (s *DescribeKeyPairsInput) SetKeyNames(v []*string) *DescribeKeyPairsInput return s } +// SetKeyPairIds sets the KeyPairIds field's value. +func (s *DescribeKeyPairsInput) SetKeyPairIds(v []*string) *DescribeKeyPairsInput { + s.KeyPairIds = v + return s +} + type DescribeKeyPairsOutput struct { _ struct{} `type:"structure"` @@ -54366,6 +61018,660 @@ func (s *DescribeLaunchTemplatesOutput) SetNextToken(v string) *DescribeLaunchTe return s } +type DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the associations. + LocalGatewayRouteTableVirtualInterfaceGroupAssociationIds []*string `locationName:"LocalGatewayRouteTableVirtualInterfaceGroupAssociationId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) SetDryRun(v bool) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) SetFilters(v []*Filter) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput { + s.Filters = v + return s +} + +// SetLocalGatewayRouteTableVirtualInterfaceGroupAssociationIds sets the LocalGatewayRouteTableVirtualInterfaceGroupAssociationIds field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) SetLocalGatewayRouteTableVirtualInterfaceGroupAssociationIds(v []*string) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput { + s.LocalGatewayRouteTableVirtualInterfaceGroupAssociationIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) SetMaxResults(v int64) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) SetNextToken(v string) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the associations. + LocalGatewayRouteTableVirtualInterfaceGroupAssociations []*LocalGatewayRouteTableVirtualInterfaceGroupAssociation `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTableVirtualInterfaceGroupAssociations sets the LocalGatewayRouteTableVirtualInterfaceGroupAssociations field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) SetLocalGatewayRouteTableVirtualInterfaceGroupAssociations(v []*LocalGatewayRouteTableVirtualInterfaceGroupAssociation) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput { + s.LocalGatewayRouteTableVirtualInterfaceGroupAssociations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) SetNextToken(v string) *DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayRouteTableVpcAssociationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the associations. + LocalGatewayRouteTableVpcAssociationIds []*string `locationName:"LocalGatewayRouteTableVpcAssociationId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTableVpcAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTableVpcAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewayRouteTableVpcAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) SetDryRun(v bool) *DescribeLocalGatewayRouteTableVpcAssociationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) SetFilters(v []*Filter) *DescribeLocalGatewayRouteTableVpcAssociationsInput { + s.Filters = v + return s +} + +// SetLocalGatewayRouteTableVpcAssociationIds sets the LocalGatewayRouteTableVpcAssociationIds field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) SetLocalGatewayRouteTableVpcAssociationIds(v []*string) *DescribeLocalGatewayRouteTableVpcAssociationsInput { + s.LocalGatewayRouteTableVpcAssociationIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) SetMaxResults(v int64) *DescribeLocalGatewayRouteTableVpcAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsInput) SetNextToken(v string) *DescribeLocalGatewayRouteTableVpcAssociationsInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayRouteTableVpcAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the associations. + LocalGatewayRouteTableVpcAssociations []*LocalGatewayRouteTableVpcAssociation `locationName:"localGatewayRouteTableVpcAssociationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTableVpcAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTableVpcAssociationsOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTableVpcAssociations sets the LocalGatewayRouteTableVpcAssociations field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsOutput) SetLocalGatewayRouteTableVpcAssociations(v []*LocalGatewayRouteTableVpcAssociation) *DescribeLocalGatewayRouteTableVpcAssociationsOutput { + s.LocalGatewayRouteTableVpcAssociations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTableVpcAssociationsOutput) SetNextToken(v string) *DescribeLocalGatewayRouteTableVpcAssociationsOutput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayRouteTablesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the local gateway route tables. + LocalGatewayRouteTableIds []*string `locationName:"LocalGatewayRouteTableId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTablesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTablesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewayRouteTablesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewayRouteTablesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewayRouteTablesInput) SetDryRun(v bool) *DescribeLocalGatewayRouteTablesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewayRouteTablesInput) SetFilters(v []*Filter) *DescribeLocalGatewayRouteTablesInput { + s.Filters = v + return s +} + +// SetLocalGatewayRouteTableIds sets the LocalGatewayRouteTableIds field's value. +func (s *DescribeLocalGatewayRouteTablesInput) SetLocalGatewayRouteTableIds(v []*string) *DescribeLocalGatewayRouteTablesInput { + s.LocalGatewayRouteTableIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewayRouteTablesInput) SetMaxResults(v int64) *DescribeLocalGatewayRouteTablesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTablesInput) SetNextToken(v string) *DescribeLocalGatewayRouteTablesInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayRouteTablesOutput struct { + _ struct{} `type:"structure"` + + // Information about the local gateway route tables. + LocalGatewayRouteTables []*LocalGatewayRouteTable `locationName:"localGatewayRouteTableSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayRouteTablesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayRouteTablesOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayRouteTables sets the LocalGatewayRouteTables field's value. +func (s *DescribeLocalGatewayRouteTablesOutput) SetLocalGatewayRouteTables(v []*LocalGatewayRouteTable) *DescribeLocalGatewayRouteTablesOutput { + s.LocalGatewayRouteTables = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayRouteTablesOutput) SetNextToken(v string) *DescribeLocalGatewayRouteTablesOutput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayVirtualInterfaceGroupsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the virtual interface groups. + LocalGatewayVirtualInterfaceGroupIds []*string `locationName:"LocalGatewayVirtualInterfaceGroupId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayVirtualInterfaceGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayVirtualInterfaceGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewayVirtualInterfaceGroupsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) SetDryRun(v bool) *DescribeLocalGatewayVirtualInterfaceGroupsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) SetFilters(v []*Filter) *DescribeLocalGatewayVirtualInterfaceGroupsInput { + s.Filters = v + return s +} + +// SetLocalGatewayVirtualInterfaceGroupIds sets the LocalGatewayVirtualInterfaceGroupIds field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) SetLocalGatewayVirtualInterfaceGroupIds(v []*string) *DescribeLocalGatewayVirtualInterfaceGroupsInput { + s.LocalGatewayVirtualInterfaceGroupIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) SetMaxResults(v int64) *DescribeLocalGatewayVirtualInterfaceGroupsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsInput) SetNextToken(v string) *DescribeLocalGatewayVirtualInterfaceGroupsInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayVirtualInterfaceGroupsOutput struct { + _ struct{} `type:"structure"` + + // The virtual interface groups. + LocalGatewayVirtualInterfaceGroups []*LocalGatewayVirtualInterfaceGroup `locationName:"localGatewayVirtualInterfaceGroupSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayVirtualInterfaceGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayVirtualInterfaceGroupsOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayVirtualInterfaceGroups sets the LocalGatewayVirtualInterfaceGroups field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsOutput) SetLocalGatewayVirtualInterfaceGroups(v []*LocalGatewayVirtualInterfaceGroup) *DescribeLocalGatewayVirtualInterfaceGroupsOutput { + s.LocalGatewayVirtualInterfaceGroups = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayVirtualInterfaceGroupsOutput) SetNextToken(v string) *DescribeLocalGatewayVirtualInterfaceGroupsOutput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayVirtualInterfacesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the virtual interfaces. + LocalGatewayVirtualInterfaceIds []*string `locationName:"LocalGatewayVirtualInterfaceId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayVirtualInterfacesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayVirtualInterfacesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewayVirtualInterfacesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewayVirtualInterfacesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewayVirtualInterfacesInput) SetDryRun(v bool) *DescribeLocalGatewayVirtualInterfacesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewayVirtualInterfacesInput) SetFilters(v []*Filter) *DescribeLocalGatewayVirtualInterfacesInput { + s.Filters = v + return s +} + +// SetLocalGatewayVirtualInterfaceIds sets the LocalGatewayVirtualInterfaceIds field's value. +func (s *DescribeLocalGatewayVirtualInterfacesInput) SetLocalGatewayVirtualInterfaceIds(v []*string) *DescribeLocalGatewayVirtualInterfacesInput { + s.LocalGatewayVirtualInterfaceIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewayVirtualInterfacesInput) SetMaxResults(v int64) *DescribeLocalGatewayVirtualInterfacesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayVirtualInterfacesInput) SetNextToken(v string) *DescribeLocalGatewayVirtualInterfacesInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewayVirtualInterfacesOutput struct { + _ struct{} `type:"structure"` + + // Information about the virtual interfaces. + LocalGatewayVirtualInterfaces []*LocalGatewayVirtualInterface `locationName:"localGatewayVirtualInterfaceSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewayVirtualInterfacesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewayVirtualInterfacesOutput) GoString() string { + return s.String() +} + +// SetLocalGatewayVirtualInterfaces sets the LocalGatewayVirtualInterfaces field's value. +func (s *DescribeLocalGatewayVirtualInterfacesOutput) SetLocalGatewayVirtualInterfaces(v []*LocalGatewayVirtualInterface) *DescribeLocalGatewayVirtualInterfacesOutput { + s.LocalGatewayVirtualInterfaces = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewayVirtualInterfacesOutput) SetNextToken(v string) *DescribeLocalGatewayVirtualInterfacesOutput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewaysInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The IDs of the local gateways. + LocalGatewayIds []*string `locationName:"LocalGatewayId" locationNameList:"item" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewaysInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewaysInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLocalGatewaysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLocalGatewaysInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeLocalGatewaysInput) SetDryRun(v bool) *DescribeLocalGatewaysInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeLocalGatewaysInput) SetFilters(v []*Filter) *DescribeLocalGatewaysInput { + s.Filters = v + return s +} + +// SetLocalGatewayIds sets the LocalGatewayIds field's value. +func (s *DescribeLocalGatewaysInput) SetLocalGatewayIds(v []*string) *DescribeLocalGatewaysInput { + s.LocalGatewayIds = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeLocalGatewaysInput) SetMaxResults(v int64) *DescribeLocalGatewaysInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewaysInput) SetNextToken(v string) *DescribeLocalGatewaysInput { + s.NextToken = &v + return s +} + +type DescribeLocalGatewaysOutput struct { + _ struct{} `type:"structure"` + + // Information about the local gateways. + LocalGateways []*LocalGateway `locationName:"localGatewaySet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeLocalGatewaysOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeLocalGatewaysOutput) GoString() string { + return s.String() +} + +// SetLocalGateways sets the LocalGateways field's value. +func (s *DescribeLocalGatewaysOutput) SetLocalGateways(v []*LocalGateway) *DescribeLocalGatewaysOutput { + s.LocalGateways = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeLocalGatewaysOutput) SetNextToken(v string) *DescribeLocalGatewaysOutput { + s.NextToken = &v + return s +} + type DescribeMovingAddressesInput struct { _ struct{} `type:"structure"` @@ -54485,6 +61791,12 @@ func (s *DescribeMovingAddressesOutput) SetNextToken(v string) *DescribeMovingAd type DescribeNatGatewaysInput struct { _ struct{} `type:"structure"` + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + // One or more filters. // // * nat-gateway-id - The ID of the NAT gateway. @@ -54541,6 +61853,12 @@ func (s *DescribeNatGatewaysInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *DescribeNatGatewaysInput) SetDryRun(v bool) *DescribeNatGatewaysInput { + s.DryRun = &v + return s +} + // SetFilter sets the Filter field's value. func (s *DescribeNatGatewaysInput) SetFilter(v []*Filter) *DescribeNatGatewaysInput { s.Filter = v @@ -55107,7 +62425,8 @@ type DescribeNetworkInterfacesInput struct { // The maximum number of items to return for this request. The request returns // a token that you can specify in a subsequent call to get the next set of - // results. + // results. You cannot specify this parameter and the network interface IDs + // parameter in the same request. MaxResults *int64 `min:"5" type:"integer"` // One or more network interface IDs. @@ -55225,6 +62544,9 @@ type DescribePlacementGroupsInput struct { // * strategy - The strategy of the placement group (cluster | spread | partition). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + // The IDs of the placement groups. + GroupIds []*string `locationName:"GroupId" locationNameList:"GroupId" type:"list"` + // The names of the placement groups. // // Default: Describes all your placement groups, or only those otherwise specified. @@ -55253,6 +62575,12 @@ func (s *DescribePlacementGroupsInput) SetFilters(v []*Filter) *DescribePlacemen return s } +// SetGroupIds sets the GroupIds field's value. +func (s *DescribePlacementGroupsInput) SetGroupIds(v []*string) *DescribePlacementGroupsInput { + s.GroupIds = v + return s +} + // SetGroupNames sets the GroupNames field's value. func (s *DescribePlacementGroupsInput) SetGroupNames(v []*string) *DescribePlacementGroupsInput { s.GroupNames = v @@ -55491,6 +62819,19 @@ func (s *DescribePrincipalIdFormatOutput) SetPrincipals(v []*PrincipalIdFormat) type DescribePublicIpv4PoolsInput struct { _ struct{} `type:"structure"` + // One or more filters. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + // The maximum number of results to return with a single call. To retrieve the // remaining results, make another call with the returned nextToken value. MaxResults *int64 `min:"1" type:"integer"` @@ -55525,6 +62866,12 @@ func (s *DescribePublicIpv4PoolsInput) Validate() error { return nil } +// SetFilters sets the Filters field's value. +func (s *DescribePublicIpv4PoolsInput) SetFilters(v []*Filter) *DescribePublicIpv4PoolsInput { + s.Filters = v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *DescribePublicIpv4PoolsInput) SetMaxResults(v int64) *DescribePublicIpv4PoolsInput { s.MaxResults = &v @@ -56961,7 +64308,6 @@ func (s *DescribeSecurityGroupsOutput) SetSecurityGroups(v []*SecurityGroup) *De return s } -// Contains the parameters for DescribeSnapshotAttribute. type DescribeSnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -57026,7 +64372,6 @@ func (s *DescribeSnapshotAttributeInput) SetSnapshotId(v string) *DescribeSnapsh return s } -// Contains the output of DescribeSnapshotAttribute. type DescribeSnapshotAttributeOutput struct { _ struct{} `type:"structure"` @@ -58294,9 +65639,10 @@ type DescribeTagsInput struct { // * resource-type - The resource type (customer-gateway | dedicated-host // | dhcp-options | elastic-ip | fleet | fpga-image | image | instance | // host-reservation | internet-gateway | launch-template | natgateway | network-acl - // | network-interface | reserved-instances | route-table | security-group - // | snapshot | spot-instances-request | subnet | volume | vpc | vpc-peering-connection - // | vpn-connection | vpn-gateway). + // | network-interface | placement-group | reserved-instances | route-table + // | security-group | snapshot | spot-instances-request | subnet | volume + // | vpc | vpc-endpoint | vpc-endpoint-service | vpc-peering-connection | + // vpn-connection | vpn-gateway). // // * tag: - The key/value combination of the tag. For example, specify // "tag:Owner" for the filter name and "TeamA" for the filter value to find @@ -58874,6 +66220,245 @@ func (s *DescribeTransitGatewayAttachmentsOutput) SetTransitGatewayAttachments(v return s } +type DescribeTransitGatewayMulticastDomainsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * state - The state of the transit gateway multicast domain. Valid values + // are pending | available | deleting | deleted. + // + // * transit-gateway-id - The ID of the transit gateway. + // + // * transit-gateway-multicast-domain-id - The ID of the transit gateway + // multicast domain. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainIds []*string `locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayMulticastDomainsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayMulticastDomainsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTransitGatewayMulticastDomainsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTransitGatewayMulticastDomainsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTransitGatewayMulticastDomainsInput) SetDryRun(v bool) *DescribeTransitGatewayMulticastDomainsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTransitGatewayMulticastDomainsInput) SetFilters(v []*Filter) *DescribeTransitGatewayMulticastDomainsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTransitGatewayMulticastDomainsInput) SetMaxResults(v int64) *DescribeTransitGatewayMulticastDomainsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayMulticastDomainsInput) SetNextToken(v string) *DescribeTransitGatewayMulticastDomainsInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayMulticastDomainIds sets the TransitGatewayMulticastDomainIds field's value. +func (s *DescribeTransitGatewayMulticastDomainsInput) SetTransitGatewayMulticastDomainIds(v []*string) *DescribeTransitGatewayMulticastDomainsInput { + s.TransitGatewayMulticastDomainIds = v + return s +} + +type DescribeTransitGatewayMulticastDomainsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the transit gateway multicast domains. + TransitGatewayMulticastDomains []*TransitGatewayMulticastDomain `locationName:"transitGatewayMulticastDomains" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayMulticastDomainsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayMulticastDomainsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayMulticastDomainsOutput) SetNextToken(v string) *DescribeTransitGatewayMulticastDomainsOutput { + s.NextToken = &v + return s +} + +// SetTransitGatewayMulticastDomains sets the TransitGatewayMulticastDomains field's value. +func (s *DescribeTransitGatewayMulticastDomainsOutput) SetTransitGatewayMulticastDomains(v []*TransitGatewayMulticastDomain) *DescribeTransitGatewayMulticastDomainsOutput { + s.TransitGatewayMulticastDomains = v + return s +} + +type DescribeTransitGatewayPeeringAttachmentsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * transit-gateway-attachment-id - The ID of the transit gateway attachment. + // + // * local-owner-id - The ID of your AWS account. + // + // * remote-owner-id - The ID of the AWS account in the remote Region that + // owns the transit gateway. + // + // * state - The state of the peering attachment (available | deleted | deleting + // | failed | modifying | pendingAcceptance | pending | rollingBack | rejected + // | rejecting). + // + // * transit-gateway-id - The ID of the transit gateway. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // One or more IDs of the transit gateway peering attachments. + TransitGatewayAttachmentIds []*string `type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayPeeringAttachmentsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayPeeringAttachmentsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTransitGatewayPeeringAttachmentsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) SetDryRun(v bool) *DescribeTransitGatewayPeeringAttachmentsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) SetFilters(v []*Filter) *DescribeTransitGatewayPeeringAttachmentsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) SetMaxResults(v int64) *DescribeTransitGatewayPeeringAttachmentsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) SetNextToken(v string) *DescribeTransitGatewayPeeringAttachmentsInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayAttachmentIds sets the TransitGatewayAttachmentIds field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsInput) SetTransitGatewayAttachmentIds(v []*string) *DescribeTransitGatewayPeeringAttachmentsInput { + s.TransitGatewayAttachmentIds = v + return s +} + +type DescribeTransitGatewayPeeringAttachmentsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The transit gateway peering attachments. + TransitGatewayPeeringAttachments []*TransitGatewayPeeringAttachment `locationName:"transitGatewayPeeringAttachments" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayPeeringAttachmentsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayPeeringAttachmentsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsOutput) SetNextToken(v string) *DescribeTransitGatewayPeeringAttachmentsOutput { + s.NextToken = &v + return s +} + +// SetTransitGatewayPeeringAttachments sets the TransitGatewayPeeringAttachments field's value. +func (s *DescribeTransitGatewayPeeringAttachmentsOutput) SetTransitGatewayPeeringAttachments(v []*TransitGatewayPeeringAttachment) *DescribeTransitGatewayPeeringAttachmentsOutput { + s.TransitGatewayPeeringAttachments = v + return s +} + type DescribeTransitGatewayRouteTablesInput struct { _ struct{} `type:"structure"` @@ -59260,7 +66845,6 @@ func (s *DescribeTransitGatewaysOutput) SetTransitGateways(v []*TransitGateway) return s } -// Contains the parameters for DescribeVolumeAttribute. type DescribeVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -59325,7 +66909,6 @@ func (s *DescribeVolumeAttributeInput) SetVolumeId(v string) *DescribeVolumeAttr return s } -// Contains the output of DescribeVolumeAttribute. type DescribeVolumeAttributeOutput struct { _ struct{} `type:"structure"` @@ -59534,6 +67117,12 @@ type DescribeVolumesInput struct { // // * encrypted - Indicates whether the volume is encrypted (true | false) // + // * multi-attach-enabled - Indicates whether the volume is enabled for Multi-Attach + // (true | false) + // + // * fast-restored - Indicates whether the volume was created from a snapshot + // that is enabled for fast snapshot restore (true | false). + // // * size - The size of the volume, in GiB. // // * snapshot-id - The snapshot from which the volume was created. @@ -59628,9 +67217,9 @@ type DescribeVolumesModificationsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // The filters. Supported filters: volume-id, modification-state, target-size, - // target-iops, target-volume-type, original-size, original-iops, original-volume-type, - // start-time. + // The filters. Supported filters: volume-id | modification-state | target-size + // | target-iops | target-volume-type | original-size | original-iops | original-volume-type + // | start-time | originalMultiAttachEnabled | targetMultiAttachEnabled. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results (up to a limit of 500) to be returned in a @@ -60045,7 +67634,7 @@ type DescribeVpcEndpointConnectionNotificationsInput struct { // One or more filters. // - // * connection-notification-arn - The ARN of SNS topic for the notification. + // * connection-notification-arn - The ARN of the SNS topic for the notification. // // * connection-notification-id - The ID of the notification. // @@ -60164,7 +67753,7 @@ type DescribeVpcEndpointConnectionsInput struct { // The maximum number of results to return for the request in a single page. // The remaining results of the initial request can be seen by sending another // request with the returned NextToken value. This value can be between 5 and - // 1000; if MaxResults is given a value larger than 1000, only 1000 results + // 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results // are returned. MaxResults *int64 `type:"integer"` @@ -60271,7 +67860,7 @@ type DescribeVpcEndpointServiceConfigurationsInput struct { // The maximum number of results to return for the request in a single page. // The remaining results of the initial request can be seen by sending another // request with the returned NextToken value. This value can be between 5 and - // 1000; if MaxResults is given a value larger than 1000, only 1000 results + // 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results // are returned. MaxResults *int64 `type:"integer"` @@ -60375,7 +67964,7 @@ type DescribeVpcEndpointServicePermissionsInput struct { // The maximum number of results to return for the request in a single page. // The remaining results of the initial request can be seen by sending another // request with the returned NextToken value. This value can be between 5 and - // 1000; if MaxResults is given a value larger than 1000, only 1000 results + // 1,000; if MaxResults is given a value larger than 1,000, only 1,000 results // are returned. MaxResults *int64 `type:"integer"` @@ -60486,7 +68075,7 @@ type DescribeVpcEndpointServicesInput struct { // One or more filters. // - // * service-name: The name of the service. + // * service-name - The name of the service. // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -60503,7 +68092,7 @@ type DescribeVpcEndpointServicesInput struct { // a token that you can specify in a subsequent call to get the next set of // results. // - // Constraint: If the value is greater than 1000, we return only 1000 items. + // Constraint: If the value is greater than 1,000, we return only 1,000 items. MaxResults *int64 `type:"integer"` // The token for the next set of items to return. (You received this token from @@ -60609,11 +68198,11 @@ type DescribeVpcEndpointsInput struct { // One or more filters. // - // * service-name: The name of the service. + // * service-name - The name of the service. // - // * vpc-id: The ID of the VPC in which the endpoint resides. + // * vpc-id - The ID of the VPC in which the endpoint resides. // - // * vpc-endpoint-id: The ID of the endpoint. + // * vpc-endpoint-id - The ID of the endpoint. // // * vpc-endpoint-state - The state of the endpoint (pendingAcceptance | // pending | available | deleting | deleted | rejected | failed). @@ -60633,7 +68222,7 @@ type DescribeVpcEndpointsInput struct { // a token that you can specify in a subsequent call to get the next set of // results. // - // Constraint: If the value is greater than 1000, we return only 1000 items. + // Constraint: If the value is greater than 1,000, we return only 1,000 items. MaxResults *int64 `type:"integer"` // The token for the next set of items to return. (You received this token from @@ -60894,6 +68483,9 @@ type DescribeVpcsInput struct { // * ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated // with the VPC. // + // * ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool + // from which the IPv6 CIDR block is allocated. + // // * ipv6-cidr-block-association.association-id - The association ID for // an IPv6 CIDR block associated with the VPC. // @@ -61481,7 +69073,6 @@ func (s DetachNetworkInterfaceOutput) GoString() string { return s.String() } -// Contains the parameters for DetachVolume. type DetachVolumeInput struct { _ struct{} `type:"structure"` @@ -61503,7 +69094,8 @@ type DetachVolumeInput struct { // and repair procedures. Force *bool `type:"boolean"` - // The ID of the instance. + // The ID of the instance. If you are detaching a Multi-Attach enabled volume, + // you must specify an instance ID. InstanceId *string `type:"string"` // The ID of the volume. @@ -61825,6 +69417,325 @@ func (s *DisableEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) return s } +// Contains information about the errors that occurred when disabling fast snapshot +// restores. +type DisableFastSnapshotRestoreErrorItem struct { + _ struct{} `type:"structure"` + + // The errors. + FastSnapshotRestoreStateErrors []*DisableFastSnapshotRestoreStateErrorItem `locationName:"fastSnapshotRestoreStateErrorSet" locationNameList:"item" type:"list"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoreErrorItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoreErrorItem) GoString() string { + return s.String() +} + +// SetFastSnapshotRestoreStateErrors sets the FastSnapshotRestoreStateErrors field's value. +func (s *DisableFastSnapshotRestoreErrorItem) SetFastSnapshotRestoreStateErrors(v []*DisableFastSnapshotRestoreStateErrorItem) *DisableFastSnapshotRestoreErrorItem { + s.FastSnapshotRestoreStateErrors = v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *DisableFastSnapshotRestoreErrorItem) SetSnapshotId(v string) *DisableFastSnapshotRestoreErrorItem { + s.SnapshotId = &v + return s +} + +// Describes an error that occurred when disabling fast snapshot restores. +type DisableFastSnapshotRestoreStateError struct { + _ struct{} `type:"structure"` + + // The error code. + Code *string `locationName:"code" type:"string"` + + // The error message. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoreStateError) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoreStateError) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *DisableFastSnapshotRestoreStateError) SetCode(v string) *DisableFastSnapshotRestoreStateError { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *DisableFastSnapshotRestoreStateError) SetMessage(v string) *DisableFastSnapshotRestoreStateError { + s.Message = &v + return s +} + +// Contains information about an error that occurred when disabling fast snapshot +// restores. +type DisableFastSnapshotRestoreStateErrorItem struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The error. + Error *DisableFastSnapshotRestoreStateError `locationName:"error" type:"structure"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoreStateErrorItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoreStateErrorItem) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *DisableFastSnapshotRestoreStateErrorItem) SetAvailabilityZone(v string) *DisableFastSnapshotRestoreStateErrorItem { + s.AvailabilityZone = &v + return s +} + +// SetError sets the Error field's value. +func (s *DisableFastSnapshotRestoreStateErrorItem) SetError(v *DisableFastSnapshotRestoreStateError) *DisableFastSnapshotRestoreStateErrorItem { + s.Error = v + return s +} + +// Describes fast snapshot restores that were successfully disabled. +type DisableFastSnapshotRestoreSuccessItem struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The time at which fast snapshot restores entered the disabled state. + DisabledTime *time.Time `locationName:"disabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the disabling state. + DisablingTime *time.Time `locationName:"disablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabled state. + EnabledTime *time.Time `locationName:"enabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabling state. + EnablingTime *time.Time `locationName:"enablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the optimizing state. + OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` + + // The alias of the snapshot owner. + OwnerAlias *string `locationName:"ownerAlias" type:"string"` + + // The ID of the AWS account that owns the snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` + + // The state of fast snapshot restores for the snapshot. + State *string `locationName:"state" type:"string" enum:"FastSnapshotRestoreStateCode"` + + // The reason for the state transition. The possible values are as follows: + // + // * Client.UserInitiated - The state successfully transitioned to enabling + // or disabling. + // + // * Client.UserInitiated - Lifecycle state transition - The state successfully + // transitioned to optimizing, enabled, or disabled. + StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoreSuccessItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoreSuccessItem) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetAvailabilityZone(v string) *DisableFastSnapshotRestoreSuccessItem { + s.AvailabilityZone = &v + return s +} + +// SetDisabledTime sets the DisabledTime field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetDisabledTime(v time.Time) *DisableFastSnapshotRestoreSuccessItem { + s.DisabledTime = &v + return s +} + +// SetDisablingTime sets the DisablingTime field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetDisablingTime(v time.Time) *DisableFastSnapshotRestoreSuccessItem { + s.DisablingTime = &v + return s +} + +// SetEnabledTime sets the EnabledTime field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetEnabledTime(v time.Time) *DisableFastSnapshotRestoreSuccessItem { + s.EnabledTime = &v + return s +} + +// SetEnablingTime sets the EnablingTime field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetEnablingTime(v time.Time) *DisableFastSnapshotRestoreSuccessItem { + s.EnablingTime = &v + return s +} + +// SetOptimizingTime sets the OptimizingTime field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetOptimizingTime(v time.Time) *DisableFastSnapshotRestoreSuccessItem { + s.OptimizingTime = &v + return s +} + +// SetOwnerAlias sets the OwnerAlias field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetOwnerAlias(v string) *DisableFastSnapshotRestoreSuccessItem { + s.OwnerAlias = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetOwnerId(v string) *DisableFastSnapshotRestoreSuccessItem { + s.OwnerId = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetSnapshotId(v string) *DisableFastSnapshotRestoreSuccessItem { + s.SnapshotId = &v + return s +} + +// SetState sets the State field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetState(v string) *DisableFastSnapshotRestoreSuccessItem { + s.State = &v + return s +} + +// SetStateTransitionReason sets the StateTransitionReason field's value. +func (s *DisableFastSnapshotRestoreSuccessItem) SetStateTransitionReason(v string) *DisableFastSnapshotRestoreSuccessItem { + s.StateTransitionReason = &v + return s +} + +type DisableFastSnapshotRestoresInput struct { + _ struct{} `type:"structure"` + + // One or more Availability Zones. For example, us-east-2a. + // + // AvailabilityZones is a required field + AvailabilityZones []*string `locationName:"AvailabilityZone" locationNameList:"AvailabilityZone" type:"list" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of one or more snapshots. For example, snap-1234567890abcdef0. + // + // SourceSnapshotIds is a required field + SourceSnapshotIds []*string `locationName:"SourceSnapshotId" locationNameList:"SnapshotId" type:"list" required:"true"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoresInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoresInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableFastSnapshotRestoresInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableFastSnapshotRestoresInput"} + if s.AvailabilityZones == nil { + invalidParams.Add(request.NewErrParamRequired("AvailabilityZones")) + } + if s.SourceSnapshotIds == nil { + invalidParams.Add(request.NewErrParamRequired("SourceSnapshotIds")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAvailabilityZones sets the AvailabilityZones field's value. +func (s *DisableFastSnapshotRestoresInput) SetAvailabilityZones(v []*string) *DisableFastSnapshotRestoresInput { + s.AvailabilityZones = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableFastSnapshotRestoresInput) SetDryRun(v bool) *DisableFastSnapshotRestoresInput { + s.DryRun = &v + return s +} + +// SetSourceSnapshotIds sets the SourceSnapshotIds field's value. +func (s *DisableFastSnapshotRestoresInput) SetSourceSnapshotIds(v []*string) *DisableFastSnapshotRestoresInput { + s.SourceSnapshotIds = v + return s +} + +type DisableFastSnapshotRestoresOutput struct { + _ struct{} `type:"structure"` + + // Information about the snapshots for which fast snapshot restores were successfully + // disabled. + Successful []*DisableFastSnapshotRestoreSuccessItem `locationName:"successful" locationNameList:"item" type:"list"` + + // Information about the snapshots for which fast snapshot restores could not + // be disabled. + Unsuccessful []*DisableFastSnapshotRestoreErrorItem `locationName:"unsuccessful" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DisableFastSnapshotRestoresOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableFastSnapshotRestoresOutput) GoString() string { + return s.String() +} + +// SetSuccessful sets the Successful field's value. +func (s *DisableFastSnapshotRestoresOutput) SetSuccessful(v []*DisableFastSnapshotRestoreSuccessItem) *DisableFastSnapshotRestoresOutput { + s.Successful = v + return s +} + +// SetUnsuccessful sets the Unsuccessful field's value. +func (s *DisableFastSnapshotRestoresOutput) SetUnsuccessful(v []*DisableFastSnapshotRestoreErrorItem) *DisableFastSnapshotRestoresOutput { + s.Unsuccessful = v + return s +} + type DisableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -61916,6 +69827,12 @@ func (s *DisableTransitGatewayRouteTablePropagationOutput) SetPropagation(v *Tra type DisableVgwRoutePropagationInput struct { _ struct{} `type:"structure"` + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + // The ID of the virtual private gateway. // // GatewayId is a required field @@ -61953,6 +69870,12 @@ func (s *DisableVgwRoutePropagationInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *DisableVgwRoutePropagationInput) SetDryRun(v bool) *DisableVgwRoutePropagationInput { + s.DryRun = &v + return s +} + // SetGatewayId sets the GatewayId field's value. func (s *DisableVgwRoutePropagationInput) SetGatewayId(v string) *DisableVgwRoutePropagationInput { s.GatewayId = &v @@ -62448,6 +70371,82 @@ func (s *DisassociateSubnetCidrBlockOutput) SetSubnetId(v string) *DisassociateS return s } +type DisassociateTransitGatewayMulticastDomainInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of the subnets; + SubnetIds []*string `locationNameList:"item" type:"list"` + + // The ID of the attachment. + TransitGatewayAttachmentId *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s DisassociateTransitGatewayMulticastDomainInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateTransitGatewayMulticastDomainInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisassociateTransitGatewayMulticastDomainInput) SetDryRun(v bool) *DisassociateTransitGatewayMulticastDomainInput { + s.DryRun = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *DisassociateTransitGatewayMulticastDomainInput) SetSubnetIds(v []*string) *DisassociateTransitGatewayMulticastDomainInput { + s.SubnetIds = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *DisassociateTransitGatewayMulticastDomainInput) SetTransitGatewayAttachmentId(v string) *DisassociateTransitGatewayMulticastDomainInput { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *DisassociateTransitGatewayMulticastDomainInput) SetTransitGatewayMulticastDomainId(v string) *DisassociateTransitGatewayMulticastDomainInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type DisassociateTransitGatewayMulticastDomainOutput struct { + _ struct{} `type:"structure"` + + // Information about the association. + Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` +} + +// String returns the string representation +func (s DisassociateTransitGatewayMulticastDomainOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateTransitGatewayMulticastDomainOutput) GoString() string { + return s.String() +} + +// SetAssociations sets the Associations field's value. +func (s *DisassociateTransitGatewayMulticastDomainOutput) SetAssociations(v *TransitGatewayMulticastDomainAssociations) *DisassociateTransitGatewayMulticastDomainOutput { + s.Associations = v + return s +} + type DisassociateTransitGatewayRouteTableInput struct { _ struct{} `type:"structure"` @@ -62841,6 +70840,48 @@ func (s *DiskImageVolumeDescription) SetSize(v int64) *DiskImageVolumeDescriptio return s } +// Describes the disk. +type DiskInfo struct { + _ struct{} `type:"structure"` + + // The number of disks with this configuration. + Count *int64 `locationName:"count" type:"integer"` + + // The size of the disk in GB. + SizeInGB *int64 `locationName:"sizeInGB" type:"long"` + + // The type of disk. + Type *string `locationName:"type" type:"string" enum:"DiskType"` +} + +// String returns the string representation +func (s DiskInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DiskInfo) GoString() string { + return s.String() +} + +// SetCount sets the Count field's value. +func (s *DiskInfo) SetCount(v int64) *DiskInfo { + s.Count = &v + return s +} + +// SetSizeInGB sets the SizeInGB field's value. +func (s *DiskInfo) SetSizeInGB(v int64) *DiskInfo { + s.SizeInGB = &v + return s +} + +// SetType sets the Type field's value. +func (s *DiskInfo) SetType(v string) *DiskInfo { + s.Type = &v + return s +} + // Describes a DNS entry. type DnsEntry struct { _ struct{} `type:"structure"` @@ -62931,6 +70972,8 @@ type EbsBlockDevice struct { // // Encrypted volumes can only be attached to instances that support Amazon EBS // encryption. For more information, see Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). + // + // This parameter is not returned by . Encrypted *bool `locationName:"encrypted" type:"boolean"` // The number of I/O operations per second (IOPS) that the volume supports. @@ -62975,8 +71018,9 @@ type EbsBlockDevice struct { // size. VolumeSize *int64 `locationName:"volumeSize" type:"integer"` - // The volume type. If you set the type to io1, you must also specify the IOPS - // that the volume supports. + // The volume type. If you set the type to io1, you must also specify the Iops + // parameter. If you set the type to gp2, st1, sc1, or standard, you must omit + // the Iops parameter. // // Default: gp2 VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` @@ -63034,6 +71078,41 @@ func (s *EbsBlockDevice) SetVolumeType(v string) *EbsBlockDevice { return s } +// Describes the Amazon EBS features supported by the instance type. +type EbsInfo struct { + _ struct{} `type:"structure"` + + // Indicates that the instance type is Amazon EBS-optimized. For more information, + // see Amazon EBS-Optimized Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) + // in Amazon EC2 User Guide for Linux Instances. + EbsOptimizedSupport *string `locationName:"ebsOptimizedSupport" type:"string" enum:"EbsOptimizedSupport"` + + // Indicates whether Amazon EBS encryption is supported. + EncryptionSupport *string `locationName:"encryptionSupport" type:"string" enum:"EbsEncryptionSupport"` +} + +// String returns the string representation +func (s EbsInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EbsInfo) GoString() string { + return s.String() +} + +// SetEbsOptimizedSupport sets the EbsOptimizedSupport field's value. +func (s *EbsInfo) SetEbsOptimizedSupport(v string) *EbsInfo { + s.EbsOptimizedSupport = &v + return s +} + +// SetEncryptionSupport sets the EncryptionSupport field's value. +func (s *EbsInfo) SetEncryptionSupport(v string) *EbsInfo { + s.EncryptionSupport = &v + return s +} + // Describes a parameter used to set up an EBS volume in a block device mapping. type EbsInstanceBlockDevice struct { _ struct{} `type:"structure"` @@ -63128,6 +71207,9 @@ type EgressOnlyInternetGateway struct { // The ID of the egress-only internet gateway. EgressOnlyInternetGatewayId *string `locationName:"egressOnlyInternetGatewayId" type:"string"` + + // The tags assigned to the egress-only internet gateway. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -63152,6 +71234,12 @@ func (s *EgressOnlyInternetGateway) SetEgressOnlyInternetGatewayId(v string) *Eg return s } +// SetTags sets the Tags field's value. +func (s *EgressOnlyInternetGateway) SetTags(v []*Tag) *EgressOnlyInternetGateway { + s.Tags = v + return s +} + // Describes the association between an instance and an Elastic Graphics accelerator. type ElasticGpuAssociation struct { _ struct{} `type:"structure"` @@ -63232,7 +71320,10 @@ func (s *ElasticGpuHealth) SetStatus(v string) *ElasticGpuHealth { type ElasticGpuSpecification struct { _ struct{} `type:"structure"` - // The type of Elastic Graphics accelerator. + // The type of Elastic Graphics accelerator. For more information about the + // values to specify for Type, see Elastic Graphics Basics (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html#elastic-graphics-basics), + // specifically the Elastic Graphics accelerator column, in the Amazon Elastic + // Compute Cloud User Guide for Windows Instances. // // Type is a required field Type *string `type:"string" required:"true"` @@ -63312,6 +71403,9 @@ type ElasticGpus struct { // The ID of the instance to which the Elastic Graphics accelerator is attached. InstanceId *string `locationName:"instanceId" type:"string"` + + // The tags assigned to the Elastic Graphics accelerator. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -63360,12 +71454,23 @@ func (s *ElasticGpus) SetInstanceId(v string) *ElasticGpus { return s } +// SetTags sets the Tags field's value. +func (s *ElasticGpus) SetTags(v []*Tag) *ElasticGpus { + s.Tags = v + return s +} + // Describes an elastic inference accelerator. type ElasticInferenceAccelerator struct { _ struct{} `type:"structure"` - // The type of elastic inference accelerator. The possible values are eia1.small, - // eia1.medium, and eia1.large. + // The number of elastic inference accelerators to attach to the instance. + // + // Default: 1 + Count *int64 `min:"1" type:"integer"` + + // The type of elastic inference accelerator. The possible values are eia1.medium, + // eia1.large, and eia1.xlarge. // // Type is a required field Type *string `type:"string" required:"true"` @@ -63384,6 +71489,9 @@ func (s ElasticInferenceAccelerator) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ElasticInferenceAccelerator) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ElasticInferenceAccelerator"} + if s.Count != nil && *s.Count < 1 { + invalidParams.Add(request.NewErrParamMinValue("Count", 1)) + } if s.Type == nil { invalidParams.Add(request.NewErrParamRequired("Type")) } @@ -63394,6 +71502,12 @@ func (s *ElasticInferenceAccelerator) Validate() error { return nil } +// SetCount sets the Count field's value. +func (s *ElasticInferenceAccelerator) SetCount(v int64) *ElasticInferenceAccelerator { + s.Count = &v + return s +} + // SetType sets the Type field's value. func (s *ElasticInferenceAccelerator) SetType(v string) *ElasticInferenceAccelerator { s.Type = &v @@ -63501,6 +71615,326 @@ func (s *EnableEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) * return s } +// Contains information about the errors that occurred when enabling fast snapshot +// restores. +type EnableFastSnapshotRestoreErrorItem struct { + _ struct{} `type:"structure"` + + // The errors. + FastSnapshotRestoreStateErrors []*EnableFastSnapshotRestoreStateErrorItem `locationName:"fastSnapshotRestoreStateErrorSet" locationNameList:"item" type:"list"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoreErrorItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoreErrorItem) GoString() string { + return s.String() +} + +// SetFastSnapshotRestoreStateErrors sets the FastSnapshotRestoreStateErrors field's value. +func (s *EnableFastSnapshotRestoreErrorItem) SetFastSnapshotRestoreStateErrors(v []*EnableFastSnapshotRestoreStateErrorItem) *EnableFastSnapshotRestoreErrorItem { + s.FastSnapshotRestoreStateErrors = v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *EnableFastSnapshotRestoreErrorItem) SetSnapshotId(v string) *EnableFastSnapshotRestoreErrorItem { + s.SnapshotId = &v + return s +} + +// Describes an error that occurred when enabling fast snapshot restores. +type EnableFastSnapshotRestoreStateError struct { + _ struct{} `type:"structure"` + + // The error code. + Code *string `locationName:"code" type:"string"` + + // The error message. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoreStateError) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoreStateError) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *EnableFastSnapshotRestoreStateError) SetCode(v string) *EnableFastSnapshotRestoreStateError { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *EnableFastSnapshotRestoreStateError) SetMessage(v string) *EnableFastSnapshotRestoreStateError { + s.Message = &v + return s +} + +// Contains information about an error that occurred when enabling fast snapshot +// restores. +type EnableFastSnapshotRestoreStateErrorItem struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The error. + Error *EnableFastSnapshotRestoreStateError `locationName:"error" type:"structure"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoreStateErrorItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoreStateErrorItem) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *EnableFastSnapshotRestoreStateErrorItem) SetAvailabilityZone(v string) *EnableFastSnapshotRestoreStateErrorItem { + s.AvailabilityZone = &v + return s +} + +// SetError sets the Error field's value. +func (s *EnableFastSnapshotRestoreStateErrorItem) SetError(v *EnableFastSnapshotRestoreStateError) *EnableFastSnapshotRestoreStateErrorItem { + s.Error = v + return s +} + +// Describes fast snapshot restores that were successfully enabled. +type EnableFastSnapshotRestoreSuccessItem struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // The time at which fast snapshot restores entered the disabled state. + DisabledTime *time.Time `locationName:"disabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the disabling state. + DisablingTime *time.Time `locationName:"disablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabled state. + EnabledTime *time.Time `locationName:"enabledTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the enabling state. + EnablingTime *time.Time `locationName:"enablingTime" type:"timestamp"` + + // The time at which fast snapshot restores entered the optimizing state. + OptimizingTime *time.Time `locationName:"optimizingTime" type:"timestamp"` + + // The alias of the snapshot owner. + OwnerAlias *string `locationName:"ownerAlias" type:"string"` + + // The ID of the AWS account that owns the snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The ID of the snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` + + // The state of fast snapshot restores. + State *string `locationName:"state" type:"string" enum:"FastSnapshotRestoreStateCode"` + + // The reason for the state transition. The possible values are as follows: + // + // * Client.UserInitiated - The state successfully transitioned to enabling + // or disabling. + // + // * Client.UserInitiated - Lifecycle state transition - The state successfully + // transitioned to optimizing, enabled, or disabled. + StateTransitionReason *string `locationName:"stateTransitionReason" type:"string"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoreSuccessItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoreSuccessItem) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetAvailabilityZone(v string) *EnableFastSnapshotRestoreSuccessItem { + s.AvailabilityZone = &v + return s +} + +// SetDisabledTime sets the DisabledTime field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetDisabledTime(v time.Time) *EnableFastSnapshotRestoreSuccessItem { + s.DisabledTime = &v + return s +} + +// SetDisablingTime sets the DisablingTime field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetDisablingTime(v time.Time) *EnableFastSnapshotRestoreSuccessItem { + s.DisablingTime = &v + return s +} + +// SetEnabledTime sets the EnabledTime field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetEnabledTime(v time.Time) *EnableFastSnapshotRestoreSuccessItem { + s.EnabledTime = &v + return s +} + +// SetEnablingTime sets the EnablingTime field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetEnablingTime(v time.Time) *EnableFastSnapshotRestoreSuccessItem { + s.EnablingTime = &v + return s +} + +// SetOptimizingTime sets the OptimizingTime field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetOptimizingTime(v time.Time) *EnableFastSnapshotRestoreSuccessItem { + s.OptimizingTime = &v + return s +} + +// SetOwnerAlias sets the OwnerAlias field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetOwnerAlias(v string) *EnableFastSnapshotRestoreSuccessItem { + s.OwnerAlias = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetOwnerId(v string) *EnableFastSnapshotRestoreSuccessItem { + s.OwnerId = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetSnapshotId(v string) *EnableFastSnapshotRestoreSuccessItem { + s.SnapshotId = &v + return s +} + +// SetState sets the State field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetState(v string) *EnableFastSnapshotRestoreSuccessItem { + s.State = &v + return s +} + +// SetStateTransitionReason sets the StateTransitionReason field's value. +func (s *EnableFastSnapshotRestoreSuccessItem) SetStateTransitionReason(v string) *EnableFastSnapshotRestoreSuccessItem { + s.StateTransitionReason = &v + return s +} + +type EnableFastSnapshotRestoresInput struct { + _ struct{} `type:"structure"` + + // One or more Availability Zones. For example, us-east-2a. + // + // AvailabilityZones is a required field + AvailabilityZones []*string `locationName:"AvailabilityZone" locationNameList:"AvailabilityZone" type:"list" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of one or more snapshots. For example, snap-1234567890abcdef0. You + // can specify a snapshot that was shared with you from another AWS account. + // + // SourceSnapshotIds is a required field + SourceSnapshotIds []*string `locationName:"SourceSnapshotId" locationNameList:"SnapshotId" type:"list" required:"true"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoresInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoresInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableFastSnapshotRestoresInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableFastSnapshotRestoresInput"} + if s.AvailabilityZones == nil { + invalidParams.Add(request.NewErrParamRequired("AvailabilityZones")) + } + if s.SourceSnapshotIds == nil { + invalidParams.Add(request.NewErrParamRequired("SourceSnapshotIds")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAvailabilityZones sets the AvailabilityZones field's value. +func (s *EnableFastSnapshotRestoresInput) SetAvailabilityZones(v []*string) *EnableFastSnapshotRestoresInput { + s.AvailabilityZones = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableFastSnapshotRestoresInput) SetDryRun(v bool) *EnableFastSnapshotRestoresInput { + s.DryRun = &v + return s +} + +// SetSourceSnapshotIds sets the SourceSnapshotIds field's value. +func (s *EnableFastSnapshotRestoresInput) SetSourceSnapshotIds(v []*string) *EnableFastSnapshotRestoresInput { + s.SourceSnapshotIds = v + return s +} + +type EnableFastSnapshotRestoresOutput struct { + _ struct{} `type:"structure"` + + // Information about the snapshots for which fast snapshot restores were successfully + // enabled. + Successful []*EnableFastSnapshotRestoreSuccessItem `locationName:"successful" locationNameList:"item" type:"list"` + + // Information about the snapshots for which fast snapshot restores could not + // be enabled. + Unsuccessful []*EnableFastSnapshotRestoreErrorItem `locationName:"unsuccessful" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s EnableFastSnapshotRestoresOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableFastSnapshotRestoresOutput) GoString() string { + return s.String() +} + +// SetSuccessful sets the Successful field's value. +func (s *EnableFastSnapshotRestoresOutput) SetSuccessful(v []*EnableFastSnapshotRestoreSuccessItem) *EnableFastSnapshotRestoresOutput { + s.Successful = v + return s +} + +// SetUnsuccessful sets the Unsuccessful field's value. +func (s *EnableFastSnapshotRestoresOutput) SetUnsuccessful(v []*EnableFastSnapshotRestoreErrorItem) *EnableFastSnapshotRestoresOutput { + s.Unsuccessful = v + return s +} + type EnableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -63592,6 +72026,12 @@ func (s *EnableTransitGatewayRouteTablePropagationOutput) SetPropagation(v *Tran type EnableVgwRoutePropagationInput struct { _ struct{} `type:"structure"` + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + // The ID of the virtual private gateway that is attached to a VPC. The virtual // private gateway must be attached to the same VPC that the routing tables // are associated with. @@ -63632,6 +72072,12 @@ func (s *EnableVgwRoutePropagationInput) Validate() error { return nil } +// SetDryRun sets the DryRun field's value. +func (s *EnableVgwRoutePropagationInput) SetDryRun(v bool) *EnableVgwRoutePropagationInput { + s.DryRun = &v + return s +} + // SetGatewayId sets the GatewayId field's value. func (s *EnableVgwRoutePropagationInput) SetGatewayId(v string) *EnableVgwRoutePropagationInput { s.GatewayId = &v @@ -63658,7 +72104,6 @@ func (s EnableVgwRoutePropagationOutput) GoString() string { return s.String() } -// Contains the parameters for EnableVolumeIO. type EnableVolumeIOInput struct { _ struct{} `type:"structure"` @@ -64412,6 +72857,9 @@ type ExportTask struct { // The status message related to the export task. StatusMessage *string `locationName:"statusMessage" type:"string"` + + // The tags for the export task. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -64460,6 +72908,12 @@ func (s *ExportTask) SetStatusMessage(v string) *ExportTask { return s } +// SetTags sets the Tags field's value. +func (s *ExportTask) SetTags(v []*Tag) *ExportTask { + s.Tags = v + return s +} + // Describes the destination for an export image task. type ExportTaskS3Location struct { _ struct{} `type:"structure"` @@ -64871,8 +73325,8 @@ type FleetData struct { // is pending_termination while instances are terminating. ActivityStatus *string `locationName:"activityStatus" type:"string" enum:"FleetActivityStatus"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraints: Maximum 64 ASCII characters ClientToken *string `locationName:"clientToken" type:"string"` @@ -64935,11 +73389,11 @@ type FleetData struct { // The type of request. Indicates whether the EC2 Fleet only requests the target // capacity, or also attempts to maintain it. If you request a certain target // capacity, EC2 Fleet only places the required requests; it does not attempt - // to replenish instances if capacity is diminished, and does not submit requests - // in alternative capacity pools if capacity is unavailable. To maintain a certain - // target capacity, EC2 Fleet places the required requests to meet this target - // capacity. It also automatically replenishes any interrupted Spot Instances. - // Default: maintain. + // to replenish instances if capacity is diminished, and it does not submit + // requests in alternative capacity pools if capacity is unavailable. To maintain + // a certain target capacity, EC2 Fleet places the required requests to meet + // this target capacity. It also automatically replenishes any interrupted Spot + // Instances. Default: maintain. Type *string `locationName:"type" type:"string" enum:"FleetType"` // The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). @@ -65273,7 +73727,9 @@ type FleetLaunchTemplateOverridesRequest struct { // override has the lowest priority. Priority *float64 `type:"double"` - // The ID of the subnet in which to launch the instances. + // The IDs of the subnets in which to launch the instances. Separate multiple + // subnet IDs using commas (for example, subnet-1234abcdeexample1, subnet-0987cdef6example2). + // A request of type instant can have only one subnet ID. SubnetId *string `type:"string"` // The number of units provided by the specified instance type. @@ -65491,9 +73947,22 @@ type FlowLog struct { // The name of the flow log group. LogGroupName *string `locationName:"logGroupName" type:"string"` + // The maximum interval of time, in seconds, during which a flow of packets + // is captured and aggregated into a flow log record. + // + // When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + // the aggregation interval is always 60 seconds (1 minute) or less, regardless + // of the specified value. + // + // Valid Values: 60 | 600 + MaxAggregationInterval *int64 `locationName:"maxAggregationInterval" type:"integer"` + // The ID of the resource on which the flow log was created. ResourceId *string `locationName:"resourceId" type:"string"` + // The tags for the flow log. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // The type of traffic captured for the flow log. TrafficType *string `locationName:"trafficType" type:"string" enum:"TrafficType"` } @@ -65568,18 +74037,105 @@ func (s *FlowLog) SetLogGroupName(v string) *FlowLog { return s } +// SetMaxAggregationInterval sets the MaxAggregationInterval field's value. +func (s *FlowLog) SetMaxAggregationInterval(v int64) *FlowLog { + s.MaxAggregationInterval = &v + return s +} + // SetResourceId sets the ResourceId field's value. func (s *FlowLog) SetResourceId(v string) *FlowLog { s.ResourceId = &v return s } +// SetTags sets the Tags field's value. +func (s *FlowLog) SetTags(v []*Tag) *FlowLog { + s.Tags = v + return s +} + // SetTrafficType sets the TrafficType field's value. func (s *FlowLog) SetTrafficType(v string) *FlowLog { s.TrafficType = &v return s } +// Describes the FPGA accelerator for the instance type. +type FpgaDeviceInfo struct { + _ struct{} `type:"structure"` + + // The count of FPGA accelerators for the instance type. + Count *int64 `locationName:"count" type:"integer"` + + // The manufacturer of the FPGA accelerator. + Manufacturer *string `locationName:"manufacturer" type:"string"` + + // Describes the memory for the FPGA accelerator for the instance type. + MemoryInfo *FpgaDeviceMemoryInfo `locationName:"memoryInfo" type:"structure"` + + // The name of the FPGA accelerator. + Name *string `locationName:"name" type:"string"` +} + +// String returns the string representation +func (s FpgaDeviceInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FpgaDeviceInfo) GoString() string { + return s.String() +} + +// SetCount sets the Count field's value. +func (s *FpgaDeviceInfo) SetCount(v int64) *FpgaDeviceInfo { + s.Count = &v + return s +} + +// SetManufacturer sets the Manufacturer field's value. +func (s *FpgaDeviceInfo) SetManufacturer(v string) *FpgaDeviceInfo { + s.Manufacturer = &v + return s +} + +// SetMemoryInfo sets the MemoryInfo field's value. +func (s *FpgaDeviceInfo) SetMemoryInfo(v *FpgaDeviceMemoryInfo) *FpgaDeviceInfo { + s.MemoryInfo = v + return s +} + +// SetName sets the Name field's value. +func (s *FpgaDeviceInfo) SetName(v string) *FpgaDeviceInfo { + s.Name = &v + return s +} + +// Describes the memory for the FPGA accelerator for the instance type. +type FpgaDeviceMemoryInfo struct { + _ struct{} `type:"structure"` + + // The size (in MiB) for the memory available to the FPGA accelerator. + SizeInMiB *int64 `locationName:"sizeInMiB" type:"integer"` +} + +// String returns the string representation +func (s FpgaDeviceMemoryInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FpgaDeviceMemoryInfo) GoString() string { + return s.String() +} + +// SetSizeInMiB sets the SizeInMiB field's value. +func (s *FpgaDeviceMemoryInfo) SetSizeInMiB(v int64) *FpgaDeviceMemoryInfo { + s.SizeInMiB = &v + return s +} + // Describes an Amazon FPGA image (AFI). type FpgaImage struct { _ struct{} `type:"structure"` @@ -65832,6 +74388,144 @@ func (s *FpgaImageState) SetMessage(v string) *FpgaImageState { return s } +// Describes the FPGAs for the instance type. +type FpgaInfo struct { + _ struct{} `type:"structure"` + + // Describes the FPGAs for the instance type. + Fpgas []*FpgaDeviceInfo `locationName:"fpgas" locationNameList:"item" type:"list"` + + // The total memory of all FPGA accelerators for the instance type. + TotalFpgaMemoryInMiB *int64 `locationName:"totalFpgaMemoryInMiB" type:"integer"` +} + +// String returns the string representation +func (s FpgaInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FpgaInfo) GoString() string { + return s.String() +} + +// SetFpgas sets the Fpgas field's value. +func (s *FpgaInfo) SetFpgas(v []*FpgaDeviceInfo) *FpgaInfo { + s.Fpgas = v + return s +} + +// SetTotalFpgaMemoryInMiB sets the TotalFpgaMemoryInMiB field's value. +func (s *FpgaInfo) SetTotalFpgaMemoryInMiB(v int64) *FpgaInfo { + s.TotalFpgaMemoryInMiB = &v + return s +} + +type GetAssociatedIpv6PoolCidrsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the IPv6 address pool. + // + // PoolId is a required field + PoolId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s GetAssociatedIpv6PoolCidrsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAssociatedIpv6PoolCidrsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAssociatedIpv6PoolCidrsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAssociatedIpv6PoolCidrsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.PoolId == nil { + invalidParams.Add(request.NewErrParamRequired("PoolId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetAssociatedIpv6PoolCidrsInput) SetDryRun(v bool) *GetAssociatedIpv6PoolCidrsInput { + s.DryRun = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetAssociatedIpv6PoolCidrsInput) SetMaxResults(v int64) *GetAssociatedIpv6PoolCidrsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAssociatedIpv6PoolCidrsInput) SetNextToken(v string) *GetAssociatedIpv6PoolCidrsInput { + s.NextToken = &v + return s +} + +// SetPoolId sets the PoolId field's value. +func (s *GetAssociatedIpv6PoolCidrsInput) SetPoolId(v string) *GetAssociatedIpv6PoolCidrsInput { + s.PoolId = &v + return s +} + +type GetAssociatedIpv6PoolCidrsOutput struct { + _ struct{} `type:"structure"` + + // Information about the IPv6 CIDR block associations. + Ipv6CidrAssociations []*Ipv6CidrAssociation `locationName:"ipv6CidrAssociationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s GetAssociatedIpv6PoolCidrsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAssociatedIpv6PoolCidrsOutput) GoString() string { + return s.String() +} + +// SetIpv6CidrAssociations sets the Ipv6CidrAssociations field's value. +func (s *GetAssociatedIpv6PoolCidrsOutput) SetIpv6CidrAssociations(v []*Ipv6CidrAssociation) *GetAssociatedIpv6PoolCidrsOutput { + s.Ipv6CidrAssociations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetAssociatedIpv6PoolCidrsOutput) SetNextToken(v string) *GetAssociatedIpv6PoolCidrsOutput { + s.NextToken = &v + return s +} + type GetCapacityReservationUsageInput struct { _ struct{} `type:"structure"` @@ -66004,6 +74698,136 @@ func (s *GetCapacityReservationUsageOutput) SetTotalInstanceCount(v int64) *GetC return s } +type GetCoipPoolUsageInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. The following are the possible values: + // + // * coip-address-usage.allocation-id + // + // * coip-address-usage.aws-account-id + // + // * coip-address-usage.aws-service + // + // * coip-address-usage.co-ip + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the address pool. + // + // PoolId is a required field + PoolId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s GetCoipPoolUsageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCoipPoolUsageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetCoipPoolUsageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetCoipPoolUsageInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + if s.PoolId == nil { + invalidParams.Add(request.NewErrParamRequired("PoolId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetCoipPoolUsageInput) SetDryRun(v bool) *GetCoipPoolUsageInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetCoipPoolUsageInput) SetFilters(v []*Filter) *GetCoipPoolUsageInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetCoipPoolUsageInput) SetMaxResults(v int64) *GetCoipPoolUsageInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetCoipPoolUsageInput) SetNextToken(v string) *GetCoipPoolUsageInput { + s.NextToken = &v + return s +} + +// SetPoolId sets the PoolId field's value. +func (s *GetCoipPoolUsageInput) SetPoolId(v string) *GetCoipPoolUsageInput { + s.PoolId = &v + return s +} + +type GetCoipPoolUsageOutput struct { + _ struct{} `type:"structure"` + + // Information about the address usage. + CoipAddressUsages []*CoipAddressUsage `locationName:"coipAddressUsageSet" locationNameList:"item" type:"list"` + + // The ID of the customer-owned address pool. + CoipPoolId *string `locationName:"coipPoolId" type:"string"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` +} + +// String returns the string representation +func (s GetCoipPoolUsageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCoipPoolUsageOutput) GoString() string { + return s.String() +} + +// SetCoipAddressUsages sets the CoipAddressUsages field's value. +func (s *GetCoipPoolUsageOutput) SetCoipAddressUsages(v []*CoipAddressUsage) *GetCoipPoolUsageOutput { + s.CoipAddressUsages = v + return s +} + +// SetCoipPoolId sets the CoipPoolId field's value. +func (s *GetCoipPoolUsageOutput) SetCoipPoolId(v string) *GetCoipPoolUsageOutput { + s.CoipPoolId = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *GetCoipPoolUsageOutput) SetLocalGatewayRouteTableId(v string) *GetCoipPoolUsageOutput { + s.LocalGatewayRouteTableId = &v + return s +} + type GetConsoleOutputInput struct { _ struct{} `type:"structure"` @@ -66199,6 +75023,79 @@ func (s *GetConsoleScreenshotOutput) SetInstanceId(v string) *GetConsoleScreensh return s } +type GetDefaultCreditSpecificationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The instance family. + // + // InstanceFamily is a required field + InstanceFamily *string `type:"string" required:"true" enum:"UnlimitedSupportedInstanceFamily"` +} + +// String returns the string representation +func (s GetDefaultCreditSpecificationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDefaultCreditSpecificationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDefaultCreditSpecificationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDefaultCreditSpecificationInput"} + if s.InstanceFamily == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceFamily")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetDefaultCreditSpecificationInput) SetDryRun(v bool) *GetDefaultCreditSpecificationInput { + s.DryRun = &v + return s +} + +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *GetDefaultCreditSpecificationInput) SetInstanceFamily(v string) *GetDefaultCreditSpecificationInput { + s.InstanceFamily = &v + return s +} + +type GetDefaultCreditSpecificationOutput struct { + _ struct{} `type:"structure"` + + // The default credit option for CPU usage of the instance family. + InstanceFamilyCreditSpecification *InstanceFamilyCreditSpecification `locationName:"instanceFamilyCreditSpecification" type:"structure"` +} + +// String returns the string representation +func (s GetDefaultCreditSpecificationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDefaultCreditSpecificationOutput) GoString() string { + return s.String() +} + +// SetInstanceFamilyCreditSpecification sets the InstanceFamilyCreditSpecification field's value. +func (s *GetDefaultCreditSpecificationOutput) SetInstanceFamilyCreditSpecification(v *InstanceFamilyCreditSpecification) *GetDefaultCreditSpecificationOutput { + s.InstanceFamilyCreditSpecification = v + return s +} + type GetEbsDefaultKmsKeyIdInput struct { _ struct{} `type:"structure"` @@ -66850,6 +75747,126 @@ func (s *GetTransitGatewayAttachmentPropagationsOutput) SetTransitGatewayAttachm return s } +type GetTransitGatewayMulticastDomainAssociationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * resource-id - The ID of the resource. + // + // * resource-type - The type of resource. The valid value is: vpc. + // + // * state - The state of the subnet association. Valid values are associated + // | associating | disassociated | disassociating. + // + // * subnet-id - The ID of the subnet. + // + // * transit-gateway-attachment-id - The id of the transit gateway attachment. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s GetTransitGatewayMulticastDomainAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetTransitGatewayMulticastDomainAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTransitGatewayMulticastDomainAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) SetDryRun(v bool) *GetTransitGatewayMulticastDomainAssociationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) SetFilters(v []*Filter) *GetTransitGatewayMulticastDomainAssociationsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) SetMaxResults(v int64) *GetTransitGatewayMulticastDomainAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) SetNextToken(v string) *GetTransitGatewayMulticastDomainAssociationsInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsInput) SetTransitGatewayMulticastDomainId(v string) *GetTransitGatewayMulticastDomainAssociationsInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type GetTransitGatewayMulticastDomainAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the multicast domain associations. + MulticastDomainAssociations []*TransitGatewayMulticastDomainAssociation `locationName:"multicastDomainAssociations" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s GetTransitGatewayMulticastDomainAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetTransitGatewayMulticastDomainAssociationsOutput) GoString() string { + return s.String() +} + +// SetMulticastDomainAssociations sets the MulticastDomainAssociations field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsOutput) SetMulticastDomainAssociations(v []*TransitGatewayMulticastDomainAssociation) *GetTransitGatewayMulticastDomainAssociationsOutput { + s.MulticastDomainAssociations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetTransitGatewayMulticastDomainAssociationsOutput) SetNextToken(v string) *GetTransitGatewayMulticastDomainAssociationsOutput { + s.NextToken = &v + return s +} + type GetTransitGatewayRouteTableAssociationsInput struct { _ struct{} `type:"structure"` @@ -67090,6 +76107,114 @@ func (s *GetTransitGatewayRouteTablePropagationsOutput) SetTransitGatewayRouteTa return s } +// Describes the GPU accelerators for the instance type. +type GpuDeviceInfo struct { + _ struct{} `type:"structure"` + + // The number of GPUs for the instance type. + Count *int64 `locationName:"count" type:"integer"` + + // The manufacturer of the GPU accelerator. + Manufacturer *string `locationName:"manufacturer" type:"string"` + + // Describes the memory available to the GPU accelerator. + MemoryInfo *GpuDeviceMemoryInfo `locationName:"memoryInfo" type:"structure"` + + // The name of the GPU accelerator. + Name *string `locationName:"name" type:"string"` +} + +// String returns the string representation +func (s GpuDeviceInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GpuDeviceInfo) GoString() string { + return s.String() +} + +// SetCount sets the Count field's value. +func (s *GpuDeviceInfo) SetCount(v int64) *GpuDeviceInfo { + s.Count = &v + return s +} + +// SetManufacturer sets the Manufacturer field's value. +func (s *GpuDeviceInfo) SetManufacturer(v string) *GpuDeviceInfo { + s.Manufacturer = &v + return s +} + +// SetMemoryInfo sets the MemoryInfo field's value. +func (s *GpuDeviceInfo) SetMemoryInfo(v *GpuDeviceMemoryInfo) *GpuDeviceInfo { + s.MemoryInfo = v + return s +} + +// SetName sets the Name field's value. +func (s *GpuDeviceInfo) SetName(v string) *GpuDeviceInfo { + s.Name = &v + return s +} + +// Describes the memory available to the GPU accelerator. +type GpuDeviceMemoryInfo struct { + _ struct{} `type:"structure"` + + // The size (in MiB) for the memory available to the GPU accelerator. + SizeInMiB *int64 `locationName:"sizeInMiB" type:"integer"` +} + +// String returns the string representation +func (s GpuDeviceMemoryInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GpuDeviceMemoryInfo) GoString() string { + return s.String() +} + +// SetSizeInMiB sets the SizeInMiB field's value. +func (s *GpuDeviceMemoryInfo) SetSizeInMiB(v int64) *GpuDeviceMemoryInfo { + s.SizeInMiB = &v + return s +} + +// Describes the GPU accelerators for the instance type. +type GpuInfo struct { + _ struct{} `type:"structure"` + + // Describes the GPU accelerators for the instance type. + Gpus []*GpuDeviceInfo `locationName:"gpus" locationNameList:"item" type:"list"` + + // The total size of the memory for the GPU accelerators for the instance type. + TotalGpuMemoryInMiB *int64 `locationName:"totalGpuMemoryInMiB" type:"integer"` +} + +// String returns the string representation +func (s GpuInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GpuInfo) GoString() string { + return s.String() +} + +// SetGpus sets the Gpus field's value. +func (s *GpuInfo) SetGpus(v []*GpuDeviceInfo) *GpuInfo { + s.Gpus = v + return s +} + +// SetTotalGpuMemoryInMiB sets the TotalGpuMemoryInMiB field's value. +func (s *GpuInfo) SetTotalGpuMemoryInMiB(v int64) *GpuInfo { + s.TotalGpuMemoryInMiB = &v + return s +} + // Describes a security group. type GroupIdentifier struct { _ struct{} `type:"structure"` @@ -67280,13 +76405,23 @@ type Host struct { // The time that the Dedicated Host was allocated. AllocationTime *time.Time `locationName:"allocationTime" type:"timestamp"` + // Indicates whether the Dedicated Host supports multiple instance types of + // the same instance family, or a specific instance type only. one indicates + // that the Dedicated Host supports multiple instance types in the instance + // family. off indicates that the Dedicated Host supports a single instance + // type only. + AllowsMultipleInstanceTypes *string `locationName:"allowsMultipleInstanceTypes" type:"string" enum:"AllowsMultipleInstanceTypes"` + // Whether auto-placement is on or off. AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` // The Availability Zone of the Dedicated Host. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` - // The number of new instances that can be launched onto the Dedicated Host. + // The ID of the Availability Zone in which the Dedicated Host is allocated. + AvailabilityZoneId *string `locationName:"availabilityZoneId" type:"string"` + + // Information about the instances running on the Dedicated Host. AvailableCapacity *AvailableCapacity `locationName:"availableCapacity" type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency @@ -67310,6 +76445,13 @@ type Host struct { // The IDs and instance type that are currently running on the Dedicated Host. Instances []*HostInstance `locationName:"instances" locationNameList:"item" type:"list"` + // Indicates whether the Dedicated Host is in a host resource group. If memberOfServiceLinkedResourceGroup + // is true, the host is in a host resource group; otherwise, it is not. + MemberOfServiceLinkedResourceGroup *bool `locationName:"memberOfServiceLinkedResourceGroup" type:"boolean"` + + // The ID of the AWS account that owns the Dedicated Host. + OwnerId *string `locationName:"ownerId" type:"string"` + // The time that the Dedicated Host was released. ReleaseTime *time.Time `locationName:"releaseTime" type:"timestamp"` @@ -67336,6 +76478,12 @@ func (s *Host) SetAllocationTime(v time.Time) *Host { return s } +// SetAllowsMultipleInstanceTypes sets the AllowsMultipleInstanceTypes field's value. +func (s *Host) SetAllowsMultipleInstanceTypes(v string) *Host { + s.AllowsMultipleInstanceTypes = &v + return s +} + // SetAutoPlacement sets the AutoPlacement field's value. func (s *Host) SetAutoPlacement(v string) *Host { s.AutoPlacement = &v @@ -67348,6 +76496,12 @@ func (s *Host) SetAvailabilityZone(v string) *Host { return s } +// SetAvailabilityZoneId sets the AvailabilityZoneId field's value. +func (s *Host) SetAvailabilityZoneId(v string) *Host { + s.AvailabilityZoneId = &v + return s +} + // SetAvailableCapacity sets the AvailableCapacity field's value. func (s *Host) SetAvailableCapacity(v *AvailableCapacity) *Host { s.AvailableCapacity = v @@ -67390,6 +76544,18 @@ func (s *Host) SetInstances(v []*HostInstance) *Host { return s } +// SetMemberOfServiceLinkedResourceGroup sets the MemberOfServiceLinkedResourceGroup field's value. +func (s *Host) SetMemberOfServiceLinkedResourceGroup(v bool) *Host { + s.MemberOfServiceLinkedResourceGroup = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *Host) SetOwnerId(v string) *Host { + s.OwnerId = &v + return s +} + // SetReleaseTime sets the ReleaseTime field's value. func (s *Host) SetReleaseTime(v time.Time) *Host { s.ReleaseTime = &v @@ -67412,11 +76578,14 @@ func (s *Host) SetTags(v []*Tag) *Host { type HostInstance struct { _ struct{} `type:"structure"` - // the IDs of instances that are running on the Dedicated Host. + // The ID of instance that is running on the Dedicated Host. InstanceId *string `locationName:"instanceId" type:"string"` - // The instance type size (for example, m3.medium) of the running instance. + // The instance type (for example, m3.medium) of the running instance. InstanceType *string `locationName:"instanceType" type:"string"` + + // The ID of the AWS account that owns the instance. + OwnerId *string `locationName:"ownerId" type:"string"` } // String returns the string representation @@ -67441,6 +76610,12 @@ func (s *HostInstance) SetInstanceType(v string) *HostInstance { return s } +// SetOwnerId sets the OwnerId field's value. +func (s *HostInstance) SetOwnerId(v string) *HostInstance { + s.OwnerId = &v + return s +} + // Details about the Dedicated Host Reservation offering. type HostOffering struct { _ struct{} `type:"structure"` @@ -67519,20 +76694,24 @@ func (s *HostOffering) SetUpfrontPrice(v string) *HostOffering { return s } -// Describes properties of a Dedicated Host. +// Describes the properties of a Dedicated Host. type HostProperties struct { _ struct{} `type:"structure"` // The number of cores on the Dedicated Host. Cores *int64 `locationName:"cores" type:"integer"` - // The instance type size that the Dedicated Host supports (for example, m3.medium). + // The instance family supported by the Dedicated Host. For example, m5. + InstanceFamily *string `locationName:"instanceFamily" type:"string"` + + // The instance type supported by the Dedicated Host. For example, m5.large. + // If the host supports multiple instance types, no instanceType is returned. InstanceType *string `locationName:"instanceType" type:"string"` // The number of sockets on the Dedicated Host. Sockets *int64 `locationName:"sockets" type:"integer"` - // The number of vCPUs on the Dedicated Host. + // The total number of vCPUs on the Dedicated Host. TotalVCpus *int64 `locationName:"totalVCpus" type:"integer"` } @@ -67552,6 +76731,12 @@ func (s *HostProperties) SetCores(v int64) *HostProperties { return s } +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *HostProperties) SetInstanceFamily(v string) *HostProperties { + s.InstanceFamily = &v + return s +} + // SetInstanceType sets the InstanceType field's value. func (s *HostProperties) SetInstanceType(v string) *HostProperties { s.InstanceType = &v @@ -68015,6 +77200,11 @@ type Image struct { // This value is set to windows for Windows AMIs; otherwise, it is blank. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` + // The platform details associated with the billing code of the AMI. For more + // information, see Obtaining Billing Information (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html) + // in the Amazon Elastic Compute Cloud User Guide. + PlatformDetails *string `locationName:"platformDetails" type:"string"` + // Any product codes associated with the AMI. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` @@ -68048,6 +77238,14 @@ type Image struct { // Any tags assigned to the image. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // The operation of the Amazon EC2 instance and the billing code that is associated + // with the AMI. usageOperation corresponds to the lineitem/Operation (https://docs.aws.amazon.com/cur/latest/userguide/Lineitem-columns.html#Lineitem-details-O-Operation) + // column on your AWS Cost and Usage Report and in the AWS Price List API (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html). + // For the list of UsageOperation codes, see Platform Details and Usage Operation + // Billing Codes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-billing-info.html#billing-info) + // in the Amazon Elastic Compute Cloud User Guide. + UsageOperation *string `locationName:"usageOperation" type:"string"` + // The type of virtualization of the AMI. VirtualizationType *string `locationName:"virtualizationType" type:"string" enum:"VirtualizationType"` } @@ -68146,6 +77344,12 @@ func (s *Image) SetPlatform(v string) *Image { return s } +// SetPlatformDetails sets the PlatformDetails field's value. +func (s *Image) SetPlatformDetails(v string) *Image { + s.PlatformDetails = &v + return s +} + // SetProductCodes sets the ProductCodes field's value. func (s *Image) SetProductCodes(v []*ProductCode) *Image { s.ProductCodes = v @@ -68200,6 +77404,12 @@ func (s *Image) SetTags(v []*Tag) *Image { return s } +// SetUsageOperation sets the UsageOperation field's value. +func (s *Image) SetUsageOperation(v string) *Image { + s.UsageOperation = &v + return s +} + // SetVirtualizationType sets the VirtualizationType field's value. func (s *Image) SetVirtualizationType(v string) *Image { s.VirtualizationType = &v @@ -68406,11 +77616,11 @@ type ImportImageInput struct { // Valid values: xen Hypervisor *string `type:"string"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use when creating the encrypted AMI. This parameter is only - // required if you want to use a non-default CMK; if this parameter is not specified, - // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted - // flag must also be set. + // An identifier for the symmetric AWS Key Management Service (AWS KMS) customer + // master key (CMK) to use when creating the encrypted AMI. This parameter is + // only required if you want to use a non-default CMK; if this parameter is + // not specified, the default CMK for EBS is used. If a KmsKeyId is specified, + // the Encrypted flag must also be set. // // The CMK identifier may be provided in any of the following formats: // @@ -68433,8 +77643,13 @@ type ImportImageInput struct { // will eventually report failure. // // The specified CMK must exist in the Region that the AMI is being copied to. + // + // Amazon EBS does not support asymmetric CMKs. KmsKeyId *string `type:"string"` + // The ARNs of the license configurations. + LicenseSpecifications []*ImportImageLicenseConfigurationRequest `locationNameList:"item" type:"list"` + // The license type to be used for the Amazon Machine Image (AMI) after importing. // // By default, we detect the source-system operating system (OS) and apply the @@ -68521,6 +77736,12 @@ func (s *ImportImageInput) SetKmsKeyId(v string) *ImportImageInput { return s } +// SetLicenseSpecifications sets the LicenseSpecifications field's value. +func (s *ImportImageInput) SetLicenseSpecifications(v []*ImportImageLicenseConfigurationRequest) *ImportImageInput { + s.LicenseSpecifications = v + return s +} + // SetLicenseType sets the LicenseType field's value. func (s *ImportImageInput) SetLicenseType(v string) *ImportImageInput { s.LicenseType = &v @@ -68539,6 +77760,54 @@ func (s *ImportImageInput) SetRoleName(v string) *ImportImageInput { return s } +// The request information of license configurations. +type ImportImageLicenseConfigurationRequest struct { + _ struct{} `type:"structure"` + + // The ARN of a license configuration. + LicenseConfigurationArn *string `type:"string"` +} + +// String returns the string representation +func (s ImportImageLicenseConfigurationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ImportImageLicenseConfigurationRequest) GoString() string { + return s.String() +} + +// SetLicenseConfigurationArn sets the LicenseConfigurationArn field's value. +func (s *ImportImageLicenseConfigurationRequest) SetLicenseConfigurationArn(v string) *ImportImageLicenseConfigurationRequest { + s.LicenseConfigurationArn = &v + return s +} + +// The response information for license configurations. +type ImportImageLicenseConfigurationResponse struct { + _ struct{} `type:"structure"` + + // The ARN of a license configuration. + LicenseConfigurationArn *string `locationName:"licenseConfigurationArn" type:"string"` +} + +// String returns the string representation +func (s ImportImageLicenseConfigurationResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ImportImageLicenseConfigurationResponse) GoString() string { + return s.String() +} + +// SetLicenseConfigurationArn sets the LicenseConfigurationArn field's value. +func (s *ImportImageLicenseConfigurationResponse) SetLicenseConfigurationArn(v string) *ImportImageLicenseConfigurationResponse { + s.LicenseConfigurationArn = &v + return s +} + type ImportImageOutput struct { _ struct{} `type:"structure"` @@ -68560,10 +77829,13 @@ type ImportImageOutput struct { // The task ID of the import image task. ImportTaskId *string `locationName:"importTaskId" type:"string"` - // The identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) that was used to create the encrypted AMI. + // The identifier for the symmetric AWS Key Management Service (AWS KMS) customer + // master key (CMK) that was used to create the encrypted AMI. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // The ARNs of the license configurations. + LicenseSpecifications []*ImportImageLicenseConfigurationResponse `locationName:"licenseSpecifications" locationNameList:"item" type:"list"` + // The license type of the virtual machine. LicenseType *string `locationName:"licenseType" type:"string"` @@ -68635,6 +77907,12 @@ func (s *ImportImageOutput) SetKmsKeyId(v string) *ImportImageOutput { return s } +// SetLicenseSpecifications sets the LicenseSpecifications field's value. +func (s *ImportImageOutput) SetLicenseSpecifications(v []*ImportImageLicenseConfigurationResponse) *ImportImageOutput { + s.LicenseSpecifications = v + return s +} + // SetLicenseType sets the LicenseType field's value. func (s *ImportImageOutput) SetLicenseType(v string) *ImportImageOutput { s.LicenseType = &v @@ -68701,6 +77979,10 @@ type ImportImageTask struct { // key (CMK) that was used to create the encrypted image. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // The ARNs of the license configurations that are associated with the import + // image task. + LicenseSpecifications []*ImportImageLicenseConfigurationResponse `locationName:"licenseSpecifications" locationNameList:"item" type:"list"` + // The license type of the virtual machine. LicenseType *string `locationName:"licenseType" type:"string"` @@ -68718,6 +78000,9 @@ type ImportImageTask struct { // A descriptive status message for the import image task. StatusMessage *string `locationName:"statusMessage" type:"string"` + + // The tags for the import image task. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -68772,6 +78057,12 @@ func (s *ImportImageTask) SetKmsKeyId(v string) *ImportImageTask { return s } +// SetLicenseSpecifications sets the LicenseSpecifications field's value. +func (s *ImportImageTask) SetLicenseSpecifications(v []*ImportImageLicenseConfigurationResponse) *ImportImageTask { + s.LicenseSpecifications = v + return s +} + // SetLicenseType sets the LicenseType field's value. func (s *ImportImageTask) SetLicenseType(v string) *ImportImageTask { s.LicenseType = &v @@ -68808,6 +78099,12 @@ func (s *ImportImageTask) SetStatusMessage(v string) *ImportImageTask { return s } +// SetTags sets the Tags field's value. +func (s *ImportImageTask) SetTags(v []*Tag) *ImportImageTask { + s.Tags = v + return s +} + type ImportInstanceInput struct { _ struct{} `type:"structure"` @@ -69291,10 +78588,10 @@ type ImportSnapshotInput struct { // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `type:"boolean"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use when creating the encrypted snapshot. This parameter is - // only required if you want to use a non-default CMK; if this parameter is - // not specified, the default CMK for EBS is used. If a KmsKeyId is specified, + // An identifier for the symmetric AWS Key Management Service (AWS KMS) customer + // master key (CMK) to use when creating the encrypted snapshot. This parameter + // is only required if you want to use a non-default CMK; if this parameter + // is not specified, the default CMK for EBS is used. If a KmsKeyId is specified, // the Encrypted flag must also be set. // // The CMK identifier may be provided in any of the following formats: @@ -69319,6 +78616,8 @@ type ImportSnapshotInput struct { // // The specified CMK must exist in the Region that the snapshot is being copied // to. + // + // Amazon EBS does not support asymmetric CMKs. KmsKeyId *string `type:"string"` // The name of the role to use when not using the default role, 'vmimport'. @@ -69436,6 +78735,9 @@ type ImportSnapshotTask struct { // Describes an import snapshot task. SnapshotTaskDetail *SnapshotTaskDetail `locationName:"snapshotTaskDetail" type:"structure"` + + // The tags for the import snapshot task. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -69466,6 +78768,12 @@ func (s *ImportSnapshotTask) SetSnapshotTaskDetail(v *SnapshotTaskDetail) *Impor return s } +// SetTags sets the Tags field's value. +func (s *ImportSnapshotTask) SetTags(v []*Tag) *ImportSnapshotTask { + s.Tags = v + return s +} + type ImportVolumeInput struct { _ struct{} `type:"structure"` @@ -69646,6 +78954,72 @@ func (s *ImportVolumeTaskDetails) SetVolume(v *DiskImageVolumeDescription) *Impo return s } +// Describes the Inference accelerators for the instance type. +type InferenceAcceleratorInfo struct { + _ struct{} `type:"structure"` + + // Describes the Inference accelerators for the instance type. + Accelerators []*InferenceDeviceInfo `locationName:"accelerators" type:"list"` +} + +// String returns the string representation +func (s InferenceAcceleratorInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InferenceAcceleratorInfo) GoString() string { + return s.String() +} + +// SetAccelerators sets the Accelerators field's value. +func (s *InferenceAcceleratorInfo) SetAccelerators(v []*InferenceDeviceInfo) *InferenceAcceleratorInfo { + s.Accelerators = v + return s +} + +// Describes the Inference accelerators for the instance type. +type InferenceDeviceInfo struct { + _ struct{} `type:"structure"` + + // The number of Inference accelerators for the instance type. + Count *int64 `locationName:"count" type:"integer"` + + // The manufacturer of the Inference accelerator. + Manufacturer *string `locationName:"manufacturer" type:"string"` + + // The name of the Inference accelerator. + Name *string `locationName:"name" type:"string"` +} + +// String returns the string representation +func (s InferenceDeviceInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InferenceDeviceInfo) GoString() string { + return s.String() +} + +// SetCount sets the Count field's value. +func (s *InferenceDeviceInfo) SetCount(v int64) *InferenceDeviceInfo { + s.Count = &v + return s +} + +// SetManufacturer sets the Manufacturer field's value. +func (s *InferenceDeviceInfo) SetManufacturer(v string) *InferenceDeviceInfo { + s.Manufacturer = &v + return s +} + +// SetName sets the Name field's value. +func (s *InferenceDeviceInfo) SetName(v string) *InferenceDeviceInfo { + s.Name = &v + return s +} + // Describes an instance. type Instance struct { _ struct{} `type:"structure"` @@ -69691,7 +79065,8 @@ type Instance struct { // Indicates whether the instance is enabled for hibernation. HibernationOptions *HibernationOptions `locationName:"hibernationOptions" type:"structure"` - // The hypervisor type of the instance. + // The hypervisor type of the instance. The value xen is used for both Xen and + // Nitro hypervisors. Hypervisor *string `locationName:"hypervisor" type:"string" enum:"HypervisorType"` // The IAM instance profile associated with the instance, if applicable. @@ -69731,6 +79106,9 @@ type Instance struct { // [EC2-VPC] The network interfaces for the instance. NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // The location where the instance launched, if applicable. Placement *Placement `locationName:"placement" type:"structure"` @@ -69971,6 +79349,12 @@ func (s *Instance) SetNetworkInterfaces(v []*InstanceNetworkInterface) *Instance return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *Instance) SetOutpostArn(v string) *Instance { + s.OutpostArn = &v + return s +} + // SetPlacement sets the Placement field's value. func (s *Instance) SetPlacement(v *Placement) *Instance { s.Placement = v @@ -70183,17 +79567,20 @@ func (s *InstanceBlockDeviceMappingSpecification) SetVirtualName(v string) *Inst return s } -// Information about the instance type that the Dedicated Host supports. +// Information about the number of instances that can be launched onto the Dedicated +// Host. type InstanceCapacity struct { _ struct{} `type:"structure"` - // The number of instances that can still be launched onto the Dedicated Host. + // The number of instances that can be launched onto the Dedicated Host based + // on the host's available capacity. AvailableCapacity *int64 `locationName:"availableCapacity" type:"integer"` - // The instance type size supported by the Dedicated Host. + // The instance type supported by the Dedicated Host. InstanceType *string `locationName:"instanceType" type:"string"` - // The total number of instances that can be launched onto the Dedicated Host. + // The total number of instances that can be launched onto the Dedicated Host + // if there are no instances running on it. TotalCapacity *int64 `locationName:"totalCapacity" type:"integer"` } @@ -70258,7 +79645,7 @@ func (s *InstanceCount) SetState(v string) *InstanceCount { return s } -// Describes the credit option for CPU usage of a T2 or T3 instance. +// Describes the credit option for CPU usage of a burstable performance instance. type InstanceCreditSpecification struct { _ struct{} `type:"structure"` @@ -70292,7 +79679,7 @@ func (s *InstanceCreditSpecification) SetInstanceId(v string) *InstanceCreditSpe return s } -// Describes the credit option for CPU usage of a T2 or T3 instance. +// Describes the credit option for CPU usage of a burstable performance instance. type InstanceCreditSpecificationRequest struct { _ struct{} `type:"structure"` @@ -70359,6 +79746,41 @@ func (s *InstanceExportDetails) SetTargetEnvironment(v string) *InstanceExportDe return s } +// Describes the default credit option for CPU usage of a burstable performance +// instance family. +type InstanceFamilyCreditSpecification struct { + _ struct{} `type:"structure"` + + // The default credit option for CPU usage of the instance family. Valid values + // are standard and unlimited. + CpuCredits *string `locationName:"cpuCredits" type:"string"` + + // The instance family. + InstanceFamily *string `locationName:"instanceFamily" type:"string" enum:"UnlimitedSupportedInstanceFamily"` +} + +// String returns the string representation +func (s InstanceFamilyCreditSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceFamilyCreditSpecification) GoString() string { + return s.String() +} + +// SetCpuCredits sets the CpuCredits field's value. +func (s *InstanceFamilyCreditSpecification) SetCpuCredits(v string) *InstanceFamilyCreditSpecification { + s.CpuCredits = &v + return s +} + +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *InstanceFamilyCreditSpecification) SetInstanceFamily(v string) *InstanceFamilyCreditSpecification { + s.InstanceFamily = &v + return s +} + // Describes an IPv6 address. type InstanceIpv6Address struct { _ struct{} `type:"structure"` @@ -70931,6 +80353,9 @@ type InstanceNetworkInterfaceSpecification struct { Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6AddressesSet" queryName:"Ipv6Addresses" locationNameList:"item" type:"list"` // The ID of the network interface. + // + // If you are creating a Spot Fleet, omit this parameter because you can’t + // specify a network interface ID in a launch specification. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` // The private IPv4 address of the network interface. Applies only if creating @@ -71252,6 +80677,9 @@ type InstanceStatus struct { // such as impaired reachability. InstanceStatus *InstanceStatusSummary `locationName:"instanceStatus" type:"structure"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // Reports impaired functionality that stems from issues related to the systems // that support an instance, such as hardware failures and network connectivity // problems. @@ -71298,6 +80726,12 @@ func (s *InstanceStatus) SetInstanceStatus(v *InstanceStatusSummary) *InstanceSt return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *InstanceStatus) SetOutpostArn(v string) *InstanceStatus { + s.OutpostArn = &v + return s +} + // SetSystemStatus sets the SystemStatus field's value. func (s *InstanceStatus) SetSystemStatus(v *InstanceStatusSummary) *InstanceStatus { s.SystemStatus = v @@ -71453,6 +80887,298 @@ func (s *InstanceStatusSummary) SetStatus(v string) *InstanceStatusSummary { return s } +// Describes the disks that are available for the instance type. +type InstanceStorageInfo struct { + _ struct{} `type:"structure"` + + // Array describing the disks that are available for the instance type. + Disks []*DiskInfo `locationName:"disks" locationNameList:"item" type:"list"` + + // The total size of the disks, in GB. + TotalSizeInGB *int64 `locationName:"totalSizeInGB" type:"long"` +} + +// String returns the string representation +func (s InstanceStorageInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceStorageInfo) GoString() string { + return s.String() +} + +// SetDisks sets the Disks field's value. +func (s *InstanceStorageInfo) SetDisks(v []*DiskInfo) *InstanceStorageInfo { + s.Disks = v + return s +} + +// SetTotalSizeInGB sets the TotalSizeInGB field's value. +func (s *InstanceStorageInfo) SetTotalSizeInGB(v int64) *InstanceStorageInfo { + s.TotalSizeInGB = &v + return s +} + +// Describes the instance type. +type InstanceTypeInfo struct { + _ struct{} `type:"structure"` + + // Indicates whether auto recovery is supported. + AutoRecoverySupported *bool `locationName:"autoRecoverySupported" type:"boolean"` + + // Indicates whether the instance is bare metal. + BareMetal *bool `locationName:"bareMetal" type:"boolean"` + + // Indicates whether the instance type is a burstable performance instance type. + BurstablePerformanceSupported *bool `locationName:"burstablePerformanceSupported" type:"boolean"` + + // Indicates whether the instance type is a current generation. + CurrentGeneration *bool `locationName:"currentGeneration" type:"boolean"` + + // Indicates whether Dedicated Hosts are supported on the instance type. + DedicatedHostsSupported *bool `locationName:"dedicatedHostsSupported" type:"boolean"` + + // Describes the Amazon EBS settings for the instance type. + EbsInfo *EbsInfo `locationName:"ebsInfo" type:"structure"` + + // Describes the FPGA accelerator settings for the instance type. + FpgaInfo *FpgaInfo `locationName:"fpgaInfo" type:"structure"` + + // Indicates whether the instance type is eligible for the free tier. + FreeTierEligible *bool `locationName:"freeTierEligible" type:"boolean"` + + // Describes the GPU accelerator settings for the instance type. + GpuInfo *GpuInfo `locationName:"gpuInfo" type:"structure"` + + // Indicates whether On-Demand hibernation is supported. + HibernationSupported *bool `locationName:"hibernationSupported" type:"boolean"` + + // Indicates the hypervisor used for the instance type. + Hypervisor *string `locationName:"hypervisor" type:"string" enum:"InstanceTypeHypervisor"` + + // Describes the Inference accelerator settings for the instance type. + InferenceAcceleratorInfo *InferenceAcceleratorInfo `locationName:"inferenceAcceleratorInfo" type:"structure"` + + // Describes the disks for the instance type. + InstanceStorageInfo *InstanceStorageInfo `locationName:"instanceStorageInfo" type:"structure"` + + // Indicates whether instance storage is supported. + InstanceStorageSupported *bool `locationName:"instanceStorageSupported" type:"boolean"` + + // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon Elastic Compute Cloud User Guide. + InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` + + // Describes the memory for the instance type. + MemoryInfo *MemoryInfo `locationName:"memoryInfo" type:"structure"` + + // Describes the network settings for the instance type. + NetworkInfo *NetworkInfo `locationName:"networkInfo" type:"structure"` + + // Describes the placement group settings for the instance type. + PlacementGroupInfo *PlacementGroupInfo `locationName:"placementGroupInfo" type:"structure"` + + // Describes the processor. + ProcessorInfo *ProcessorInfo `locationName:"processorInfo" type:"structure"` + + // Indicates the supported root device types. + SupportedRootDeviceTypes []*string `locationName:"supportedRootDeviceTypes" locationNameList:"item" type:"list"` + + // Indicates whether the instance type is offered for spot or On-Demand. + SupportedUsageClasses []*string `locationName:"supportedUsageClasses" locationNameList:"item" type:"list"` + + // Describes the vCPU configurations for the instance type. + VCpuInfo *VCpuInfo `locationName:"vCpuInfo" type:"structure"` +} + +// String returns the string representation +func (s InstanceTypeInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceTypeInfo) GoString() string { + return s.String() +} + +// SetAutoRecoverySupported sets the AutoRecoverySupported field's value. +func (s *InstanceTypeInfo) SetAutoRecoverySupported(v bool) *InstanceTypeInfo { + s.AutoRecoverySupported = &v + return s +} + +// SetBareMetal sets the BareMetal field's value. +func (s *InstanceTypeInfo) SetBareMetal(v bool) *InstanceTypeInfo { + s.BareMetal = &v + return s +} + +// SetBurstablePerformanceSupported sets the BurstablePerformanceSupported field's value. +func (s *InstanceTypeInfo) SetBurstablePerformanceSupported(v bool) *InstanceTypeInfo { + s.BurstablePerformanceSupported = &v + return s +} + +// SetCurrentGeneration sets the CurrentGeneration field's value. +func (s *InstanceTypeInfo) SetCurrentGeneration(v bool) *InstanceTypeInfo { + s.CurrentGeneration = &v + return s +} + +// SetDedicatedHostsSupported sets the DedicatedHostsSupported field's value. +func (s *InstanceTypeInfo) SetDedicatedHostsSupported(v bool) *InstanceTypeInfo { + s.DedicatedHostsSupported = &v + return s +} + +// SetEbsInfo sets the EbsInfo field's value. +func (s *InstanceTypeInfo) SetEbsInfo(v *EbsInfo) *InstanceTypeInfo { + s.EbsInfo = v + return s +} + +// SetFpgaInfo sets the FpgaInfo field's value. +func (s *InstanceTypeInfo) SetFpgaInfo(v *FpgaInfo) *InstanceTypeInfo { + s.FpgaInfo = v + return s +} + +// SetFreeTierEligible sets the FreeTierEligible field's value. +func (s *InstanceTypeInfo) SetFreeTierEligible(v bool) *InstanceTypeInfo { + s.FreeTierEligible = &v + return s +} + +// SetGpuInfo sets the GpuInfo field's value. +func (s *InstanceTypeInfo) SetGpuInfo(v *GpuInfo) *InstanceTypeInfo { + s.GpuInfo = v + return s +} + +// SetHibernationSupported sets the HibernationSupported field's value. +func (s *InstanceTypeInfo) SetHibernationSupported(v bool) *InstanceTypeInfo { + s.HibernationSupported = &v + return s +} + +// SetHypervisor sets the Hypervisor field's value. +func (s *InstanceTypeInfo) SetHypervisor(v string) *InstanceTypeInfo { + s.Hypervisor = &v + return s +} + +// SetInferenceAcceleratorInfo sets the InferenceAcceleratorInfo field's value. +func (s *InstanceTypeInfo) SetInferenceAcceleratorInfo(v *InferenceAcceleratorInfo) *InstanceTypeInfo { + s.InferenceAcceleratorInfo = v + return s +} + +// SetInstanceStorageInfo sets the InstanceStorageInfo field's value. +func (s *InstanceTypeInfo) SetInstanceStorageInfo(v *InstanceStorageInfo) *InstanceTypeInfo { + s.InstanceStorageInfo = v + return s +} + +// SetInstanceStorageSupported sets the InstanceStorageSupported field's value. +func (s *InstanceTypeInfo) SetInstanceStorageSupported(v bool) *InstanceTypeInfo { + s.InstanceStorageSupported = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *InstanceTypeInfo) SetInstanceType(v string) *InstanceTypeInfo { + s.InstanceType = &v + return s +} + +// SetMemoryInfo sets the MemoryInfo field's value. +func (s *InstanceTypeInfo) SetMemoryInfo(v *MemoryInfo) *InstanceTypeInfo { + s.MemoryInfo = v + return s +} + +// SetNetworkInfo sets the NetworkInfo field's value. +func (s *InstanceTypeInfo) SetNetworkInfo(v *NetworkInfo) *InstanceTypeInfo { + s.NetworkInfo = v + return s +} + +// SetPlacementGroupInfo sets the PlacementGroupInfo field's value. +func (s *InstanceTypeInfo) SetPlacementGroupInfo(v *PlacementGroupInfo) *InstanceTypeInfo { + s.PlacementGroupInfo = v + return s +} + +// SetProcessorInfo sets the ProcessorInfo field's value. +func (s *InstanceTypeInfo) SetProcessorInfo(v *ProcessorInfo) *InstanceTypeInfo { + s.ProcessorInfo = v + return s +} + +// SetSupportedRootDeviceTypes sets the SupportedRootDeviceTypes field's value. +func (s *InstanceTypeInfo) SetSupportedRootDeviceTypes(v []*string) *InstanceTypeInfo { + s.SupportedRootDeviceTypes = v + return s +} + +// SetSupportedUsageClasses sets the SupportedUsageClasses field's value. +func (s *InstanceTypeInfo) SetSupportedUsageClasses(v []*string) *InstanceTypeInfo { + s.SupportedUsageClasses = v + return s +} + +// SetVCpuInfo sets the VCpuInfo field's value. +func (s *InstanceTypeInfo) SetVCpuInfo(v *VCpuInfo) *InstanceTypeInfo { + s.VCpuInfo = v + return s +} + +// The instance types offered. +type InstanceTypeOffering struct { + _ struct{} `type:"structure"` + + // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon Elastic Compute Cloud User Guide. + InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` + + // The identifier for the location. This depends on the location type. For example, + // if the location type is region, the location is the Region code (for example, + // us-east-2.) + Location *string `locationName:"location" type:"string"` + + // The location type. + LocationType *string `locationName:"locationType" type:"string" enum:"LocationType"` +} + +// String returns the string representation +func (s InstanceTypeOffering) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceTypeOffering) GoString() string { + return s.String() +} + +// SetInstanceType sets the InstanceType field's value. +func (s *InstanceTypeOffering) SetInstanceType(v string) *InstanceTypeOffering { + s.InstanceType = &v + return s +} + +// SetLocation sets the Location field's value. +func (s *InstanceTypeOffering) SetLocation(v string) *InstanceTypeOffering { + s.Location = &v + return s +} + +// SetLocationType sets the LocationType field's value. +func (s *InstanceTypeOffering) SetLocationType(v string) *InstanceTypeOffering { + s.LocationType = &v + return s +} + // Information about the Capacity Reservation usage. type InstanceUsage struct { _ struct{} `type:"structure"` @@ -71676,7 +81402,7 @@ type IpRange struct { // range. // // Constraints: Up to 255 characters in length. Allowed characters are a-z, - // A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$* + // A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* Description *string `locationName:"description" type:"string"` } @@ -71702,6 +81428,39 @@ func (s *IpRange) SetDescription(v string) *IpRange { return s } +// Describes an IPv6 CIDR block association. +type Ipv6CidrAssociation struct { + _ struct{} `type:"structure"` + + // The resource that's associated with the IPv6 CIDR block. + AssociatedResource *string `locationName:"associatedResource" type:"string"` + + // The IPv6 CIDR block. + Ipv6Cidr *string `locationName:"ipv6Cidr" type:"string"` +} + +// String returns the string representation +func (s Ipv6CidrAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv6CidrAssociation) GoString() string { + return s.String() +} + +// SetAssociatedResource sets the AssociatedResource field's value. +func (s *Ipv6CidrAssociation) SetAssociatedResource(v string) *Ipv6CidrAssociation { + s.AssociatedResource = &v + return s +} + +// SetIpv6Cidr sets the Ipv6Cidr field's value. +func (s *Ipv6CidrAssociation) SetIpv6Cidr(v string) *Ipv6CidrAssociation { + s.Ipv6Cidr = &v + return s +} + // Describes an IPv6 CIDR block. type Ipv6CidrBlock struct { _ struct{} `type:"structure"` @@ -71726,6 +81485,57 @@ func (s *Ipv6CidrBlock) SetIpv6CidrBlock(v string) *Ipv6CidrBlock { return s } +// Describes an IPv6 address pool. +type Ipv6Pool struct { + _ struct{} `type:"structure"` + + // The description for the address pool. + Description *string `locationName:"description" type:"string"` + + // The CIDR blocks for the address pool. + PoolCidrBlocks []*PoolCidrBlock `locationName:"poolCidrBlockSet" locationNameList:"item" type:"list"` + + // The ID of the address pool. + PoolId *string `locationName:"poolId" type:"string"` + + // Any tags for the address pool. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s Ipv6Pool) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Ipv6Pool) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *Ipv6Pool) SetDescription(v string) *Ipv6Pool { + s.Description = &v + return s +} + +// SetPoolCidrBlocks sets the PoolCidrBlocks field's value. +func (s *Ipv6Pool) SetPoolCidrBlocks(v []*PoolCidrBlock) *Ipv6Pool { + s.PoolCidrBlocks = v + return s +} + +// SetPoolId sets the PoolId field's value. +func (s *Ipv6Pool) SetPoolId(v string) *Ipv6Pool { + s.PoolId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *Ipv6Pool) SetTags(v []*Tag) *Ipv6Pool { + s.Tags = v + return s +} + // [EC2-VPC only] Describes an IPv6 range. type Ipv6Range struct { _ struct{} `type:"structure"` @@ -71738,7 +81548,7 @@ type Ipv6Range struct { // range. // // Constraints: Up to 255 characters in length. Allowed characters are a-z, - // A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$* + // A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* Description *string `locationName:"description" type:"string"` } @@ -71776,6 +81586,12 @@ type KeyPairInfo struct { // The name of the key pair. KeyName *string `locationName:"keyName" type:"string"` + + // The ID of the key pair. + KeyPairId *string `locationName:"keyPairId" type:"string"` + + // Any tags applied to the key pair. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -71800,6 +81616,51 @@ func (s *KeyPairInfo) SetKeyName(v string) *KeyPairInfo { return s } +// SetKeyPairId sets the KeyPairId field's value. +func (s *KeyPairInfo) SetKeyPairId(v string) *KeyPairInfo { + s.KeyPairId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *KeyPairInfo) SetTags(v []*Tag) *KeyPairInfo { + s.Tags = v + return s +} + +// The last error that occurred for a VPC endpoint. +type LastError struct { + _ struct{} `type:"structure"` + + // The error code for the VPC endpoint error. + Code *string `locationName:"code" type:"string"` + + // The error message for the VPC endpoint error. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s LastError) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LastError) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *LastError) SetCode(v string) *LastError { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *LastError) SetMessage(v string) *LastError { + s.Message = &v + return s +} + // Describes a launch permission. type LaunchPermission struct { _ struct{} `type:"structure"` @@ -72551,7 +82412,8 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // it is not used in requests to create gp2, st1, sc1, or standard volumes. Iops *int64 `type:"integer"` - // The ARN of the AWS Key Management Service (AWS KMS) CMK used for encryption. + // The ARN of the symmetric AWS Key Management Service (AWS KMS) CMK used for + // encryption. KmsKeyId *string `type:"string"` // The ID of the snapshot. @@ -72623,6 +82485,11 @@ func (s *LaunchTemplateEbsBlockDeviceRequest) SetVolumeType(v string) *LaunchTem type LaunchTemplateElasticInferenceAccelerator struct { _ struct{} `type:"structure"` + // The number of elastic inference accelerators to attach to the instance. + // + // Default: 1 + Count *int64 `min:"1" type:"integer"` + // The type of elastic inference accelerator. The possible values are eia1.medium, // eia1.large, and eia1.xlarge. // @@ -72643,6 +82510,9 @@ func (s LaunchTemplateElasticInferenceAccelerator) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *LaunchTemplateElasticInferenceAccelerator) Validate() error { invalidParams := request.ErrInvalidParams{Context: "LaunchTemplateElasticInferenceAccelerator"} + if s.Count != nil && *s.Count < 1 { + invalidParams.Add(request.NewErrParamMinValue("Count", 1)) + } if s.Type == nil { invalidParams.Add(request.NewErrParamRequired("Type")) } @@ -72653,6 +82523,12 @@ func (s *LaunchTemplateElasticInferenceAccelerator) Validate() error { return nil } +// SetCount sets the Count field's value. +func (s *LaunchTemplateElasticInferenceAccelerator) SetCount(v int64) *LaunchTemplateElasticInferenceAccelerator { + s.Count = &v + return s +} + // SetType sets the Type field's value. func (s *LaunchTemplateElasticInferenceAccelerator) SetType(v string) *LaunchTemplateElasticInferenceAccelerator { s.Type = &v @@ -72663,6 +82539,11 @@ func (s *LaunchTemplateElasticInferenceAccelerator) SetType(v string) *LaunchTem type LaunchTemplateElasticInferenceAcceleratorResponse struct { _ struct{} `type:"structure"` + // The number of elastic inference accelerators to attach to the instance. + // + // Default: 1 + Count *int64 `locationName:"count" type:"integer"` + // The type of elastic inference accelerator. The possible values are eia1.medium, // eia1.large, and eia1.xlarge. Type *string `locationName:"type" type:"string"` @@ -72678,6 +82559,12 @@ func (s LaunchTemplateElasticInferenceAcceleratorResponse) GoString() string { return s.String() } +// SetCount sets the Count field's value. +func (s *LaunchTemplateElasticInferenceAcceleratorResponse) SetCount(v int64) *LaunchTemplateElasticInferenceAcceleratorResponse { + s.Count = &v + return s +} + // SetType sets the Type field's value. func (s *LaunchTemplateElasticInferenceAcceleratorResponse) SetType(v string) *LaunchTemplateElasticInferenceAcceleratorResponse { s.Type = &v @@ -72868,6 +82755,150 @@ func (s *LaunchTemplateInstanceMarketOptionsRequest) SetSpotOptions(v *LaunchTem return s } +// The metadata options for the instance. For more information, see Instance +// Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) +// in the Amazon Elastic Compute Cloud User Guide. +type LaunchTemplateInstanceMetadataOptions struct { + _ struct{} `type:"structure"` + + // This parameter enables or disables the HTTP metadata endpoint on your instances. + // If the parameter is not specified, the default state is enabled. + // + // If you specify a value of disabled, you will not be able to access your instance + // metadata. + HttpEndpoint *string `locationName:"httpEndpoint" type:"string" enum:"LaunchTemplateInstanceMetadataEndpointState"` + + // The desired HTTP PUT response hop limit for instance metadata requests. The + // larger the number, the further instance metadata requests can travel. + // + // Default: 1 + // + // Possible values: Integers from 1 to 64 + HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"` + + // The state of token usage for your instance metadata requests. If the parameter + // is not specified in the request, the default state is optional. + // + // If the state is optional, you can choose to retrieve instance metadata with + // or without a signed token header on your request. If you retrieve the IAM + // role credentials without a token, the version 1.0 role credentials are returned. + // If you retrieve the IAM role credentials using a valid signed token, the + // version 2.0 role credentials are returned. + // + // If the state is required, you must send a signed token header with any instance + // metadata retrieval requests. In this state, retrieving the IAM role credentials + // always returns the version 2.0 credentials; the version 1.0 credentials are + // not available. + HttpTokens *string `locationName:"httpTokens" type:"string" enum:"LaunchTemplateHttpTokensState"` + + // The state of the metadata option changes. + // + // pending - The metadata options are being updated and the instance is not + // ready to process metadata traffic with the new selection. + // + // applied - The metadata options have been successfully applied on the instance. + State *string `locationName:"state" type:"string" enum:"LaunchTemplateInstanceMetadataOptionsState"` +} + +// String returns the string representation +func (s LaunchTemplateInstanceMetadataOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LaunchTemplateInstanceMetadataOptions) GoString() string { + return s.String() +} + +// SetHttpEndpoint sets the HttpEndpoint field's value. +func (s *LaunchTemplateInstanceMetadataOptions) SetHttpEndpoint(v string) *LaunchTemplateInstanceMetadataOptions { + s.HttpEndpoint = &v + return s +} + +// SetHttpPutResponseHopLimit sets the HttpPutResponseHopLimit field's value. +func (s *LaunchTemplateInstanceMetadataOptions) SetHttpPutResponseHopLimit(v int64) *LaunchTemplateInstanceMetadataOptions { + s.HttpPutResponseHopLimit = &v + return s +} + +// SetHttpTokens sets the HttpTokens field's value. +func (s *LaunchTemplateInstanceMetadataOptions) SetHttpTokens(v string) *LaunchTemplateInstanceMetadataOptions { + s.HttpTokens = &v + return s +} + +// SetState sets the State field's value. +func (s *LaunchTemplateInstanceMetadataOptions) SetState(v string) *LaunchTemplateInstanceMetadataOptions { + s.State = &v + return s +} + +// The metadata options for the instance. For more information, see Instance +// Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) +// in the Amazon Elastic Compute Cloud User Guide. +type LaunchTemplateInstanceMetadataOptionsRequest struct { + _ struct{} `type:"structure"` + + // This parameter enables or disables the HTTP metadata endpoint on your instances. + // If the parameter is not specified, the default state is enabled. + // + // If you specify a value of disabled, you will not be able to access your instance + // metadata. + HttpEndpoint *string `type:"string" enum:"LaunchTemplateInstanceMetadataEndpointState"` + + // The desired HTTP PUT response hop limit for instance metadata requests. The + // larger the number, the further instance metadata requests can travel. + // + // Default: 1 + // + // Possible values: Integers from 1 to 64 + HttpPutResponseHopLimit *int64 `type:"integer"` + + // The state of token usage for your instance metadata requests. If the parameter + // is not specified in the request, the default state is optional. + // + // If the state is optional, you can choose to retrieve instance metadata with + // or without a signed token header on your request. If you retrieve the IAM + // role credentials without a token, the version 1.0 role credentials are returned. + // If you retrieve the IAM role credentials using a valid signed token, the + // version 2.0 role credentials are returned. + // + // If the state is required, you must send a signed token header with any instance + // metadata retrieval requests. In this state, retrieving the IAM role credentials + // always returns the version 2.0 credentials; the version 1.0 credentials are + // not available. + HttpTokens *string `type:"string" enum:"LaunchTemplateHttpTokensState"` +} + +// String returns the string representation +func (s LaunchTemplateInstanceMetadataOptionsRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LaunchTemplateInstanceMetadataOptionsRequest) GoString() string { + return s.String() +} + +// SetHttpEndpoint sets the HttpEndpoint field's value. +func (s *LaunchTemplateInstanceMetadataOptionsRequest) SetHttpEndpoint(v string) *LaunchTemplateInstanceMetadataOptionsRequest { + s.HttpEndpoint = &v + return s +} + +// SetHttpPutResponseHopLimit sets the HttpPutResponseHopLimit field's value. +func (s *LaunchTemplateInstanceMetadataOptionsRequest) SetHttpPutResponseHopLimit(v int64) *LaunchTemplateInstanceMetadataOptionsRequest { + s.HttpPutResponseHopLimit = &v + return s +} + +// SetHttpTokens sets the HttpTokens field's value. +func (s *LaunchTemplateInstanceMetadataOptionsRequest) SetHttpTokens(v string) *LaunchTemplateInstanceMetadataOptionsRequest { + s.HttpTokens = &v + return s +} + // Describes a network interface. type LaunchTemplateInstanceNetworkInterfaceSpecification struct { _ struct{} `type:"structure"` @@ -73280,6 +83311,13 @@ type LaunchTemplatePlacement struct { // The ID of the Dedicated Host for the instance. HostId *string `locationName:"hostId" type:"string"` + // The ARN of the host resource group in which to launch the instances. + HostResourceGroupArn *string `locationName:"hostResourceGroupArn" type:"string"` + + // The number of the partition the instance should launch in. Valid only if + // the placement group strategy is set to partition. + PartitionNumber *int64 `locationName:"partitionNumber" type:"integer"` + // Reserved for future use. SpreadDomain *string `locationName:"spreadDomain" type:"string"` @@ -73322,6 +83360,18 @@ func (s *LaunchTemplatePlacement) SetHostId(v string) *LaunchTemplatePlacement { return s } +// SetHostResourceGroupArn sets the HostResourceGroupArn field's value. +func (s *LaunchTemplatePlacement) SetHostResourceGroupArn(v string) *LaunchTemplatePlacement { + s.HostResourceGroupArn = &v + return s +} + +// SetPartitionNumber sets the PartitionNumber field's value. +func (s *LaunchTemplatePlacement) SetPartitionNumber(v int64) *LaunchTemplatePlacement { + s.PartitionNumber = &v + return s +} + // SetSpreadDomain sets the SpreadDomain field's value. func (s *LaunchTemplatePlacement) SetSpreadDomain(v string) *LaunchTemplatePlacement { s.SpreadDomain = &v @@ -73350,6 +83400,15 @@ type LaunchTemplatePlacementRequest struct { // The ID of the Dedicated Host for the instance. HostId *string `type:"string"` + // The ARN of the host resource group in which to launch the instances. If you + // specify a host resource group ARN, omit the Tenancy parameter or set it to + // host. + HostResourceGroupArn *string `type:"string"` + + // The number of the partition the instance should launch in. Valid only if + // the placement group strategy is set to partition. + PartitionNumber *int64 `type:"integer"` + // Reserved for future use. SpreadDomain *string `type:"string"` @@ -73392,6 +83451,18 @@ func (s *LaunchTemplatePlacementRequest) SetHostId(v string) *LaunchTemplatePlac return s } +// SetHostResourceGroupArn sets the HostResourceGroupArn field's value. +func (s *LaunchTemplatePlacementRequest) SetHostResourceGroupArn(v string) *LaunchTemplatePlacementRequest { + s.HostResourceGroupArn = &v + return s +} + +// SetPartitionNumber sets the PartitionNumber field's value. +func (s *LaunchTemplatePlacementRequest) SetPartitionNumber(v int64) *LaunchTemplatePlacementRequest { + s.PartitionNumber = &v + return s +} + // SetSpreadDomain sets the SpreadDomain field's value. func (s *LaunchTemplatePlacementRequest) SetSpreadDomain(v string) *LaunchTemplatePlacementRequest { s.SpreadDomain = &v @@ -73986,6 +84057,577 @@ func (s *LoadPermissionRequest) SetUserId(v string) *LoadPermissionRequest { return s } +// Describes a local gateway. +type LocalGateway struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + + // The ID of the AWS account ID that owns the local gateway. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The state of the local gateway. + State *string `locationName:"state" type:"string"` + + // The tags assigned to the local gateway. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s LocalGateway) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGateway) GoString() string { + return s.String() +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGateway) SetLocalGatewayId(v string) *LocalGateway { + s.LocalGatewayId = &v + return s +} + +// SetOutpostArn sets the OutpostArn field's value. +func (s *LocalGateway) SetOutpostArn(v string) *LocalGateway { + s.OutpostArn = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *LocalGateway) SetOwnerId(v string) *LocalGateway { + s.OwnerId = &v + return s +} + +// SetState sets the State field's value. +func (s *LocalGateway) SetState(v string) *LocalGateway { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGateway) SetTags(v []*Tag) *LocalGateway { + s.Tags = v + return s +} + +// Describes a route for a local gateway route table. +type LocalGatewayRoute struct { + _ struct{} `type:"structure"` + + // The CIDR block used for destination matches. + DestinationCidrBlock *string `locationName:"destinationCidrBlock" type:"string"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The ID of the virtual interface group. + LocalGatewayVirtualInterfaceGroupId *string `locationName:"localGatewayVirtualInterfaceGroupId" type:"string"` + + // The state of the route. + State *string `locationName:"state" type:"string" enum:"LocalGatewayRouteState"` + + // The route type. + Type *string `locationName:"type" type:"string" enum:"LocalGatewayRouteType"` +} + +// String returns the string representation +func (s LocalGatewayRoute) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayRoute) GoString() string { + return s.String() +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *LocalGatewayRoute) SetDestinationCidrBlock(v string) *LocalGatewayRoute { + s.DestinationCidrBlock = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *LocalGatewayRoute) SetLocalGatewayRouteTableId(v string) *LocalGatewayRoute { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceGroupId sets the LocalGatewayVirtualInterfaceGroupId field's value. +func (s *LocalGatewayRoute) SetLocalGatewayVirtualInterfaceGroupId(v string) *LocalGatewayRoute { + s.LocalGatewayVirtualInterfaceGroupId = &v + return s +} + +// SetState sets the State field's value. +func (s *LocalGatewayRoute) SetState(v string) *LocalGatewayRoute { + s.State = &v + return s +} + +// SetType sets the Type field's value. +func (s *LocalGatewayRoute) SetType(v string) *LocalGatewayRoute { + s.Type = &v + return s +} + +// Describes a local gateway route table. +type LocalGatewayRouteTable struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + + // The state of the local gateway route table. + State *string `locationName:"state" type:"string"` + + // The tags assigned to the local gateway route table. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s LocalGatewayRouteTable) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayRouteTable) GoString() string { + return s.String() +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGatewayRouteTable) SetLocalGatewayId(v string) *LocalGatewayRouteTable { + s.LocalGatewayId = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *LocalGatewayRouteTable) SetLocalGatewayRouteTableId(v string) *LocalGatewayRouteTable { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetOutpostArn sets the OutpostArn field's value. +func (s *LocalGatewayRouteTable) SetOutpostArn(v string) *LocalGatewayRouteTable { + s.OutpostArn = &v + return s +} + +// SetState sets the State field's value. +func (s *LocalGatewayRouteTable) SetState(v string) *LocalGatewayRouteTable { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGatewayRouteTable) SetTags(v []*Tag) *LocalGatewayRouteTable { + s.Tags = v + return s +} + +// Describes an association between a local gateway route table and a virtual +// interface group. +type LocalGatewayRouteTableVirtualInterfaceGroupAssociation struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The ID of the association. + LocalGatewayRouteTableVirtualInterfaceGroupAssociationId *string `locationName:"localGatewayRouteTableVirtualInterfaceGroupAssociationId" type:"string"` + + // The ID of the virtual interface group. + LocalGatewayVirtualInterfaceGroupId *string `locationName:"localGatewayVirtualInterfaceGroupId" type:"string"` + + // The state of the association. + State *string `locationName:"state" type:"string"` + + // The tags assigned to the association. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s LocalGatewayRouteTableVirtualInterfaceGroupAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayRouteTableVirtualInterfaceGroupAssociation) GoString() string { + return s.String() +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetLocalGatewayId(v string) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.LocalGatewayId = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetLocalGatewayRouteTableId(v string) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetLocalGatewayRouteTableVirtualInterfaceGroupAssociationId sets the LocalGatewayRouteTableVirtualInterfaceGroupAssociationId field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetLocalGatewayRouteTableVirtualInterfaceGroupAssociationId(v string) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.LocalGatewayRouteTableVirtualInterfaceGroupAssociationId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceGroupId sets the LocalGatewayVirtualInterfaceGroupId field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetLocalGatewayVirtualInterfaceGroupId(v string) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.LocalGatewayVirtualInterfaceGroupId = &v + return s +} + +// SetState sets the State field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetState(v string) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGatewayRouteTableVirtualInterfaceGroupAssociation) SetTags(v []*Tag) *LocalGatewayRouteTableVirtualInterfaceGroupAssociation { + s.Tags = v + return s +} + +// Describes an association between a local gateway route table and a VPC. +type LocalGatewayRouteTableVpcAssociation struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The ID of the local gateway route table. + LocalGatewayRouteTableId *string `locationName:"localGatewayRouteTableId" type:"string"` + + // The ID of the association. + LocalGatewayRouteTableVpcAssociationId *string `locationName:"localGatewayRouteTableVpcAssociationId" type:"string"` + + // The state of the association. + State *string `locationName:"state" type:"string"` + + // The tags assigned to the association. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the VPC. + VpcId *string `locationName:"vpcId" type:"string"` +} + +// String returns the string representation +func (s LocalGatewayRouteTableVpcAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayRouteTableVpcAssociation) GoString() string { + return s.String() +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetLocalGatewayId(v string) *LocalGatewayRouteTableVpcAssociation { + s.LocalGatewayId = &v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetLocalGatewayRouteTableId(v string) *LocalGatewayRouteTableVpcAssociation { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetLocalGatewayRouteTableVpcAssociationId sets the LocalGatewayRouteTableVpcAssociationId field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetLocalGatewayRouteTableVpcAssociationId(v string) *LocalGatewayRouteTableVpcAssociation { + s.LocalGatewayRouteTableVpcAssociationId = &v + return s +} + +// SetState sets the State field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetState(v string) *LocalGatewayRouteTableVpcAssociation { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetTags(v []*Tag) *LocalGatewayRouteTableVpcAssociation { + s.Tags = v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *LocalGatewayRouteTableVpcAssociation) SetVpcId(v string) *LocalGatewayRouteTableVpcAssociation { + s.VpcId = &v + return s +} + +// Describes a local gateway virtual interface. +type LocalGatewayVirtualInterface struct { + _ struct{} `type:"structure"` + + // The local address. + LocalAddress *string `locationName:"localAddress" type:"string"` + + // The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the local + // gateway. + LocalBgpAsn *int64 `locationName:"localBgpAsn" type:"integer"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The ID of the virtual interface. + LocalGatewayVirtualInterfaceId *string `locationName:"localGatewayVirtualInterfaceId" type:"string"` + + // The peer address. + PeerAddress *string `locationName:"peerAddress" type:"string"` + + // The peer BGP ASN. + PeerBgpAsn *int64 `locationName:"peerBgpAsn" type:"integer"` + + // The tags assigned to the virtual interface. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the VLAN. + Vlan *int64 `locationName:"vlan" type:"integer"` +} + +// String returns the string representation +func (s LocalGatewayVirtualInterface) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayVirtualInterface) GoString() string { + return s.String() +} + +// SetLocalAddress sets the LocalAddress field's value. +func (s *LocalGatewayVirtualInterface) SetLocalAddress(v string) *LocalGatewayVirtualInterface { + s.LocalAddress = &v + return s +} + +// SetLocalBgpAsn sets the LocalBgpAsn field's value. +func (s *LocalGatewayVirtualInterface) SetLocalBgpAsn(v int64) *LocalGatewayVirtualInterface { + s.LocalBgpAsn = &v + return s +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGatewayVirtualInterface) SetLocalGatewayId(v string) *LocalGatewayVirtualInterface { + s.LocalGatewayId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceId sets the LocalGatewayVirtualInterfaceId field's value. +func (s *LocalGatewayVirtualInterface) SetLocalGatewayVirtualInterfaceId(v string) *LocalGatewayVirtualInterface { + s.LocalGatewayVirtualInterfaceId = &v + return s +} + +// SetPeerAddress sets the PeerAddress field's value. +func (s *LocalGatewayVirtualInterface) SetPeerAddress(v string) *LocalGatewayVirtualInterface { + s.PeerAddress = &v + return s +} + +// SetPeerBgpAsn sets the PeerBgpAsn field's value. +func (s *LocalGatewayVirtualInterface) SetPeerBgpAsn(v int64) *LocalGatewayVirtualInterface { + s.PeerBgpAsn = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGatewayVirtualInterface) SetTags(v []*Tag) *LocalGatewayVirtualInterface { + s.Tags = v + return s +} + +// SetVlan sets the Vlan field's value. +func (s *LocalGatewayVirtualInterface) SetVlan(v int64) *LocalGatewayVirtualInterface { + s.Vlan = &v + return s +} + +// Describes a local gateway virtual interface group. +type LocalGatewayVirtualInterfaceGroup struct { + _ struct{} `type:"structure"` + + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + + // The ID of the virtual interface group. + LocalGatewayVirtualInterfaceGroupId *string `locationName:"localGatewayVirtualInterfaceGroupId" type:"string"` + + // The IDs of the virtual interfaces. + LocalGatewayVirtualInterfaceIds []*string `locationName:"localGatewayVirtualInterfaceIdSet" locationNameList:"item" type:"list"` + + // The tags assigned to the virtual interface group. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s LocalGatewayVirtualInterfaceGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LocalGatewayVirtualInterfaceGroup) GoString() string { + return s.String() +} + +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *LocalGatewayVirtualInterfaceGroup) SetLocalGatewayId(v string) *LocalGatewayVirtualInterfaceGroup { + s.LocalGatewayId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceGroupId sets the LocalGatewayVirtualInterfaceGroupId field's value. +func (s *LocalGatewayVirtualInterfaceGroup) SetLocalGatewayVirtualInterfaceGroupId(v string) *LocalGatewayVirtualInterfaceGroup { + s.LocalGatewayVirtualInterfaceGroupId = &v + return s +} + +// SetLocalGatewayVirtualInterfaceIds sets the LocalGatewayVirtualInterfaceIds field's value. +func (s *LocalGatewayVirtualInterfaceGroup) SetLocalGatewayVirtualInterfaceIds(v []*string) *LocalGatewayVirtualInterfaceGroup { + s.LocalGatewayVirtualInterfaceIds = v + return s +} + +// SetTags sets the Tags field's value. +func (s *LocalGatewayVirtualInterfaceGroup) SetTags(v []*Tag) *LocalGatewayVirtualInterfaceGroup { + s.Tags = v + return s +} + +// Describes the memory for the instance type. +type MemoryInfo struct { + _ struct{} `type:"structure"` + + // Size of the memory, in MiB. + SizeInMiB *int64 `locationName:"sizeInMiB" type:"long"` +} + +// String returns the string representation +func (s MemoryInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MemoryInfo) GoString() string { + return s.String() +} + +// SetSizeInMiB sets the SizeInMiB field's value. +func (s *MemoryInfo) SetSizeInMiB(v int64) *MemoryInfo { + s.SizeInMiB = &v + return s +} + +type ModifyAvailabilityZoneGroupInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The name of the Availability Zone Group. + // + // GroupName is a required field + GroupName *string `type:"string" required:"true"` + + // Indicates whether to enable or disable membership. The valid values are opted-in. + // You must contact AWS Support (https://console.aws.amazon.com/support/home#/case/create%3FissueType=customer-service%26serviceCode=general-info%26getting-started%26categoryCode=using-aws%26services) + // to disable an Availability Zone group. + // + // OptInStatus is a required field + OptInStatus *string `type:"string" required:"true" enum:"ModifyAvailabilityZoneOptInStatus"` +} + +// String returns the string representation +func (s ModifyAvailabilityZoneGroupInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyAvailabilityZoneGroupInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyAvailabilityZoneGroupInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyAvailabilityZoneGroupInput"} + if s.GroupName == nil { + invalidParams.Add(request.NewErrParamRequired("GroupName")) + } + if s.OptInStatus == nil { + invalidParams.Add(request.NewErrParamRequired("OptInStatus")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyAvailabilityZoneGroupInput) SetDryRun(v bool) *ModifyAvailabilityZoneGroupInput { + s.DryRun = &v + return s +} + +// SetGroupName sets the GroupName field's value. +func (s *ModifyAvailabilityZoneGroupInput) SetGroupName(v string) *ModifyAvailabilityZoneGroupInput { + s.GroupName = &v + return s +} + +// SetOptInStatus sets the OptInStatus field's value. +func (s *ModifyAvailabilityZoneGroupInput) SetOptInStatus(v string) *ModifyAvailabilityZoneGroupInput { + s.OptInStatus = &v + return s +} + +type ModifyAvailabilityZoneGroupOutput struct { + _ struct{} `type:"structure"` + + // Is true if the request succeeds, and an error otherwise. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s ModifyAvailabilityZoneGroupOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyAvailabilityZoneGroupOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ModifyAvailabilityZoneGroupOutput) SetReturn(v bool) *ModifyAvailabilityZoneGroupOutput { + s.Return = &v + return s +} + type ModifyCapacityReservationInput struct { _ struct{} `type:"structure"` @@ -74138,6 +84780,9 @@ type ModifyClientVpnEndpointInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The IDs of one or more security groups to apply to the target network. + SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"item" type:"list"` + // The ARN of the server certificate to be used. The server certificate must // be provisioned in AWS Certificate Manager (ACM). ServerCertificateArn *string `type:"string"` @@ -74148,6 +84793,16 @@ type ModifyClientVpnEndpointInput struct { // VPN Endpoint (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html) // in the AWS Client VPN Administrator Guide. SplitTunnel *bool `type:"boolean"` + + // The ID of the VPC to associate with the Client VPN endpoint. + VpcId *string `type:"string"` + + // The port number to assign to the Client VPN endpoint for TCP and UDP traffic. + // + // Valid Values: 443 | 1194 + // + // Default Value: 443 + VpnPort *int64 `type:"integer"` } // String returns the string representation @@ -74203,6 +84858,12 @@ func (s *ModifyClientVpnEndpointInput) SetDryRun(v bool) *ModifyClientVpnEndpoin return s } +// SetSecurityGroupIds sets the SecurityGroupIds field's value. +func (s *ModifyClientVpnEndpointInput) SetSecurityGroupIds(v []*string) *ModifyClientVpnEndpointInput { + s.SecurityGroupIds = v + return s +} + // SetServerCertificateArn sets the ServerCertificateArn field's value. func (s *ModifyClientVpnEndpointInput) SetServerCertificateArn(v string) *ModifyClientVpnEndpointInput { s.ServerCertificateArn = &v @@ -74215,6 +84876,18 @@ func (s *ModifyClientVpnEndpointInput) SetSplitTunnel(v bool) *ModifyClientVpnEn return s } +// SetVpcId sets the VpcId field's value. +func (s *ModifyClientVpnEndpointInput) SetVpcId(v string) *ModifyClientVpnEndpointInput { + s.VpcId = &v + return s +} + +// SetVpnPort sets the VpnPort field's value. +func (s *ModifyClientVpnEndpointInput) SetVpnPort(v int64) *ModifyClientVpnEndpointInput { + s.VpnPort = &v + return s +} + type ModifyClientVpnEndpointOutput struct { _ struct{} `type:"structure"` @@ -74238,6 +84911,95 @@ func (s *ModifyClientVpnEndpointOutput) SetReturn(v bool) *ModifyClientVpnEndpoi return s } +type ModifyDefaultCreditSpecificationInput struct { + _ struct{} `type:"structure"` + + // The credit option for CPU usage of the instance family. + // + // Valid Values: standard | unlimited + // + // CpuCredits is a required field + CpuCredits *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The instance family. + // + // InstanceFamily is a required field + InstanceFamily *string `type:"string" required:"true" enum:"UnlimitedSupportedInstanceFamily"` +} + +// String returns the string representation +func (s ModifyDefaultCreditSpecificationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyDefaultCreditSpecificationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyDefaultCreditSpecificationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyDefaultCreditSpecificationInput"} + if s.CpuCredits == nil { + invalidParams.Add(request.NewErrParamRequired("CpuCredits")) + } + if s.InstanceFamily == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceFamily")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCpuCredits sets the CpuCredits field's value. +func (s *ModifyDefaultCreditSpecificationInput) SetCpuCredits(v string) *ModifyDefaultCreditSpecificationInput { + s.CpuCredits = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyDefaultCreditSpecificationInput) SetDryRun(v bool) *ModifyDefaultCreditSpecificationInput { + s.DryRun = &v + return s +} + +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *ModifyDefaultCreditSpecificationInput) SetInstanceFamily(v string) *ModifyDefaultCreditSpecificationInput { + s.InstanceFamily = &v + return s +} + +type ModifyDefaultCreditSpecificationOutput struct { + _ struct{} `type:"structure"` + + // The default credit option for CPU usage of the instance family. + InstanceFamilyCreditSpecification *InstanceFamilyCreditSpecification `locationName:"instanceFamilyCreditSpecification" type:"structure"` +} + +// String returns the string representation +func (s ModifyDefaultCreditSpecificationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyDefaultCreditSpecificationOutput) GoString() string { + return s.String() +} + +// SetInstanceFamilyCreditSpecification sets the InstanceFamilyCreditSpecification field's value. +func (s *ModifyDefaultCreditSpecificationOutput) SetInstanceFamilyCreditSpecification(v *InstanceFamilyCreditSpecification) *ModifyDefaultCreditSpecificationOutput { + s.InstanceFamilyCreditSpecification = v + return s +} + type ModifyEbsDefaultKmsKeyIdInput struct { _ struct{} `type:"structure"` @@ -74266,6 +85028,8 @@ type ModifyEbsDefaultKmsKeyIdInput struct { // alias, or ARN that is not valid, the action can appear to complete, but eventually // fails. // + // Amazon EBS does not support asymmetric CMKs. + // // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` } @@ -74594,6 +85358,24 @@ type ModifyHostsInput struct { // For more information, see Host Recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) // in the Amazon Elastic Compute Cloud User Guide. HostRecovery *string `type:"string" enum:"HostRecovery"` + + // Specifies the instance family to be supported by the Dedicated Host. Specify + // this parameter to modify a Dedicated Host to support multiple instance types + // within its current instance family. + // + // If you want to modify a Dedicated Host to support a specific instance type + // only, omit this parameter and specify InstanceType instead. You cannot specify + // InstanceFamily and InstanceType in the same request. + InstanceFamily *string `type:"string"` + + // Specifies the instance type to be supported by the Dedicated Host. Specify + // this parameter to modify a Dedicated Host to support only a specific instance + // type. + // + // If you want to modify a Dedicated Host to support multiple instance types + // in its current instance family, omit this parameter and specify InstanceFamily + // instead. You cannot specify InstanceType and InstanceFamily in the same request. + InstanceType *string `type:"string"` } // String returns the string representation @@ -74637,6 +85419,18 @@ func (s *ModifyHostsInput) SetHostRecovery(v string) *ModifyHostsInput { return s } +// SetInstanceFamily sets the InstanceFamily field's value. +func (s *ModifyHostsInput) SetInstanceFamily(v string) *ModifyHostsInput { + s.InstanceFamily = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *ModifyHostsInput) SetInstanceType(v string) *ModifyHostsInput { + s.InstanceType = &v + return s +} + type ModifyHostsOutput struct { _ struct{} `type:"structure"` @@ -75637,6 +86431,9 @@ type ModifyInstancePlacementInput struct { // The ID of the Dedicated Host with which to associate the instance. HostId *string `locationName:"hostId" type:"string"` + // The ARN of the host resource group in which to place the instance. + HostResourceGroupArn *string `type:"string"` + // The ID of the instance that you are modifying. // // InstanceId is a required field @@ -75690,6 +86487,12 @@ func (s *ModifyInstancePlacementInput) SetHostId(v string) *ModifyInstancePlacem return s } +// SetHostResourceGroupArn sets the HostResourceGroupArn field's value. +func (s *ModifyInstancePlacementInput) SetHostResourceGroupArn(v string) *ModifyInstancePlacementInput { + s.HostResourceGroupArn = &v + return s +} + // SetInstanceId sets the InstanceId field's value. func (s *ModifyInstancePlacementInput) SetInstanceId(v string) *ModifyInstancePlacementInput { s.InstanceId = &v @@ -76030,7 +86833,6 @@ func (s *ModifyReservedInstancesOutput) SetReservedInstancesModificationId(v str return s } -// Contains the parameters for ModifySnapshotAttribute. type ModifySnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -76732,6 +87534,8 @@ type ModifyTransitGatewayVpcAttachmentInput struct { DryRun *bool `type:"boolean"` // The new VPC attachment options. + // + // You cannot modify the IPv6 options. Options *ModifyTransitGatewayVpcAttachmentRequestOptions `type:"structure"` // The IDs of one or more subnets to remove. @@ -76852,7 +87656,6 @@ func (s *ModifyTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin return s } -// Contains the parameters for ModifyVolumeAttribute. type ModifyVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -77235,7 +88038,7 @@ type ModifyVpcEndpointInput struct { // policy must be in valid JSON format. PolicyDocument *string `type:"string"` - // (Interface endpoint) Indicate whether a private hosted zone is associated + // (Interface endpoint) Indicates whether a private hosted zone is associated // with the VPC. PrivateDnsEnabled *bool `type:"boolean"` @@ -77374,7 +88177,8 @@ func (s *ModifyVpcEndpointOutput) SetReturn(v bool) *ModifyVpcEndpointOutput { type ModifyVpcEndpointServiceConfigurationInput struct { _ struct{} `type:"structure"` - // Indicate whether requests to create an endpoint to your service must be accepted. + // Indicates whether requests to create an endpoint to your service must be + // accepted. AcceptanceRequired *bool `type:"boolean"` // The Amazon Resource Names (ARNs) of Network Load Balancers to add to your @@ -77387,10 +88191,16 @@ type ModifyVpcEndpointServiceConfigurationInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The private DNS name to assign to the endpoint service. + PrivateDnsName *string `type:"string"` + // The Amazon Resource Names (ARNs) of Network Load Balancers to remove from // your service configuration. RemoveNetworkLoadBalancerArns []*string `locationName:"RemoveNetworkLoadBalancerArn" locationNameList:"item" type:"list"` + // Removes the private DNS name of the endpoint service. + RemovePrivateDnsName *bool `type:"boolean"` + // The ID of the service. // // ServiceId is a required field @@ -77438,12 +88248,24 @@ func (s *ModifyVpcEndpointServiceConfigurationInput) SetDryRun(v bool) *ModifyVp return s } +// SetPrivateDnsName sets the PrivateDnsName field's value. +func (s *ModifyVpcEndpointServiceConfigurationInput) SetPrivateDnsName(v string) *ModifyVpcEndpointServiceConfigurationInput { + s.PrivateDnsName = &v + return s +} + // SetRemoveNetworkLoadBalancerArns sets the RemoveNetworkLoadBalancerArns field's value. func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemoveNetworkLoadBalancerArns(v []*string) *ModifyVpcEndpointServiceConfigurationInput { s.RemoveNetworkLoadBalancerArns = v return s } +// SetRemovePrivateDnsName sets the RemovePrivateDnsName field's value. +func (s *ModifyVpcEndpointServiceConfigurationInput) SetRemovePrivateDnsName(v bool) *ModifyVpcEndpointServiceConfigurationInput { + s.RemovePrivateDnsName = &v + return s +} + // SetServiceId sets the ServiceId field's value. func (s *ModifyVpcEndpointServiceConfigurationInput) SetServiceId(v string) *ModifyVpcEndpointServiceConfigurationInput { s.ServiceId = &v @@ -78893,6 +89715,75 @@ func (s *NetworkAclEntry) SetRuleNumber(v int64) *NetworkAclEntry { return s } +// Describes the networking features of the instance type. +type NetworkInfo struct { + _ struct{} `type:"structure"` + + // Indicates whether Elastic Network Adapter (ENA) is supported. + EnaSupport *string `locationName:"enaSupport" type:"string" enum:"EnaSupport"` + + // The maximum number of IPv4 addresses per network interface. + Ipv4AddressesPerInterface *int64 `locationName:"ipv4AddressesPerInterface" type:"integer"` + + // The maximum number of IPv6 addresses per network interface. + Ipv6AddressesPerInterface *int64 `locationName:"ipv6AddressesPerInterface" type:"integer"` + + // Indicates whether IPv6 is supported. + Ipv6Supported *bool `locationName:"ipv6Supported" type:"boolean"` + + // The maximum number of network interfaces for the instance type. + MaximumNetworkInterfaces *int64 `locationName:"maximumNetworkInterfaces" type:"integer"` + + // Describes the network performance. + NetworkPerformance *string `locationName:"networkPerformance" type:"string"` +} + +// String returns the string representation +func (s NetworkInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NetworkInfo) GoString() string { + return s.String() +} + +// SetEnaSupport sets the EnaSupport field's value. +func (s *NetworkInfo) SetEnaSupport(v string) *NetworkInfo { + s.EnaSupport = &v + return s +} + +// SetIpv4AddressesPerInterface sets the Ipv4AddressesPerInterface field's value. +func (s *NetworkInfo) SetIpv4AddressesPerInterface(v int64) *NetworkInfo { + s.Ipv4AddressesPerInterface = &v + return s +} + +// SetIpv6AddressesPerInterface sets the Ipv6AddressesPerInterface field's value. +func (s *NetworkInfo) SetIpv6AddressesPerInterface(v int64) *NetworkInfo { + s.Ipv6AddressesPerInterface = &v + return s +} + +// SetIpv6Supported sets the Ipv6Supported field's value. +func (s *NetworkInfo) SetIpv6Supported(v bool) *NetworkInfo { + s.Ipv6Supported = &v + return s +} + +// SetMaximumNetworkInterfaces sets the MaximumNetworkInterfaces field's value. +func (s *NetworkInfo) SetMaximumNetworkInterfaces(v int64) *NetworkInfo { + s.MaximumNetworkInterfaces = &v + return s +} + +// SetNetworkPerformance sets the NetworkPerformance field's value. +func (s *NetworkInfo) SetNetworkPerformance(v string) *NetworkInfo { + s.NetworkPerformance = &v + return s +} + // Describes a network interface. type NetworkInterface struct { _ struct{} `type:"structure"` @@ -78925,6 +89816,9 @@ type NetworkInterface struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // The AWS account ID of the owner of the network interface. OwnerId *string `locationName:"ownerId" type:"string"` @@ -79024,6 +89918,12 @@ func (s *NetworkInterface) SetNetworkInterfaceId(v string) *NetworkInterface { return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *NetworkInterface) SetOutpostArn(v string) *NetworkInterface { + s.OutpostArn = &v + return s +} + // SetOwnerId sets the OwnerId field's value. func (s *NetworkInterface) SetOwnerId(v string) *NetworkInterface { s.OwnerId = &v @@ -79482,6 +90382,10 @@ type OnDemandOptions struct { // Fleet defaults to lowest-price. AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"FleetOnDemandAllocationStrategy"` + // The strategy for using unused Capacity Reservations for fulfilling On-Demand + // capacity. Supported only for fleets of type instant. + CapacityReservationOptions *CapacityReservationOptions `locationName:"capacityReservationOptions" type:"structure"` + // The maximum amount per hour for On-Demand Instances that you're willing to // pay. MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` @@ -79491,11 +90395,11 @@ type OnDemandOptions struct { MinTargetCapacity *int64 `locationName:"minTargetCapacity" type:"integer"` // Indicates that the fleet launches all On-Demand Instances into a single Availability - // Zone. + // Zone. Supported only for fleets of type instant. SingleAvailabilityZone *bool `locationName:"singleAvailabilityZone" type:"boolean"` // Indicates that the fleet uses a single instance type to launch all On-Demand - // Instances in the fleet. + // Instances in the fleet. Supported only for fleets of type instant. SingleInstanceType *bool `locationName:"singleInstanceType" type:"boolean"` } @@ -79515,6 +90419,12 @@ func (s *OnDemandOptions) SetAllocationStrategy(v string) *OnDemandOptions { return s } +// SetCapacityReservationOptions sets the CapacityReservationOptions field's value. +func (s *OnDemandOptions) SetCapacityReservationOptions(v *CapacityReservationOptions) *OnDemandOptions { + s.CapacityReservationOptions = v + return s +} + // SetMaxTotalPrice sets the MaxTotalPrice field's value. func (s *OnDemandOptions) SetMaxTotalPrice(v string) *OnDemandOptions { s.MaxTotalPrice = &v @@ -79551,6 +90461,10 @@ type OnDemandOptionsRequest struct { // Fleet defaults to lowest-price. AllocationStrategy *string `type:"string" enum:"FleetOnDemandAllocationStrategy"` + // The strategy for using unused Capacity Reservations for fulfilling On-Demand + // capacity. Supported only for fleets of type instant. + CapacityReservationOptions *CapacityReservationOptionsRequest `type:"structure"` + // The maximum amount per hour for On-Demand Instances that you're willing to // pay. MaxTotalPrice *string `type:"string"` @@ -79560,11 +90474,11 @@ type OnDemandOptionsRequest struct { MinTargetCapacity *int64 `type:"integer"` // Indicates that the fleet launches all On-Demand Instances into a single Availability - // Zone. + // Zone. Supported only for fleets of type instant. SingleAvailabilityZone *bool `type:"boolean"` // Indicates that the fleet uses a single instance type to launch all On-Demand - // Instances in the fleet. + // Instances in the fleet. Supported only for fleets of type instant. SingleInstanceType *bool `type:"boolean"` } @@ -79584,6 +90498,12 @@ func (s *OnDemandOptionsRequest) SetAllocationStrategy(v string) *OnDemandOption return s } +// SetCapacityReservationOptions sets the CapacityReservationOptions field's value. +func (s *OnDemandOptionsRequest) SetCapacityReservationOptions(v *CapacityReservationOptionsRequest) *OnDemandOptionsRequest { + s.CapacityReservationOptions = v + return s +} + // SetMaxTotalPrice sets the MaxTotalPrice field's value. func (s *OnDemandOptionsRequest) SetMaxTotalPrice(v string) *OnDemandOptionsRequest { s.MaxTotalPrice = &v @@ -79660,6 +90580,39 @@ func (s *PciId) SetVendorId(v string) *PciId { return s } +// The status of the transit gateway peering attachment. +type PeeringAttachmentStatus struct { + _ struct{} `type:"structure"` + + // The status code. + Code *string `locationName:"code" type:"string"` + + // The status message, if applicable. + Message *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s PeeringAttachmentStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PeeringAttachmentStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *PeeringAttachmentStatus) SetCode(v string) *PeeringAttachmentStatus { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *PeeringAttachmentStatus) SetMessage(v string) *PeeringAttachmentStatus { + s.Message = &v + return s +} + // Describes the VPC peering connection options. type PeeringConnectionOptions struct { _ struct{} `type:"structure"` @@ -79750,6 +90703,48 @@ func (s *PeeringConnectionOptionsRequest) SetAllowEgressFromLocalVpcToRemoteClas return s } +// Information about the transit gateway in the peering attachment. +type PeeringTgwInfo struct { + _ struct{} `type:"structure"` + + // The AWS account ID of the owner of the transit gateway. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The Region of the transit gateway. + Region *string `locationName:"region" type:"string"` + + // The ID of the transit gateway. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` +} + +// String returns the string representation +func (s PeeringTgwInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PeeringTgwInfo) GoString() string { + return s.String() +} + +// SetOwnerId sets the OwnerId field's value. +func (s *PeeringTgwInfo) SetOwnerId(v string) *PeeringTgwInfo { + s.OwnerId = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *PeeringTgwInfo) SetRegion(v string) *PeeringTgwInfo { + s.Region = &v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *PeeringTgwInfo) SetTransitGatewayId(v string) *PeeringTgwInfo { + s.TransitGatewayId = &v + return s +} + // The Diffie-Hellmann group number for phase 1 IKE negotiations. type Phase1DHGroupNumbersListValue struct { _ struct{} `type:"structure"` @@ -80046,12 +91041,16 @@ type Placement struct { // The affinity setting for the instance on the Dedicated Host. This parameter // is not supported for the ImportInstance command. + // + // This parameter is not supported by . Affinity *string `locationName:"affinity" type:"string"` // The Availability Zone of the instance. // // If not specified, an Availability Zone will be automatically chosen for you // based on the load balancing criteria for the Region. + // + // This parameter is not supported by . AvailabilityZone *string `locationName:"availabilityZone" type:"string"` // The name of the placement group the instance is in. @@ -80059,18 +91058,33 @@ type Placement struct { // The ID of the Dedicated Host on which the instance resides. This parameter // is not supported for the ImportInstance command. + // + // This parameter is not supported by . HostId *string `locationName:"hostId" type:"string"` + // The ARN of the host resource group in which to launch the instances. If you + // specify a host resource group ARN, omit the Tenancy parameter or set it to + // host. + // + // This parameter is not supported by . + HostResourceGroupArn *string `locationName:"hostResourceGroupArn" type:"string"` + // The number of the partition the instance is in. Valid only if the placement // group strategy is set to partition. + // + // This parameter is not supported by . PartitionNumber *int64 `locationName:"partitionNumber" type:"integer"` // Reserved for future use. + // + // This parameter is not supported by . SpreadDomain *string `locationName:"spreadDomain" type:"string"` // The tenancy of the instance (if the instance is running in a VPC). An instance // with a tenancy of dedicated runs on single-tenant hardware. The host tenancy // is not supported for the ImportInstance command. + // + // This parameter is not supported by . Tenancy *string `locationName:"tenancy" type:"string" enum:"Tenancy"` } @@ -80108,6 +91122,12 @@ func (s *Placement) SetHostId(v string) *Placement { return s } +// SetHostResourceGroupArn sets the HostResourceGroupArn field's value. +func (s *Placement) SetHostResourceGroupArn(v string) *Placement { + s.HostResourceGroupArn = &v + return s +} + // SetPartitionNumber sets the PartitionNumber field's value. func (s *Placement) SetPartitionNumber(v int64) *Placement { s.PartitionNumber = &v @@ -80130,6 +91150,9 @@ func (s *Placement) SetTenancy(v string) *Placement { type PlacementGroup struct { _ struct{} `type:"structure"` + // The ID of the placement group. + GroupId *string `locationName:"groupId" type:"string"` + // The name of the placement group. GroupName *string `locationName:"groupName" type:"string"` @@ -80141,6 +91164,9 @@ type PlacementGroup struct { // The placement strategy. Strategy *string `locationName:"strategy" type:"string" enum:"PlacementStrategy"` + + // Any tags applied to the placement group. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -80153,6 +91179,12 @@ func (s PlacementGroup) GoString() string { return s.String() } +// SetGroupId sets the GroupId field's value. +func (s *PlacementGroup) SetGroupId(v string) *PlacementGroup { + s.GroupId = &v + return s +} + // SetGroupName sets the GroupName field's value. func (s *PlacementGroup) SetGroupName(v string) *PlacementGroup { s.GroupName = &v @@ -80177,11 +91209,41 @@ func (s *PlacementGroup) SetStrategy(v string) *PlacementGroup { return s } +// SetTags sets the Tags field's value. +func (s *PlacementGroup) SetTags(v []*Tag) *PlacementGroup { + s.Tags = v + return s +} + +// Describes the placement group support of the instance type. +type PlacementGroupInfo struct { + _ struct{} `type:"structure"` + + // A list of supported placement groups types. + SupportedStrategies []*string `locationName:"supportedStrategies" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s PlacementGroupInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PlacementGroupInfo) GoString() string { + return s.String() +} + +// SetSupportedStrategies sets the SupportedStrategies field's value. +func (s *PlacementGroupInfo) SetSupportedStrategies(v []*string) *PlacementGroupInfo { + s.SupportedStrategies = v + return s +} + // Describes the placement of an instance. type PlacementResponse struct { _ struct{} `type:"structure"` - // The name of the placement group the instance is in. + // The name of the placement group that the instance is in. GroupName *string `locationName:"groupName" type:"string"` } @@ -80201,6 +91263,30 @@ func (s *PlacementResponse) SetGroupName(v string) *PlacementResponse { return s } +// Describes a CIDR block for an address pool. +type PoolCidrBlock struct { + _ struct{} `type:"structure"` + + // The CIDR block. + Cidr *string `locationName:"poolCidrBlock" type:"string"` +} + +// String returns the string representation +func (s PoolCidrBlock) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PoolCidrBlock) GoString() string { + return s.String() +} + +// SetCidr sets the Cidr field's value. +func (s *PoolCidrBlock) SetCidr(v string) *PoolCidrBlock { + s.Cidr = &v + return s +} + // Describes a range of ports. type PortRange struct { _ struct{} `type:"structure"` @@ -80485,6 +91571,65 @@ func (s *PrincipalIdFormat) SetStatuses(v []*IdFormat) *PrincipalIdFormat { return s } +// Information about the private DNS name for the service endpoint. For more +// information about these parameters, see VPC Endpoint Service Private DNS +// Name Verification (https://docs.aws.amazon.com/vpc/latest/userguide/ndpoint-services-dns-validation.html) +// in the Amazon Virtual Private Cloud User Guide. +type PrivateDnsNameConfiguration struct { + _ struct{} `type:"structure"` + + // The name of the record subdomain the service provider needs to create. The + // service provider adds the value text to the name. + Name *string `locationName:"name" type:"string"` + + // The verification state of the VPC endpoint service. + // + // >Consumers of the endpoint service can use the private name only when the + // state is verified. + State *string `locationName:"state" type:"string" enum:"DnsNameState"` + + // The endpoint service verification type, for example TXT. + Type *string `locationName:"type" type:"string"` + + // The value the service provider adds to the private DNS name domain record + // before verification. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s PrivateDnsNameConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PrivateDnsNameConfiguration) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *PrivateDnsNameConfiguration) SetName(v string) *PrivateDnsNameConfiguration { + s.Name = &v + return s +} + +// SetState sets the State field's value. +func (s *PrivateDnsNameConfiguration) SetState(v string) *PrivateDnsNameConfiguration { + s.State = &v + return s +} + +// SetType sets the Type field's value. +func (s *PrivateDnsNameConfiguration) SetType(v string) *PrivateDnsNameConfiguration { + s.Type = &v + return s +} + +// SetValue sets the Value field's value. +func (s *PrivateDnsNameConfiguration) SetValue(v string) *PrivateDnsNameConfiguration { + s.Value = &v + return s +} + // Describes a secondary private IPv4 address for a network interface. type PrivateIpAddressSpecification struct { _ struct{} `type:"structure"` @@ -80519,6 +91664,39 @@ func (s *PrivateIpAddressSpecification) SetPrivateIpAddress(v string) *PrivateIp return s } +// Describes the processor used by the instance type. +type ProcessorInfo struct { + _ struct{} `type:"structure"` + + // A list of architectures supported by the instance type. + SupportedArchitectures []*string `locationName:"supportedArchitectures" locationNameList:"item" type:"list"` + + // The speed of the processor, in GHz. + SustainedClockSpeedInGhz *float64 `locationName:"sustainedClockSpeedInGhz" type:"double"` +} + +// String returns the string representation +func (s ProcessorInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ProcessorInfo) GoString() string { + return s.String() +} + +// SetSupportedArchitectures sets the SupportedArchitectures field's value. +func (s *ProcessorInfo) SetSupportedArchitectures(v []*string) *ProcessorInfo { + s.SupportedArchitectures = v + return s +} + +// SetSustainedClockSpeedInGhz sets the SustainedClockSpeedInGhz field's value. +func (s *ProcessorInfo) SetSustainedClockSpeedInGhz(v float64) *ProcessorInfo { + s.SustainedClockSpeedInGhz = &v + return s +} + // Describes a product code. type ProductCode struct { _ struct{} `type:"structure"` @@ -80579,9 +91757,10 @@ func (s *PropagatingVgw) SetGatewayId(v string) *PropagatingVgw { type ProvisionByoipCidrInput struct { _ struct{} `type:"structure"` - // The public IPv4 address range, in CIDR notation. The most specific prefix - // that you can specify is /24. The address range cannot overlap with another - // address range that you've brought to this or another Region. + // The public IPv4 or IPv6 address range, in CIDR notation. The most specific + // IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you + // can specify is /56. The address range cannot overlap with another address + // range that you've brought to this or another Region. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -80598,6 +91777,12 @@ type ProvisionByoipCidrInput struct { // the required permissions, the error response is DryRunOperation. Otherwise, // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + + // (IPv6 only) Indicate whether the address range will be publicly advertised + // to the internet. + // + // Default: true + PubliclyAdvertisable *bool `type:"boolean"` } // String returns the string representation @@ -80652,10 +91837,16 @@ func (s *ProvisionByoipCidrInput) SetDryRun(v bool) *ProvisionByoipCidrInput { return s } +// SetPubliclyAdvertisable sets the PubliclyAdvertisable field's value. +func (s *ProvisionByoipCidrInput) SetPubliclyAdvertisable(v bool) *ProvisionByoipCidrInput { + s.PubliclyAdvertisable = &v + return s +} + type ProvisionByoipCidrOutput struct { _ struct{} `type:"structure"` - // Information about the address pool. + // Information about the address range. ByoipCidr *ByoipCidr `locationName:"byoipCidr" type:"structure"` } @@ -80747,7 +91938,7 @@ func (s *ProvisionedBandwidth) SetStatus(v string) *ProvisionedBandwidth { return s } -// Describes an address pool. +// Describes an IPv4 address pool. type PublicIpv4Pool struct { _ struct{} `type:"structure"` @@ -80757,9 +91948,12 @@ type PublicIpv4Pool struct { // The address ranges. PoolAddressRanges []*PublicIpv4PoolRange `locationName:"poolAddressRangeSet" locationNameList:"item" type:"list"` - // The ID of the IPv4 address pool. + // The ID of the address pool. PoolId *string `locationName:"poolId" type:"string"` + // Any tags for the address pool. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // The total number of addresses. TotalAddressCount *int64 `locationName:"totalAddressCount" type:"integer"` @@ -80795,6 +91989,12 @@ func (s *PublicIpv4Pool) SetPoolId(v string) *PublicIpv4Pool { return s } +// SetTags sets the Tags field's value. +func (s *PublicIpv4Pool) SetTags(v []*Tag) *PublicIpv4Pool { + s.Tags = v + return s +} + // SetTotalAddressCount sets the TotalAddressCount field's value. func (s *PublicIpv4Pool) SetTotalAddressCount(v int64) *PublicIpv4Pool { s.TotalAddressCount = &v @@ -81694,6 +92894,233 @@ func (s *RegisterImageOutput) SetImageId(v string) *RegisterImageOutput { return s } +type RegisterTransitGatewayMulticastGroupMembersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `type:"string"` + + // The group members' network interface IDs to register with the transit gateway + // multicast group. + NetworkInterfaceIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s RegisterTransitGatewayMulticastGroupMembersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterTransitGatewayMulticastGroupMembersInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *RegisterTransitGatewayMulticastGroupMembersInput) SetDryRun(v bool) *RegisterTransitGatewayMulticastGroupMembersInput { + s.DryRun = &v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *RegisterTransitGatewayMulticastGroupMembersInput) SetGroupIpAddress(v string) *RegisterTransitGatewayMulticastGroupMembersInput { + s.GroupIpAddress = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *RegisterTransitGatewayMulticastGroupMembersInput) SetNetworkInterfaceIds(v []*string) *RegisterTransitGatewayMulticastGroupMembersInput { + s.NetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *RegisterTransitGatewayMulticastGroupMembersInput) SetTransitGatewayMulticastDomainId(v string) *RegisterTransitGatewayMulticastGroupMembersInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type RegisterTransitGatewayMulticastGroupMembersOutput struct { + _ struct{} `type:"structure"` + + // Information about the registered transit gateway multicast group members. + RegisteredMulticastGroupMembers *TransitGatewayMulticastRegisteredGroupMembers `locationName:"registeredMulticastGroupMembers" type:"structure"` +} + +// String returns the string representation +func (s RegisterTransitGatewayMulticastGroupMembersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterTransitGatewayMulticastGroupMembersOutput) GoString() string { + return s.String() +} + +// SetRegisteredMulticastGroupMembers sets the RegisteredMulticastGroupMembers field's value. +func (s *RegisterTransitGatewayMulticastGroupMembersOutput) SetRegisteredMulticastGroupMembers(v *TransitGatewayMulticastRegisteredGroupMembers) *RegisterTransitGatewayMulticastGroupMembersOutput { + s.RegisteredMulticastGroupMembers = v + return s +} + +type RegisterTransitGatewayMulticastGroupSourcesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `type:"string"` + + // The group sources' network interface IDs to register with the transit gateway + // multicast group. + NetworkInterfaceIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s RegisterTransitGatewayMulticastGroupSourcesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterTransitGatewayMulticastGroupSourcesInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *RegisterTransitGatewayMulticastGroupSourcesInput) SetDryRun(v bool) *RegisterTransitGatewayMulticastGroupSourcesInput { + s.DryRun = &v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *RegisterTransitGatewayMulticastGroupSourcesInput) SetGroupIpAddress(v string) *RegisterTransitGatewayMulticastGroupSourcesInput { + s.GroupIpAddress = &v + return s +} + +// SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. +func (s *RegisterTransitGatewayMulticastGroupSourcesInput) SetNetworkInterfaceIds(v []*string) *RegisterTransitGatewayMulticastGroupSourcesInput { + s.NetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *RegisterTransitGatewayMulticastGroupSourcesInput) SetTransitGatewayMulticastDomainId(v string) *RegisterTransitGatewayMulticastGroupSourcesInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type RegisterTransitGatewayMulticastGroupSourcesOutput struct { + _ struct{} `type:"structure"` + + // Information about the transit gateway multicast group sources. + RegisteredMulticastGroupSources *TransitGatewayMulticastRegisteredGroupSources `locationName:"registeredMulticastGroupSources" type:"structure"` +} + +// String returns the string representation +func (s RegisterTransitGatewayMulticastGroupSourcesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterTransitGatewayMulticastGroupSourcesOutput) GoString() string { + return s.String() +} + +// SetRegisteredMulticastGroupSources sets the RegisteredMulticastGroupSources field's value. +func (s *RegisterTransitGatewayMulticastGroupSourcesOutput) SetRegisteredMulticastGroupSources(v *TransitGatewayMulticastRegisteredGroupSources) *RegisterTransitGatewayMulticastGroupSourcesOutput { + s.RegisteredMulticastGroupSources = v + return s +} + +type RejectTransitGatewayPeeringAttachmentInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the transit gateway peering attachment. + // + // TransitGatewayAttachmentId is a required field + TransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s RejectTransitGatewayPeeringAttachmentInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RejectTransitGatewayPeeringAttachmentInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RejectTransitGatewayPeeringAttachmentInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RejectTransitGatewayPeeringAttachmentInput"} + if s.TransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayAttachmentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *RejectTransitGatewayPeeringAttachmentInput) SetDryRun(v bool) *RejectTransitGatewayPeeringAttachmentInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *RejectTransitGatewayPeeringAttachmentInput) SetTransitGatewayAttachmentId(v string) *RejectTransitGatewayPeeringAttachmentInput { + s.TransitGatewayAttachmentId = &v + return s +} + +type RejectTransitGatewayPeeringAttachmentOutput struct { + _ struct{} `type:"structure"` + + // The transit gateway peering attachment. + TransitGatewayPeeringAttachment *TransitGatewayPeeringAttachment `locationName:"transitGatewayPeeringAttachment" type:"structure"` +} + +// String returns the string representation +func (s RejectTransitGatewayPeeringAttachmentOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RejectTransitGatewayPeeringAttachmentOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayPeeringAttachment sets the TransitGatewayPeeringAttachment field's value. +func (s *RejectTransitGatewayPeeringAttachmentOutput) SetTransitGatewayPeeringAttachment(v *TransitGatewayPeeringAttachment) *RejectTransitGatewayPeeringAttachmentOutput { + s.TransitGatewayPeeringAttachment = v + return s +} + type RejectTransitGatewayVpcAttachmentInput struct { _ struct{} `type:"structure"` @@ -81939,6 +93366,16 @@ type ReleaseAddressInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` + // The location that the IP address is released from. + // + // If you provide an incorrect network border group, you will receive an InvalidAddress.NotFound + // error. For more information, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + // + // You cannot use a network border group with EC2 Classic. If you attempt this + // operation on EC2 classic, you will receive an InvalidParameterCombination + // error. For more information, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + NetworkBorderGroup *string `type:"string"` + // [EC2-Classic] The Elastic IP address. Required for EC2-Classic. PublicIp *string `type:"string"` } @@ -81965,6 +93402,12 @@ func (s *ReleaseAddressInput) SetDryRun(v bool) *ReleaseAddressInput { return s } +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *ReleaseAddressInput) SetNetworkBorderGroup(v string) *ReleaseAddressInput { + s.NetworkBorderGroup = &v + return s +} + // SetPublicIp sets the PublicIp field's value. func (s *ReleaseAddressInput) SetPublicIp(v string) *ReleaseAddressInput { s.PublicIp = &v @@ -82411,6 +93854,12 @@ type ReplaceRouteInput struct { // The ID of a NAT instance in your VPC. InstanceId *string `locationName:"instanceId" type:"string"` + // The ID of the local gateway. + LocalGatewayId *string `type:"string"` + + // Specifies whether to reset the local route to its default target (local). + LocalTarget *bool `type:"boolean"` + // [IPv4 traffic only] The ID of a NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` @@ -82488,6 +93937,18 @@ func (s *ReplaceRouteInput) SetInstanceId(v string) *ReplaceRouteInput { return s } +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *ReplaceRouteInput) SetLocalGatewayId(v string) *ReplaceRouteInput { + s.LocalGatewayId = &v + return s +} + +// SetLocalTarget sets the LocalTarget field's value. +func (s *ReplaceRouteInput) SetLocalTarget(v bool) *ReplaceRouteInput { + s.LocalTarget = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *ReplaceRouteInput) SetNatGatewayId(v string) *ReplaceRouteInput { s.NatGatewayId = &v @@ -82599,6 +94060,9 @@ func (s *ReplaceRouteTableAssociationInput) SetRouteTableId(v string) *ReplaceRo type ReplaceRouteTableAssociationOutput struct { _ struct{} `type:"structure"` + // The state of the association. + AssociationState *RouteTableAssociationState `locationName:"associationState" type:"structure"` + // The ID of the new association. NewAssociationId *string `locationName:"newAssociationId" type:"string"` } @@ -82613,6 +94077,12 @@ func (s ReplaceRouteTableAssociationOutput) GoString() string { return s.String() } +// SetAssociationState sets the AssociationState field's value. +func (s *ReplaceRouteTableAssociationOutput) SetAssociationState(v *RouteTableAssociationState) *ReplaceRouteTableAssociationOutput { + s.AssociationState = v + return s +} + // SetNewAssociationId sets the NewAssociationId field's value. func (s *ReplaceRouteTableAssociationOutput) SetNewAssociationId(v string) *ReplaceRouteTableAssociationOutput { s.NewAssociationId = &v @@ -82870,12 +94340,6 @@ type RequestLaunchTemplateData struct { _ struct{} `type:"structure"` // The block device mapping. - // - // Supplying both a snapshot ID and an encryption value as arguments for block-device - // mapping results in an error. This is because only blank volumes can be encrypted - // on start, and these are not created from a snapshot. If a snapshot is the - // basis for the volume, it contains data by definition and its encryption status - // cannot be changed using this action. BlockDeviceMappings []*LaunchTemplateBlockDeviceMappingRequest `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // The Capacity Reservation targeting option. If you do not specify this parameter, @@ -82955,6 +94419,11 @@ type RequestLaunchTemplateData struct { // The license configurations. LicenseSpecifications []*LaunchTemplateLicenseConfigurationRequest `locationName:"LicenseSpecification" locationNameList:"item" type:"list"` + // The metadata options for the instance. For more information, see Instance + // Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // in the Amazon Elastic Compute Cloud User Guide. + MetadataOptions *LaunchTemplateInstanceMetadataOptionsRequest `type:"structure"` + // The monitoring for the instance. Monitoring *LaunchTemplatesMonitoringRequest `type:"structure"` @@ -83143,6 +94612,12 @@ func (s *RequestLaunchTemplateData) SetLicenseSpecifications(v []*LaunchTemplate return s } +// SetMetadataOptions sets the MetadataOptions field's value. +func (s *RequestLaunchTemplateData) SetMetadataOptions(v *LaunchTemplateInstanceMetadataOptionsRequest) *RequestLaunchTemplateData { + s.MetadataOptions = v + return s +} + // SetMonitoring sets the Monitoring field's value. func (s *RequestLaunchTemplateData) SetMonitoring(v *LaunchTemplatesMonitoringRequest) *RequestLaunchTemplateData { s.Monitoring = v @@ -83894,7 +95369,7 @@ type ReservedInstances struct { ReservedInstancesId *string `locationName:"reservedInstancesId" type:"string"` // The scope of the Reserved Instance. - Scope *string `locationName:"scope" type:"string" enum:"scope"` + Scope *string `locationName:"scope" type:"string" enum:"Scope"` // The date and time the Reserved Instance started. Start *time.Time `locationName:"start" type:"timestamp"` @@ -84048,7 +95523,7 @@ type ReservedInstancesConfiguration struct { // Whether the Reserved Instance is applied to instances in a Region or instances // in a specific Availability Zone. - Scope *string `locationName:"scope" type:"string" enum:"scope"` + Scope *string `locationName:"scope" type:"string" enum:"Scope"` } // String returns the string representation @@ -84407,7 +95882,7 @@ type ReservedInstancesOffering struct { // Whether the Reserved Instance is applied to instances in a Region or an Availability // Zone. - Scope *string `locationName:"scope" type:"string" enum:"scope"` + Scope *string `locationName:"scope" type:"string" enum:"Scope"` // The usage price of the Reserved Instance, per hour. UsagePrice *float64 `locationName:"usagePrice" type:"float"` @@ -84879,7 +96354,6 @@ func (s ResetNetworkInterfaceAttributeOutput) GoString() string { return s.String() } -// Contains the parameters for ResetSnapshotAttribute. type ResetSnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -85054,6 +96528,11 @@ type ResponseLaunchTemplateData struct { // The license configurations. LicenseSpecifications []*LaunchTemplateLicenseConfiguration `locationName:"licenseSet" locationNameList:"item" type:"list"` + // The metadata options for the instance. For more information, see Instance + // Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // in the Amazon Elastic Compute Cloud User Guide. + MetadataOptions *LaunchTemplateInstanceMetadataOptions `locationName:"metadataOptions" type:"structure"` + // The monitoring for the instance. Monitoring *LaunchTemplatesMonitoring `locationName:"monitoring" type:"structure"` @@ -85191,6 +96670,12 @@ func (s *ResponseLaunchTemplateData) SetLicenseSpecifications(v []*LaunchTemplat return s } +// SetMetadataOptions sets the MetadataOptions field's value. +func (s *ResponseLaunchTemplateData) SetMetadataOptions(v *LaunchTemplateInstanceMetadataOptions) *ResponseLaunchTemplateData { + s.MetadataOptions = v + return s +} + // SetMonitoring sets the Monitoring field's value. func (s *ResponseLaunchTemplateData) SetMonitoring(v *LaunchTemplatesMonitoring) *ResponseLaunchTemplateData { s.Monitoring = v @@ -85722,6 +97207,9 @@ type Route struct { // The AWS account ID of the owner of the instance. InstanceOwnerId *string `locationName:"instanceOwnerId" type:"string"` + // The ID of the local gateway. + LocalGatewayId *string `locationName:"localGatewayId" type:"string"` + // The ID of a NAT gateway. NatGatewayId *string `locationName:"natGatewayId" type:"string"` @@ -85802,6 +97290,12 @@ func (s *Route) SetInstanceOwnerId(v string) *Route { return s } +// SetLocalGatewayId sets the LocalGatewayId field's value. +func (s *Route) SetLocalGatewayId(v string) *Route { + s.LocalGatewayId = &v + return s +} + // SetNatGatewayId sets the NatGatewayId field's value. func (s *Route) SetNatGatewayId(v string) *Route { s.NatGatewayId = &v @@ -85842,7 +97336,7 @@ func (s *Route) SetVpcPeeringConnectionId(v string) *Route { type RouteTable struct { _ struct{} `type:"structure"` - // The associations between the route table and one or more subnets. + // The associations between the route table and one or more subnets or a gateway. Associations []*RouteTableAssociation `locationName:"associationSet" locationNameList:"item" type:"list"` // The ID of the AWS account that owns the route table. @@ -85916,14 +97410,20 @@ func (s *RouteTable) SetVpcId(v string) *RouteTable { return s } -// Describes an association between a route table and a subnet. +// Describes an association between a route table and a subnet or gateway. type RouteTableAssociation struct { _ struct{} `type:"structure"` + // The state of the association. + AssociationState *RouteTableAssociationState `locationName:"associationState" type:"structure"` + + // The ID of the internet gateway or virtual private gateway. + GatewayId *string `locationName:"gatewayId" type:"string"` + // Indicates whether this is the main route table. Main *bool `locationName:"main" type:"boolean"` - // The ID of the association between a route table and a subnet. + // The ID of the association. RouteTableAssociationId *string `locationName:"routeTableAssociationId" type:"string"` // The ID of the route table. @@ -85943,6 +97443,18 @@ func (s RouteTableAssociation) GoString() string { return s.String() } +// SetAssociationState sets the AssociationState field's value. +func (s *RouteTableAssociation) SetAssociationState(v *RouteTableAssociationState) *RouteTableAssociation { + s.AssociationState = v + return s +} + +// SetGatewayId sets the GatewayId field's value. +func (s *RouteTableAssociation) SetGatewayId(v string) *RouteTableAssociation { + s.GatewayId = &v + return s +} + // SetMain sets the Main field's value. func (s *RouteTableAssociation) SetMain(v bool) *RouteTableAssociation { s.Main = &v @@ -85967,6 +97479,40 @@ func (s *RouteTableAssociation) SetSubnetId(v string) *RouteTableAssociation { return s } +// Describes the state of an association between a route table and a subnet +// or gateway. +type RouteTableAssociationState struct { + _ struct{} `type:"structure"` + + // The state of the association. + State *string `locationName:"state" type:"string" enum:"RouteTableAssociationStateCode"` + + // The status message, if applicable. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation +func (s RouteTableAssociationState) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RouteTableAssociationState) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *RouteTableAssociationState) SetState(v string) *RouteTableAssociationState { + s.State = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *RouteTableAssociationState) SetStatusMessage(v string) *RouteTableAssociationState { + s.StatusMessage = &v + return s +} + type RunInstancesInput struct { _ struct{} `type:"structure"` @@ -85983,7 +97529,10 @@ type RunInstancesInput struct { CapacityReservationSpecification *CapacityReservationSpecification `type:"structure"` // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // the request. If you do not specify a client token, a randomly generated token + // is used for the request to ensure idempotency. + // + // For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraints: Maximum 64 ASCII characters ClientToken *string `locationName:"clientToken" type:"string"` @@ -85993,13 +97542,13 @@ type RunInstancesInput struct { // in the Amazon Elastic Compute Cloud User Guide. CpuOptions *CpuOptionsRequest `type:"structure"` - // The credit option for CPU usage of the T2 or T3 instance. Valid values are - // standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification - // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). + // The credit option for CPU usage of the burstable performance instance. Valid + // values are standard and unlimited. To change this attribute after launch, + // use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). // For more information, see Burstable Performance Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon Elastic Compute Cloud User Guide. // - // Default: standard (T2 instances) or unlimited (T3 instances) + // Default: standard (T2 instances) or unlimited (T3/T3a instances) CreditSpecification *CreditSpecificationRequest `type:"structure"` // If you set this parameter to true, you can't terminate the instance using @@ -87708,6 +99257,255 @@ func (s *ScheduledInstancesPrivateIpAddressConfig) SetPrivateIpAddress(v string) return s } +type SearchLocalGatewayRoutesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // Filters is a required field + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list" required:"true"` + + // The ID of the local gateway route table. + // + // LocalGatewayRouteTableId is a required field + LocalGatewayRouteTableId *string `type:"string" required:"true"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s SearchLocalGatewayRoutesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SearchLocalGatewayRoutesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SearchLocalGatewayRoutesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SearchLocalGatewayRoutesInput"} + if s.Filters == nil { + invalidParams.Add(request.NewErrParamRequired("Filters")) + } + if s.LocalGatewayRouteTableId == nil { + invalidParams.Add(request.NewErrParamRequired("LocalGatewayRouteTableId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *SearchLocalGatewayRoutesInput) SetDryRun(v bool) *SearchLocalGatewayRoutesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *SearchLocalGatewayRoutesInput) SetFilters(v []*Filter) *SearchLocalGatewayRoutesInput { + s.Filters = v + return s +} + +// SetLocalGatewayRouteTableId sets the LocalGatewayRouteTableId field's value. +func (s *SearchLocalGatewayRoutesInput) SetLocalGatewayRouteTableId(v string) *SearchLocalGatewayRoutesInput { + s.LocalGatewayRouteTableId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *SearchLocalGatewayRoutesInput) SetMaxResults(v int64) *SearchLocalGatewayRoutesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *SearchLocalGatewayRoutesInput) SetNextToken(v string) *SearchLocalGatewayRoutesInput { + s.NextToken = &v + return s +} + +type SearchLocalGatewayRoutesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the routes. + Routes []*LocalGatewayRoute `locationName:"routeSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s SearchLocalGatewayRoutesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SearchLocalGatewayRoutesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *SearchLocalGatewayRoutesOutput) SetNextToken(v string) *SearchLocalGatewayRoutesOutput { + s.NextToken = &v + return s +} + +// SetRoutes sets the Routes field's value. +func (s *SearchLocalGatewayRoutesOutput) SetRoutes(v []*LocalGatewayRoute) *SearchLocalGatewayRoutesOutput { + s.Routes = v + return s +} + +type SearchTransitGatewayMulticastGroupsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * group-ip-address - The IP address of the transit gateway multicast group. + // + // * is-group-member - The resource is a group member. Valid values are true + // | false. + // + // * is-group-source - The resource is a group source. Valid values are true + // | false. + // + // * member-type - The member type. Valid values are igmp | static. + // + // * resource-id - The ID of the resource. + // + // * resource-type - The type of resource. Valid values are vpc | vpn | direct-connect-gateway + // | tgw-peering. + // + // * source-type - The source type. Valid values are igmp | static. + // + // * state - The state of the subnet association. Valid values are associated + // | associated | disassociated | disassociating. + // + // * subnet-id - The ID of the subnet. + // + // * transit-gateway-attachment-id - The id of the transit gateway attachment. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s SearchTransitGatewayMulticastGroupsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SearchTransitGatewayMulticastGroupsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SearchTransitGatewayMulticastGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SearchTransitGatewayMulticastGroupsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *SearchTransitGatewayMulticastGroupsInput) SetDryRun(v bool) *SearchTransitGatewayMulticastGroupsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *SearchTransitGatewayMulticastGroupsInput) SetFilters(v []*Filter) *SearchTransitGatewayMulticastGroupsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *SearchTransitGatewayMulticastGroupsInput) SetMaxResults(v int64) *SearchTransitGatewayMulticastGroupsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *SearchTransitGatewayMulticastGroupsInput) SetNextToken(v string) *SearchTransitGatewayMulticastGroupsInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *SearchTransitGatewayMulticastGroupsInput) SetTransitGatewayMulticastDomainId(v string) *SearchTransitGatewayMulticastGroupsInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type SearchTransitGatewayMulticastGroupsOutput struct { + _ struct{} `type:"structure"` + + // Information about the transit gateway multicast group. + MulticastGroups []*TransitGatewayMulticastGroup `locationName:"multicastGroups" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s SearchTransitGatewayMulticastGroupsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SearchTransitGatewayMulticastGroupsOutput) GoString() string { + return s.String() +} + +// SetMulticastGroups sets the MulticastGroups field's value. +func (s *SearchTransitGatewayMulticastGroupsOutput) SetMulticastGroups(v []*TransitGatewayMulticastGroup) *SearchTransitGatewayMulticastGroupsOutput { + s.MulticastGroups = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *SearchTransitGatewayMulticastGroupsOutput) SetNextToken(v string) *SearchTransitGatewayMulticastGroupsOutput { + s.NextToken = &v + return s +} + type SearchTransitGatewayRoutesInput struct { _ struct{} `type:"structure"` @@ -88074,13 +99872,13 @@ type ServiceConfiguration struct { // to the service must first be accepted. AcceptanceRequired *bool `locationName:"acceptanceRequired" type:"boolean"` - // In the Availability Zones in which the service is available. + // The Availability Zones in which the service is available. AvailabilityZones []*string `locationName:"availabilityZoneSet" locationNameList:"item" type:"list"` // The DNS names for the service. BaseEndpointDnsNames []*string `locationName:"baseEndpointDnsNameSet" locationNameList:"item" type:"list"` - // Indicates whether the service manages it's VPC endpoints. Management of the + // Indicates whether the service manages its VPC endpoints. Management of the // service VPC endpoints using the VPC endpoint API is restricted. ManagesVpcEndpoints *bool `locationName:"managesVpcEndpoints" type:"boolean"` @@ -88090,6 +99888,9 @@ type ServiceConfiguration struct { // The private DNS name for the service. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` + // Information about the endpoint service private DNS name configuration. + PrivateDnsNameConfiguration *PrivateDnsNameConfiguration `locationName:"privateDnsNameConfiguration" type:"structure"` + // The ID of the service. ServiceId *string `locationName:"serviceId" type:"string"` @@ -88152,6 +99953,12 @@ func (s *ServiceConfiguration) SetPrivateDnsName(v string) *ServiceConfiguration return s } +// SetPrivateDnsNameConfiguration sets the PrivateDnsNameConfiguration field's value. +func (s *ServiceConfiguration) SetPrivateDnsNameConfiguration(v *PrivateDnsNameConfiguration) *ServiceConfiguration { + s.PrivateDnsNameConfiguration = v + return s +} + // SetServiceId sets the ServiceId field's value. func (s *ServiceConfiguration) SetServiceId(v string) *ServiceConfiguration { s.ServiceId = &v @@ -88196,7 +100003,7 @@ type ServiceDetail struct { // The DNS names for the service. BaseEndpointDnsNames []*string `locationName:"baseEndpointDnsNameSet" locationNameList:"item" type:"list"` - // Indicates whether the service manages it's VPC endpoints. Management of the + // Indicates whether the service manages its VPC endpoints. Management of the // service VPC endpoints using the VPC endpoint API is restricted. ManagesVpcEndpoints *bool `locationName:"managesVpcEndpoints" type:"boolean"` @@ -88206,6 +100013,12 @@ type ServiceDetail struct { // The private DNS name for the service. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` + // The verification state of the VPC endpoint service. + // + // Consumers of the endpoint service cannot use the private name when the state + // is not verified. + PrivateDnsNameVerificationState *string `locationName:"privateDnsNameVerificationState" type:"string" enum:"DnsNameState"` + // The ID of the endpoint service. ServiceId *string `locationName:"serviceId" type:"string"` @@ -88268,6 +100081,12 @@ func (s *ServiceDetail) SetPrivateDnsName(v string) *ServiceDetail { return s } +// SetPrivateDnsNameVerificationState sets the PrivateDnsNameVerificationState field's value. +func (s *ServiceDetail) SetPrivateDnsNameVerificationState(v string) *ServiceDetail { + s.PrivateDnsNameVerificationState = &v + return s +} + // SetServiceId sets the ServiceId field's value. func (s *ServiceDetail) SetServiceId(v string) *ServiceDetail { s.ServiceId = &v @@ -89263,6 +101082,9 @@ type SpotFleetRequestConfig struct { // The state of the Spot Fleet request. SpotFleetRequestState *string `locationName:"spotFleetRequestState" type:"string" enum:"BatchState"` + + // The tags for a Spot Fleet resource. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -89305,6 +101127,12 @@ func (s *SpotFleetRequestConfig) SetSpotFleetRequestState(v string) *SpotFleetRe return s } +// SetTags sets the Tags field's value. +func (s *SpotFleetRequestConfig) SetTags(v []*Tag) *SpotFleetRequestConfig { + s.Tags = v + return s +} + // Describes the configuration of a Spot Fleet request. type SpotFleetRequestConfigData struct { _ struct{} `type:"structure"` @@ -89424,6 +101252,16 @@ type SpotFleetRequestConfigData struct { // The default is the On-Demand price. SpotPrice *string `locationName:"spotPrice" type:"string"` + // The key-value pair for tagging the Spot Fleet request on creation. The value + // for ResourceType must be spot-fleet-request, otherwise the Spot Fleet request + // fails. To tag instances at launch, specify the tags in the launch template + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template) + // (valid only if you use LaunchTemplateConfigs) or in the SpotFleetTagSpecification + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotFleetTagSpecification.html) + // (valid only if you use LaunchSpecifications). For information about tagging + // after launch, see Tagging Your Resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The number of units to request for the Spot Fleet. You can choose to set // the target capacity in terms of instances or a performance characteristic // that is important to your application workload, such as vCPUs, memory, or @@ -89601,6 +101439,12 @@ func (s *SpotFleetRequestConfigData) SetSpotPrice(v string) *SpotFleetRequestCon return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *SpotFleetRequestConfigData) SetTagSpecifications(v []*TagSpecification) *SpotFleetRequestConfigData { + s.TagSpecifications = v + return s +} + // SetTargetCapacity sets the TargetCapacity field's value. func (s *SpotFleetRequestConfigData) SetTargetCapacity(v int64) *SpotFleetRequestConfigData { s.TargetCapacity = &v @@ -89636,7 +101480,8 @@ type SpotFleetTagSpecification struct { _ struct{} `type:"structure"` // The type of resource. Currently, the only resource type that is supported - // is instance. + // is instance. To tag the Spot Fleet request on creation, use the TagSpecifications + // parameter in SpotFleetRequestConfigData (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotFleetRequestConfigData.html). ResourceType *string `locationName:"resourceType" type:"string" enum:"ResourceType"` // The tags. @@ -90022,7 +101867,7 @@ type SpotOptions struct { // strategy. // // If the allocation strategy is diversified, EC2 Fleet launches instances from - // all the Spot Instance pools that you specify. + // all of the Spot Instance pools that you specify. // // If the allocation strategy is capacity-optimized, EC2 Fleet launches instances // from Spot Instance pools with optimal capacity for the number of instances @@ -90046,11 +101891,11 @@ type SpotOptions struct { MinTargetCapacity *int64 `locationName:"minTargetCapacity" type:"integer"` // Indicates that the fleet launches all Spot Instances into a single Availability - // Zone. + // Zone. Supported only for fleets of type instant. SingleAvailabilityZone *bool `locationName:"singleAvailabilityZone" type:"boolean"` // Indicates that the fleet uses a single instance type to launch all Spot Instances - // in the fleet. + // in the fleet. Supported only for fleets of type instant. SingleInstanceType *bool `locationName:"singleInstanceType" type:"boolean"` } @@ -90118,7 +101963,7 @@ type SpotOptionsRequest struct { // strategy. // // If the allocation strategy is diversified, EC2 Fleet launches instances from - // all the Spot Instance pools that you specify. + // all of the Spot Instance pools that you specify. // // If the allocation strategy is capacity-optimized, EC2 Fleet launches instances // from Spot Instance pools with optimal capacity for the number of instances @@ -90142,11 +101987,11 @@ type SpotOptionsRequest struct { MinTargetCapacity *int64 `type:"integer"` // Indicates that the fleet launches all Spot Instances into a single Availability - // Zone. + // Zone. Supported only for fleets of type instant. SingleAvailabilityZone *bool `type:"boolean"` // Indicates that the fleet uses a single instance type to launch all Spot Instances - // in the fleet. + // in the fleet. Supported only for fleets of type instant. SingleInstanceType *bool `type:"boolean"` } @@ -90535,6 +102380,79 @@ func (s *StartInstancesOutput) SetStartingInstances(v []*InstanceStateChange) *S return s } +type StartVpcEndpointServicePrivateDnsVerificationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the endpoint service. + // + // ServiceId is a required field + ServiceId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s StartVpcEndpointServicePrivateDnsVerificationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StartVpcEndpointServicePrivateDnsVerificationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartVpcEndpointServicePrivateDnsVerificationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartVpcEndpointServicePrivateDnsVerificationInput"} + if s.ServiceId == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *StartVpcEndpointServicePrivateDnsVerificationInput) SetDryRun(v bool) *StartVpcEndpointServicePrivateDnsVerificationInput { + s.DryRun = &v + return s +} + +// SetServiceId sets the ServiceId field's value. +func (s *StartVpcEndpointServicePrivateDnsVerificationInput) SetServiceId(v string) *StartVpcEndpointServicePrivateDnsVerificationInput { + s.ServiceId = &v + return s +} + +type StartVpcEndpointServicePrivateDnsVerificationOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + ReturnValue *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s StartVpcEndpointServicePrivateDnsVerificationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StartVpcEndpointServicePrivateDnsVerificationOutput) GoString() string { + return s.String() +} + +// SetReturnValue sets the ReturnValue field's value. +func (s *StartVpcEndpointServicePrivateDnsVerificationOutput) SetReturnValue(v bool) *StartVpcEndpointServicePrivateDnsVerificationOutput { + s.ReturnValue = &v + return s +} + // Describes a state change. type StateReason struct { _ struct{} `type:"structure"` @@ -90795,6 +102713,9 @@ type Subnet struct { // address. MapPublicIpOnLaunch *bool `locationName:"mapPublicIpOnLaunch" type:"boolean"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // The ID of the AWS account that owns the subnet. OwnerId *string `locationName:"ownerId" type:"string"` @@ -90872,6 +102793,12 @@ func (s *Subnet) SetMapPublicIpOnLaunch(v bool) *Subnet { return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *Subnet) SetOutpostArn(v string) *Subnet { + s.OutpostArn = &v + return s +} + // SetOwnerId sets the OwnerId field's value. func (s *Subnet) SetOwnerId(v string) *Subnet { s.OwnerId = &v @@ -90908,6 +102835,39 @@ func (s *Subnet) SetVpcId(v string) *Subnet { return s } +// Describes the subnet association with the transit gateway multicast domain. +type SubnetAssociation struct { + _ struct{} `type:"structure"` + + // The state of the subnet association. + State *string `locationName:"state" type:"string" enum:"TransitGatewayMulitcastDomainAssociationState"` + + // The ID of the subnet. + SubnetId *string `locationName:"subnetId" type:"string"` +} + +// String returns the string representation +func (s SubnetAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SubnetAssociation) GoString() string { + return s.String() +} + +// SetState sets the State field's value. +func (s *SubnetAssociation) SetState(v string) *SubnetAssociation { + s.State = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *SubnetAssociation) SetSubnetId(v string) *SubnetAssociation { + s.SubnetId = &v + return s +} + // Describes the state of a CIDR block. type SubnetCidrBlockState struct { _ struct{} `type:"structure"` @@ -90983,8 +102943,8 @@ func (s *SubnetIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *SubnetCidrBloc return s } -// Describes the T2 or T3 instance whose credit option for CPU usage was successfully -// modified. +// Describes the burstable performance instance whose credit option for CPU +// usage was successfully modified. type SuccessfulInstanceCreditSpecificationItem struct { _ struct{} `type:"structure"` @@ -91128,9 +103088,11 @@ type TagSpecification struct { // The type of resource to tag. Currently, the resource types that support tagging // on creation are: capacity-reservation | client-vpn-endpoint | dedicated-host - // | fleet | fpga-image | instance | launch-template | snapshot | traffic-mirror-filter - // | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment - // | transit-gateway-route-table | volume. + // | fleet | fpga-image | instance | key-pair | launch-template | spot-fleet-request + // | placement-group | snapshot | traffic-mirror-filter | traffic-mirror-session + // | traffic-mirror-target | transit-gateway | transit-gateway-attachment | + // transit-gateway-route-table | vpc-endpoint (for interface VPC endpoints)| + // vpc-endpoint-service (for gateway VPC endpoints) | volume | vpc-flow-log. // // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `locationName:"resourceType" type:"string" enum:"ResourceType"` @@ -91168,13 +103130,13 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification { // later. // // You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance -// MaxTotalPrice, or both to ensure your fleet cost does not exceed your budget. -// If you set a maximum price per hour for the On-Demand Instances and Spot -// Instances in your request, EC2 Fleet will launch instances until it reaches -// the maximum amount you're willing to pay. When the maximum amount you're -// willing to pay is reached, the fleet stops launching instances even if it -// hasn’t met the target capacity. The MaxTotalPrice parameters are located -// in and +// MaxTotalPrice, or both to ensure that your fleet cost does not exceed your +// budget. If you set a maximum price per hour for the On-Demand Instances and +// Spot Instances in your request, EC2 Fleet will launch instances until it +// reaches the maximum amount that you're willing to pay. When the maximum amount +// you're willing to pay is reached, the fleet stops launching instances even +// if it hasn’t met the target capacity. The MaxTotalPrice parameters are +// located in and type TargetCapacitySpecification struct { _ struct{} `type:"structure"` @@ -91237,9 +103199,9 @@ func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCap // MaxTotalPrice parameter, or both parameters to ensure that your fleet cost // does not exceed your budget. If you set a maximum price per hour for the // On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch -// instances until it reaches the maximum amount you're willing to pay. When -// the maximum amount you're willing to pay is reached, the fleet stops launching -// instances even if it hasn’t met the target capacity. The MaxTotalPrice +// instances until it reaches the maximum amount that you're willing to pay. +// When the maximum amount you're willing to pay is reached, the fleet stops +// launching instances even if it hasn’t met the target capacity. The MaxTotalPrice // parameters are located in and . type TargetCapacitySpecificationRequest struct { _ struct{} `type:"structure"` @@ -92550,6 +104512,451 @@ func (s *TransitGatewayAttachmentPropagation) SetTransitGatewayRouteTableId(v st return s } +// Describes the deregistered transit gateway multicast group members. +type TransitGatewayMulticastDeregisteredGroupMembers struct { + _ struct{} `type:"structure"` + + // The network interface IDs of the deregistered members. + DeregisteredNetworkInterfaceIds []*string `locationName:"deregisteredNetworkInterfaceIds" locationNameList:"item" type:"list"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `locationName:"groupIpAddress" type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDeregisteredGroupMembers) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDeregisteredGroupMembers) GoString() string { + return s.String() +} + +// SetDeregisteredNetworkInterfaceIds sets the DeregisteredNetworkInterfaceIds field's value. +func (s *TransitGatewayMulticastDeregisteredGroupMembers) SetDeregisteredNetworkInterfaceIds(v []*string) *TransitGatewayMulticastDeregisteredGroupMembers { + s.DeregisteredNetworkInterfaceIds = v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *TransitGatewayMulticastDeregisteredGroupMembers) SetGroupIpAddress(v string) *TransitGatewayMulticastDeregisteredGroupMembers { + s.GroupIpAddress = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastDeregisteredGroupMembers) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastDeregisteredGroupMembers { + s.TransitGatewayMulticastDomainId = &v + return s +} + +// Describes the deregistered transit gateway multicast group sources. +type TransitGatewayMulticastDeregisteredGroupSources struct { + _ struct{} `type:"structure"` + + // The network interface IDs of the non-registered members. + DeregisteredNetworkInterfaceIds []*string `locationName:"deregisteredNetworkInterfaceIds" locationNameList:"item" type:"list"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `locationName:"groupIpAddress" type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDeregisteredGroupSources) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDeregisteredGroupSources) GoString() string { + return s.String() +} + +// SetDeregisteredNetworkInterfaceIds sets the DeregisteredNetworkInterfaceIds field's value. +func (s *TransitGatewayMulticastDeregisteredGroupSources) SetDeregisteredNetworkInterfaceIds(v []*string) *TransitGatewayMulticastDeregisteredGroupSources { + s.DeregisteredNetworkInterfaceIds = v + return s +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *TransitGatewayMulticastDeregisteredGroupSources) SetGroupIpAddress(v string) *TransitGatewayMulticastDeregisteredGroupSources { + s.GroupIpAddress = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastDeregisteredGroupSources) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastDeregisteredGroupSources { + s.TransitGatewayMulticastDomainId = &v + return s +} + +// Describes the transit gateway multicast domain. +type TransitGatewayMulticastDomain struct { + _ struct{} `type:"structure"` + + // The time the transit gateway multicast domain was created. + CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + + // The state of the transit gateway multicast domain. + State *string `locationName:"state" type:"string" enum:"TransitGatewayMulticastDomainState"` + + // The tags for the transit gateway multicast domain. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the transit gateway. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDomain) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDomain) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *TransitGatewayMulticastDomain) SetCreationTime(v time.Time) *TransitGatewayMulticastDomain { + s.CreationTime = &v + return s +} + +// SetState sets the State field's value. +func (s *TransitGatewayMulticastDomain) SetState(v string) *TransitGatewayMulticastDomain { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TransitGatewayMulticastDomain) SetTags(v []*Tag) *TransitGatewayMulticastDomain { + s.Tags = v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *TransitGatewayMulticastDomain) SetTransitGatewayId(v string) *TransitGatewayMulticastDomain { + s.TransitGatewayId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastDomain) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastDomain { + s.TransitGatewayMulticastDomainId = &v + return s +} + +// Describes the resources associated with the transit gateway multicast domain. +type TransitGatewayMulticastDomainAssociation struct { + _ struct{} `type:"structure"` + + // The ID of the resource. + ResourceId *string `locationName:"resourceId" type:"string"` + + // The type of resource, for example a VPC attachment. + ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` + + // The subnet associated with the transit gateway multicast domain. + Subnet *SubnetAssociation `locationName:"subnet" type:"structure"` + + // The ID of the transit gateway attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDomainAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDomainAssociation) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *TransitGatewayMulticastDomainAssociation) SetResourceId(v string) *TransitGatewayMulticastDomainAssociation { + s.ResourceId = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *TransitGatewayMulticastDomainAssociation) SetResourceType(v string) *TransitGatewayMulticastDomainAssociation { + s.ResourceType = &v + return s +} + +// SetSubnet sets the Subnet field's value. +func (s *TransitGatewayMulticastDomainAssociation) SetSubnet(v *SubnetAssociation) *TransitGatewayMulticastDomainAssociation { + s.Subnet = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayMulticastDomainAssociation) SetTransitGatewayAttachmentId(v string) *TransitGatewayMulticastDomainAssociation { + s.TransitGatewayAttachmentId = &v + return s +} + +// Describes the multicast domain associations. +type TransitGatewayMulticastDomainAssociations struct { + _ struct{} `type:"structure"` + + // The ID of the resource. + ResourceId *string `locationName:"resourceId" type:"string"` + + // The type of resource, for example a VPC attachment. + ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` + + // The subnets associated with the multicast domain. + Subnets []*SubnetAssociation `locationName:"subnets" locationNameList:"item" type:"list"` + + // The ID of the transit gateway attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDomainAssociations) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDomainAssociations) GoString() string { + return s.String() +} + +// SetResourceId sets the ResourceId field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetResourceId(v string) *TransitGatewayMulticastDomainAssociations { + s.ResourceId = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetResourceType(v string) *TransitGatewayMulticastDomainAssociations { + s.ResourceType = &v + return s +} + +// SetSubnets sets the Subnets field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetSubnets(v []*SubnetAssociation) *TransitGatewayMulticastDomainAssociations { + s.Subnets = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetTransitGatewayAttachmentId(v string) *TransitGatewayMulticastDomainAssociations { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastDomainAssociations { + s.TransitGatewayMulticastDomainId = &v + return s +} + +// Describes the transit gateway multicast group resources. +type TransitGatewayMulticastGroup struct { + _ struct{} `type:"structure"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `locationName:"groupIpAddress" type:"string"` + + // Indicates that the resource is a transit gateway multicast group member. + GroupMember *bool `locationName:"groupMember" type:"boolean"` + + // Indicates that the resource is a transit gateway multicast group member. + GroupSource *bool `locationName:"groupSource" type:"boolean"` + + // The member type (for example, static). + MemberType *string `locationName:"memberType" type:"string" enum:"MembershipType"` + + // The ID of the transit gateway attachment. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The ID of the resource. + ResourceId *string `locationName:"resourceId" type:"string"` + + // The type of resource, for example a VPC attachment. + ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` + + // The source type. + SourceType *string `locationName:"sourceType" type:"string" enum:"MembershipType"` + + // The ID of the subnet. + SubnetId *string `locationName:"subnetId" type:"string"` + + // The ID of the transit gateway attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastGroup) GoString() string { + return s.String() +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *TransitGatewayMulticastGroup) SetGroupIpAddress(v string) *TransitGatewayMulticastGroup { + s.GroupIpAddress = &v + return s +} + +// SetGroupMember sets the GroupMember field's value. +func (s *TransitGatewayMulticastGroup) SetGroupMember(v bool) *TransitGatewayMulticastGroup { + s.GroupMember = &v + return s +} + +// SetGroupSource sets the GroupSource field's value. +func (s *TransitGatewayMulticastGroup) SetGroupSource(v bool) *TransitGatewayMulticastGroup { + s.GroupSource = &v + return s +} + +// SetMemberType sets the MemberType field's value. +func (s *TransitGatewayMulticastGroup) SetMemberType(v string) *TransitGatewayMulticastGroup { + s.MemberType = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *TransitGatewayMulticastGroup) SetNetworkInterfaceId(v string) *TransitGatewayMulticastGroup { + s.NetworkInterfaceId = &v + return s +} + +// SetResourceId sets the ResourceId field's value. +func (s *TransitGatewayMulticastGroup) SetResourceId(v string) *TransitGatewayMulticastGroup { + s.ResourceId = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *TransitGatewayMulticastGroup) SetResourceType(v string) *TransitGatewayMulticastGroup { + s.ResourceType = &v + return s +} + +// SetSourceType sets the SourceType field's value. +func (s *TransitGatewayMulticastGroup) SetSourceType(v string) *TransitGatewayMulticastGroup { + s.SourceType = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *TransitGatewayMulticastGroup) SetSubnetId(v string) *TransitGatewayMulticastGroup { + s.SubnetId = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayMulticastGroup) SetTransitGatewayAttachmentId(v string) *TransitGatewayMulticastGroup { + s.TransitGatewayAttachmentId = &v + return s +} + +// Describes the registered transit gateway multicast group members. +type TransitGatewayMulticastRegisteredGroupMembers struct { + _ struct{} `type:"structure"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `locationName:"groupIpAddress" type:"string"` + + // The ID of the registered network interfaces. + RegisteredNetworkInterfaceIds []*string `locationName:"registeredNetworkInterfaceIds" locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastRegisteredGroupMembers) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastRegisteredGroupMembers) GoString() string { + return s.String() +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *TransitGatewayMulticastRegisteredGroupMembers) SetGroupIpAddress(v string) *TransitGatewayMulticastRegisteredGroupMembers { + s.GroupIpAddress = &v + return s +} + +// SetRegisteredNetworkInterfaceIds sets the RegisteredNetworkInterfaceIds field's value. +func (s *TransitGatewayMulticastRegisteredGroupMembers) SetRegisteredNetworkInterfaceIds(v []*string) *TransitGatewayMulticastRegisteredGroupMembers { + s.RegisteredNetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastRegisteredGroupMembers) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastRegisteredGroupMembers { + s.TransitGatewayMulticastDomainId = &v + return s +} + +// Describes the members registered with the transit gateway multicast group. +type TransitGatewayMulticastRegisteredGroupSources struct { + _ struct{} `type:"structure"` + + // The IP address assigned to the transit gateway multicast group. + GroupIpAddress *string `locationName:"groupIpAddress" type:"string"` + + // The IDs of the network interfaces members registered with the transit gateway + // multicast group. + RegisteredNetworkInterfaceIds []*string `locationName:"registeredNetworkInterfaceIds" locationNameList:"item" type:"list"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayMulticastRegisteredGroupSources) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastRegisteredGroupSources) GoString() string { + return s.String() +} + +// SetGroupIpAddress sets the GroupIpAddress field's value. +func (s *TransitGatewayMulticastRegisteredGroupSources) SetGroupIpAddress(v string) *TransitGatewayMulticastRegisteredGroupSources { + s.GroupIpAddress = &v + return s +} + +// SetRegisteredNetworkInterfaceIds sets the RegisteredNetworkInterfaceIds field's value. +func (s *TransitGatewayMulticastRegisteredGroupSources) SetRegisteredNetworkInterfaceIds(v []*string) *TransitGatewayMulticastRegisteredGroupSources { + s.RegisteredNetworkInterfaceIds = v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *TransitGatewayMulticastRegisteredGroupSources) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastRegisteredGroupSources { + s.TransitGatewayMulticastDomainId = &v + return s +} + // Describes the options for a transit gateway. type TransitGatewayOptions struct { _ struct{} `type:"structure"` @@ -92576,6 +104983,9 @@ type TransitGatewayOptions struct { // Indicates whether DNS support is enabled. DnsSupport *string `locationName:"dnsSupport" type:"string" enum:"DnsSupportValue"` + // Indicates whether multicast is enabled on the transit gateway + MulticastSupport *string `locationName:"multicastSupport" type:"string" enum:"MulticastSupportValue"` + // The ID of the default propagation route table. PropagationDefaultRouteTableId *string `locationName:"propagationDefaultRouteTableId" type:"string"` @@ -92629,6 +105039,12 @@ func (s *TransitGatewayOptions) SetDnsSupport(v string) *TransitGatewayOptions { return s } +// SetMulticastSupport sets the MulticastSupport field's value. +func (s *TransitGatewayOptions) SetMulticastSupport(v string) *TransitGatewayOptions { + s.MulticastSupport = &v + return s +} + // SetPropagationDefaultRouteTableId sets the PropagationDefaultRouteTableId field's value. func (s *TransitGatewayOptions) SetPropagationDefaultRouteTableId(v string) *TransitGatewayOptions { s.PropagationDefaultRouteTableId = &v @@ -92641,6 +105057,84 @@ func (s *TransitGatewayOptions) SetVpnEcmpSupport(v string) *TransitGatewayOptio return s } +// Describes the transit gateway peering attachment. +type TransitGatewayPeeringAttachment struct { + _ struct{} `type:"structure"` + + // Information about the accepter transit gateway. + AccepterTgwInfo *PeeringTgwInfo `locationName:"accepterTgwInfo" type:"structure"` + + // The time the transit gateway peering attachment was created. + CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + + // Information about the requester transit gateway. + RequesterTgwInfo *PeeringTgwInfo `locationName:"requesterTgwInfo" type:"structure"` + + // The state of the transit gateway peering attachment. + State *string `locationName:"state" type:"string" enum:"TransitGatewayAttachmentState"` + + // The status of the transit gateway peering attachment. + Status *PeeringAttachmentStatus `locationName:"status" type:"structure"` + + // The tags for the transit gateway peering attachment. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the transit gateway peering attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayPeeringAttachment) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayPeeringAttachment) GoString() string { + return s.String() +} + +// SetAccepterTgwInfo sets the AccepterTgwInfo field's value. +func (s *TransitGatewayPeeringAttachment) SetAccepterTgwInfo(v *PeeringTgwInfo) *TransitGatewayPeeringAttachment { + s.AccepterTgwInfo = v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *TransitGatewayPeeringAttachment) SetCreationTime(v time.Time) *TransitGatewayPeeringAttachment { + s.CreationTime = &v + return s +} + +// SetRequesterTgwInfo sets the RequesterTgwInfo field's value. +func (s *TransitGatewayPeeringAttachment) SetRequesterTgwInfo(v *PeeringTgwInfo) *TransitGatewayPeeringAttachment { + s.RequesterTgwInfo = v + return s +} + +// SetState sets the State field's value. +func (s *TransitGatewayPeeringAttachment) SetState(v string) *TransitGatewayPeeringAttachment { + s.State = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *TransitGatewayPeeringAttachment) SetStatus(v *PeeringAttachmentStatus) *TransitGatewayPeeringAttachment { + s.Status = v + return s +} + +// SetTags sets the Tags field's value. +func (s *TransitGatewayPeeringAttachment) SetTags(v []*Tag) *TransitGatewayPeeringAttachment { + s.Tags = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayPeeringAttachment) SetTransitGatewayAttachmentId(v string) *TransitGatewayPeeringAttachment { + s.TransitGatewayAttachmentId = &v + return s +} + // Describes route propagation. type TransitGatewayPropagation struct { _ struct{} `type:"structure"` @@ -92725,6 +105219,9 @@ type TransitGatewayRequestOptions struct { // Enable or disable DNS support. DnsSupport *string `type:"string" enum:"DnsSupportValue"` + // Indicates whether multicast is enabled on the transit gateway + MulticastSupport *string `type:"string" enum:"MulticastSupportValue"` + // Enable or disable Equal Cost Multipath Protocol support. VpnEcmpSupport *string `type:"string" enum:"VpnEcmpSupportValue"` } @@ -92769,6 +105266,12 @@ func (s *TransitGatewayRequestOptions) SetDnsSupport(v string) *TransitGatewayRe return s } +// SetMulticastSupport sets the MulticastSupport field's value. +func (s *TransitGatewayRequestOptions) SetMulticastSupport(v string) *TransitGatewayRequestOptions { + s.MulticastSupport = &v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *TransitGatewayRequestOptions) SetVpnEcmpSupport(v string) *TransitGatewayRequestOptions { s.VpnEcmpSupport = &v @@ -93153,7 +105656,7 @@ type TransitGatewayVpcAttachmentOptions struct { // Indicates whether DNS support is enabled. DnsSupport *string `locationName:"dnsSupport" type:"string" enum:"DnsSupportValue"` - // Indicates whether IPv6 support is enabled. + // Indicates whether IPv6 support is disabled. Ipv6Support *string `locationName:"ipv6Support" type:"string" enum:"Ipv6SupportValue"` } @@ -93568,13 +106071,13 @@ func (s *UnmonitorInstancesOutput) SetInstanceMonitorings(v []*InstanceMonitorin return s } -// Describes the T2 or T3 instance whose credit option for CPU usage was not -// modified. +// Describes the burstable performance instance whose credit option for CPU +// usage was not modified. type UnsuccessfulInstanceCreditSpecificationItem struct { _ struct{} `type:"structure"` - // The applicable error for the T2 or T3 instance whose credit option for CPU - // usage was not modified. + // The applicable error for the burstable performance instance whose credit + // option for CPU usage was not modified. Error *UnsuccessfulInstanceCreditSpecificationItemError `locationName:"error" type:"structure"` // The ID of the instance. @@ -93603,8 +106106,8 @@ func (s *UnsuccessfulInstanceCreditSpecificationItem) SetInstanceId(v string) *U return s } -// Information about the error for the T2 or T3 instance whose credit option -// for CPU usage was not modified. +// Information about the error for the burstable performance instance whose +// credit option for CPU usage was not modified. type UnsuccessfulInstanceCreditSpecificationItemError struct { _ struct{} `type:"structure"` @@ -94078,6 +106581,68 @@ func (s *UserIdGroupPair) SetVpcPeeringConnectionId(v string) *UserIdGroupPair { return s } +// Describes the vCPU configurations for the instance type. +type VCpuInfo struct { + _ struct{} `type:"structure"` + + // The default number of cores for the instance type. + DefaultCores *int64 `locationName:"defaultCores" type:"integer"` + + // The default number of threads per core for the instance type. + DefaultThreadsPerCore *int64 `locationName:"defaultThreadsPerCore" type:"integer"` + + // The default number of vCPUs for the instance type. + DefaultVCpus *int64 `locationName:"defaultVCpus" type:"integer"` + + // List of the valid number of cores that can be configured for the instance + // type. + ValidCores []*int64 `locationName:"validCores" locationNameList:"item" type:"list"` + + // List of the valid number of threads per core that can be configured for the + // instance type. + ValidThreadsPerCore []*int64 `locationName:"validThreadsPerCore" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s VCpuInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VCpuInfo) GoString() string { + return s.String() +} + +// SetDefaultCores sets the DefaultCores field's value. +func (s *VCpuInfo) SetDefaultCores(v int64) *VCpuInfo { + s.DefaultCores = &v + return s +} + +// SetDefaultThreadsPerCore sets the DefaultThreadsPerCore field's value. +func (s *VCpuInfo) SetDefaultThreadsPerCore(v int64) *VCpuInfo { + s.DefaultThreadsPerCore = &v + return s +} + +// SetDefaultVCpus sets the DefaultVCpus field's value. +func (s *VCpuInfo) SetDefaultVCpus(v int64) *VCpuInfo { + s.DefaultVCpus = &v + return s +} + +// SetValidCores sets the ValidCores field's value. +func (s *VCpuInfo) SetValidCores(v []*int64) *VCpuInfo { + s.ValidCores = v + return s +} + +// SetValidThreadsPerCore sets the ValidThreadsPerCore field's value. +func (s *VCpuInfo) SetValidThreadsPerCore(v []*int64) *VCpuInfo { + s.ValidThreadsPerCore = v + return s +} + // Describes telemetry for a VPN tunnel. type VgwTelemetry struct { _ struct{} `type:"structure"` @@ -94164,6 +106729,9 @@ type Volume struct { // Indicates whether the volume is encrypted. Encrypted *bool `locationName:"encrypted" type:"boolean"` + // Indicates whether the volume was created using fast snapshot restore. + FastRestored *bool `locationName:"fastRestored" type:"boolean"` + // The number of I/O operations per second (IOPS) that the volume supports. // For Provisioned IOPS SSD volumes, this represents the number of IOPS that // are provisioned for the volume. For General Purpose SSD volumes, this represents @@ -94186,6 +106754,12 @@ type Volume struct { // key for the volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + // Indicates whether Amazon EBS Multi-Attach is enabled. + MultiAttachEnabled *bool `locationName:"multiAttachEnabled" type:"boolean"` + + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // The size of the volume, in GiBs. Size *int64 `locationName:"size" type:"integer"` @@ -94241,6 +106815,12 @@ func (s *Volume) SetEncrypted(v bool) *Volume { return s } +// SetFastRestored sets the FastRestored field's value. +func (s *Volume) SetFastRestored(v bool) *Volume { + s.FastRestored = &v + return s +} + // SetIops sets the Iops field's value. func (s *Volume) SetIops(v int64) *Volume { s.Iops = &v @@ -94253,6 +106833,18 @@ func (s *Volume) SetKmsKeyId(v string) *Volume { return s } +// SetMultiAttachEnabled sets the MultiAttachEnabled field's value. +func (s *Volume) SetMultiAttachEnabled(v bool) *Volume { + s.MultiAttachEnabled = &v + return s +} + +// SetOutpostArn sets the OutpostArn field's value. +func (s *Volume) SetOutpostArn(v string) *Volume { + s.OutpostArn = &v + return s +} + // SetSize sets the Size field's value. func (s *Volume) SetSize(v int64) *Volume { s.Size = &v @@ -94574,6 +107166,39 @@ func (s *VolumeStatusAction) SetEventType(v string) *VolumeStatusAction { return s } +// Information about the instances to which the volume is attached. +type VolumeStatusAttachmentStatus struct { + _ struct{} `type:"structure"` + + // The ID of the attached instance. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The maximum IOPS supported by the attached instance. + IoPerformance *string `locationName:"ioPerformance" type:"string"` +} + +// String returns the string representation +func (s VolumeStatusAttachmentStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VolumeStatusAttachmentStatus) GoString() string { + return s.String() +} + +// SetInstanceId sets the InstanceId field's value. +func (s *VolumeStatusAttachmentStatus) SetInstanceId(v string) *VolumeStatusAttachmentStatus { + s.InstanceId = &v + return s +} + +// SetIoPerformance sets the IoPerformance field's value. +func (s *VolumeStatusAttachmentStatus) SetIoPerformance(v string) *VolumeStatusAttachmentStatus { + s.IoPerformance = &v + return s +} + // Describes a volume status. type VolumeStatusDetails struct { _ struct{} `type:"structure"` @@ -94620,6 +107245,9 @@ type VolumeStatusEvent struct { // The type of this event. EventType *string `locationName:"eventType" type:"string"` + // The ID of the instance associated with the event. + InstanceId *string `locationName:"instanceId" type:"string"` + // The latest end time of the event. NotAfter *time.Time `locationName:"notAfter" type:"timestamp"` @@ -94655,6 +107283,12 @@ func (s *VolumeStatusEvent) SetEventType(v string) *VolumeStatusEvent { return s } +// SetInstanceId sets the InstanceId field's value. +func (s *VolumeStatusEvent) SetInstanceId(v string) *VolumeStatusEvent { + s.InstanceId = &v + return s +} + // SetNotAfter sets the NotAfter field's value. func (s *VolumeStatusEvent) SetNotAfter(v time.Time) *VolumeStatusEvent { s.NotAfter = &v @@ -94707,12 +107341,18 @@ type VolumeStatusItem struct { // The details of the operation. Actions []*VolumeStatusAction `locationName:"actionsSet" locationNameList:"item" type:"list"` + // Information about the instances to which the volume is attached. + AttachmentStatuses []*VolumeStatusAttachmentStatus `locationName:"attachmentStatuses" locationNameList:"item" type:"list"` + // The Availability Zone of the volume. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` // A list of events associated with the volume. Events []*VolumeStatusEvent `locationName:"eventsSet" locationNameList:"item" type:"list"` + // The Amazon Resource Name (ARN) of the Outpost. + OutpostArn *string `locationName:"outpostArn" type:"string"` + // The volume ID. VolumeId *string `locationName:"volumeId" type:"string"` @@ -94736,6 +107376,12 @@ func (s *VolumeStatusItem) SetActions(v []*VolumeStatusAction) *VolumeStatusItem return s } +// SetAttachmentStatuses sets the AttachmentStatuses field's value. +func (s *VolumeStatusItem) SetAttachmentStatuses(v []*VolumeStatusAttachmentStatus) *VolumeStatusItem { + s.AttachmentStatuses = v + return s +} + // SetAvailabilityZone sets the AvailabilityZone field's value. func (s *VolumeStatusItem) SetAvailabilityZone(v string) *VolumeStatusItem { s.AvailabilityZone = &v @@ -94748,6 +107394,12 @@ func (s *VolumeStatusItem) SetEvents(v []*VolumeStatusEvent) *VolumeStatusItem { return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *VolumeStatusItem) SetOutpostArn(v string) *VolumeStatusItem { + s.OutpostArn = &v + return s +} + // SetVolumeId sets the VolumeId field's value. func (s *VolumeStatusItem) SetVolumeId(v string) *VolumeStatusItem { s.VolumeId = &v @@ -95020,16 +107672,19 @@ func (s *VpcClassicLink) SetVpcId(v string) *VpcClassicLink { type VpcEndpoint struct { _ struct{} `type:"structure"` - // The date and time the VPC endpoint was created. + // The date and time that the VPC endpoint was created. CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"` // (Interface endpoint) The DNS entries for the endpoint. DnsEntries []*DnsEntry `locationName:"dnsEntrySet" locationNameList:"item" type:"list"` - // (Interface endpoint) Information about the security groups associated with - // the network interface. + // (Interface endpoint) Information about the security groups that are associated + // with the network interface. Groups []*SecurityGroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` + // The last error that occurred for VPC endpoint. + LastError *LastError `locationName:"lastError" type:"structure"` + // (Interface endpoint) One or more network interfaces for the endpoint. NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"` @@ -95099,6 +107754,12 @@ func (s *VpcEndpoint) SetGroups(v []*SecurityGroupIdentifier) *VpcEndpoint { return s } +// SetLastError sets the LastError field's value. +func (s *VpcEndpoint) SetLastError(v *LastError) *VpcEndpoint { + s.LastError = v + return s +} + // SetNetworkInterfaceIds sets the NetworkInterfaceIds field's value. func (s *VpcEndpoint) SetNetworkInterfaceIds(v []*string) *VpcEndpoint { s.NetworkInterfaceIds = v @@ -95181,7 +107842,7 @@ func (s *VpcEndpoint) SetVpcId(v string) *VpcEndpoint { type VpcEndpointConnection struct { _ struct{} `type:"structure"` - // The date and time the VPC endpoint was created. + // The date and time that the VPC endpoint was created. CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"` // The DNS entries for the VPC endpoint. @@ -95267,6 +107928,12 @@ type VpcIpv6CidrBlockAssociation struct { // Information about the state of the CIDR block. Ipv6CidrBlockState *VpcCidrBlockState `locationName:"ipv6CidrBlockState" type:"structure"` + + // The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated. + Ipv6Pool *string `locationName:"ipv6Pool" type:"string"` + + // The name of the location from which we advertise the IPV6 CIDR block. + NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` } // String returns the string representation @@ -95297,6 +107964,18 @@ func (s *VpcIpv6CidrBlockAssociation) SetIpv6CidrBlockState(v *VpcCidrBlockState return s } +// SetIpv6Pool sets the Ipv6Pool field's value. +func (s *VpcIpv6CidrBlockAssociation) SetIpv6Pool(v string) *VpcIpv6CidrBlockAssociation { + s.Ipv6Pool = &v + return s +} + +// SetNetworkBorderGroup sets the NetworkBorderGroup field's value. +func (s *VpcIpv6CidrBlockAssociation) SetNetworkBorderGroup(v string) *VpcIpv6CidrBlockAssociation { + s.NetworkBorderGroup = &v + return s +} + // Describes a VPC peering connection. type VpcPeeringConnection struct { _ struct{} `type:"structure"` @@ -95656,6 +108335,9 @@ func (s *VpnConnection) SetVpnGatewayId(v string) *VpnConnection { type VpnConnectionOptions struct { _ struct{} `type:"structure"` + // Indicates whether acceleration is enabled for the VPN connection. + EnableAcceleration *bool `locationName:"enableAcceleration" type:"boolean"` + // Indicates whether the VPN connection uses static routes only. Static routes // must be used for devices that don't support BGP. StaticRoutesOnly *bool `locationName:"staticRoutesOnly" type:"boolean"` @@ -95674,6 +108356,12 @@ func (s VpnConnectionOptions) GoString() string { return s.String() } +// SetEnableAcceleration sets the EnableAcceleration field's value. +func (s *VpnConnectionOptions) SetEnableAcceleration(v bool) *VpnConnectionOptions { + s.EnableAcceleration = &v + return s +} + // SetStaticRoutesOnly sets the StaticRoutesOnly field's value. func (s *VpnConnectionOptions) SetStaticRoutesOnly(v bool) *VpnConnectionOptions { s.StaticRoutesOnly = &v @@ -95690,6 +108378,11 @@ func (s *VpnConnectionOptions) SetTunnelOptions(v []*TunnelOption) *VpnConnectio type VpnConnectionOptionsSpecification struct { _ struct{} `type:"structure"` + // Indicate whether to enable acceleration for the VPN connection. + // + // Default: false + EnableAcceleration *bool `type:"boolean"` + // Indicate whether the VPN connection uses static routes only. If you are creating // a VPN connection for a device that does not support BGP, you must specify // true. Use CreateVpnConnectionRoute to create a static route. @@ -95711,6 +108404,12 @@ func (s VpnConnectionOptionsSpecification) GoString() string { return s.String() } +// SetEnableAcceleration sets the EnableAcceleration field's value. +func (s *VpnConnectionOptionsSpecification) SetEnableAcceleration(v bool) *VpnConnectionOptionsSpecification { + s.EnableAcceleration = &v + return s +} + // SetStaticRoutesOnly sets the StaticRoutesOnly field's value. func (s *VpnConnectionOptionsSpecification) SetStaticRoutesOnly(v bool) *VpnConnectionOptionsSpecification { s.StaticRoutesOnly = &v @@ -95844,7 +108543,7 @@ func (s *VpnStaticRoute) SetState(v string) *VpnStaticRoute { return s } -// The tunnel options for a VPN connection. +// The tunnel options for a single VPN tunnel. type VpnTunnelOptionsSpecification struct { _ struct{} `type:"structure"` @@ -96069,7 +108768,7 @@ func (s *VpnTunnelOptionsSpecification) SetTunnelInsideCidr(v string) *VpnTunnel type WithdrawByoipCidrInput struct { _ struct{} `type:"structure"` - // The public IPv4 address range, in CIDR notation. + // The address range, in CIDR notation. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -96200,6 +108899,25 @@ const ( AllocationStrategyCapacityOptimized = "capacityOptimized" ) +const ( + // AllowsMultipleInstanceTypesOn is a AllowsMultipleInstanceTypes enum value + AllowsMultipleInstanceTypesOn = "on" + + // AllowsMultipleInstanceTypesOff is a AllowsMultipleInstanceTypes enum value + AllowsMultipleInstanceTypesOff = "off" +) + +const ( + // ArchitectureTypeI386 is a ArchitectureType enum value + ArchitectureTypeI386 = "i386" + + // ArchitectureTypeX8664 is a ArchitectureType enum value + ArchitectureTypeX8664 = "x86_64" + + // ArchitectureTypeArm64 is a ArchitectureType enum value + ArchitectureTypeArm64 = "arm64" +) + const ( // ArchitectureValuesI386 is a ArchitectureValues enum value ArchitectureValuesI386 = "i386" @@ -96263,6 +108981,17 @@ const ( AutoPlacementOff = "off" ) +const ( + // AvailabilityZoneOptInStatusOptInNotRequired is a AvailabilityZoneOptInStatus enum value + AvailabilityZoneOptInStatusOptInNotRequired = "opt-in-not-required" + + // AvailabilityZoneOptInStatusOptedIn is a AvailabilityZoneOptInStatus enum value + AvailabilityZoneOptInStatusOptedIn = "opted-in" + + // AvailabilityZoneOptInStatusNotOptedIn is a AvailabilityZoneOptInStatus enum value + AvailabilityZoneOptInStatusNotOptedIn = "not-opted-in" +) + const ( // AvailabilityZoneStateAvailable is a AvailabilityZoneState enum value AvailabilityZoneStateAvailable = "available" @@ -96344,6 +109073,9 @@ const ( // ByoipCidrStateProvisioned is a ByoipCidrState enum value ByoipCidrStateProvisioned = "provisioned" + + // ByoipCidrStateProvisionedNotPubliclyAdvertisable is a ByoipCidrState enum value + ByoipCidrStateProvisionedNotPubliclyAdvertisable = "provisioned-not-publicly-advertisable" ) const ( @@ -96635,6 +109367,25 @@ const ( DiskImageFormatVhd = "VHD" ) +const ( + // DiskTypeHdd is a DiskType enum value + DiskTypeHdd = "hdd" + + // DiskTypeSsd is a DiskType enum value + DiskTypeSsd = "ssd" +) + +const ( + // DnsNameStatePendingVerification is a DnsNameState enum value + DnsNameStatePendingVerification = "pendingVerification" + + // DnsNameStateVerified is a DnsNameState enum value + DnsNameStateVerified = "verified" + + // DnsNameStateFailed is a DnsNameState enum value + DnsNameStateFailed = "failed" +) + const ( // DnsSupportValueEnable is a DnsSupportValue enum value DnsSupportValueEnable = "enable" @@ -96651,6 +109402,25 @@ const ( DomainTypeStandard = "standard" ) +const ( + // EbsEncryptionSupportUnsupported is a EbsEncryptionSupport enum value + EbsEncryptionSupportUnsupported = "unsupported" + + // EbsEncryptionSupportSupported is a EbsEncryptionSupport enum value + EbsEncryptionSupportSupported = "supported" +) + +const ( + // EbsOptimizedSupportUnsupported is a EbsOptimizedSupport enum value + EbsOptimizedSupportUnsupported = "unsupported" + + // EbsOptimizedSupportSupported is a EbsOptimizedSupport enum value + EbsOptimizedSupportSupported = "supported" + + // EbsOptimizedSupportDefault is a EbsOptimizedSupport enum value + EbsOptimizedSupportDefault = "default" +) + const ( // ElasticGpuStateAttached is a ElasticGpuState enum value ElasticGpuStateAttached = "ATTACHED" @@ -96664,6 +109434,17 @@ const ( ElasticGpuStatusImpaired = "IMPAIRED" ) +const ( + // EnaSupportUnsupported is a EnaSupport enum value + EnaSupportUnsupported = "unsupported" + + // EnaSupportSupported is a EnaSupport enum value + EnaSupportSupported = "supported" + + // EnaSupportRequired is a EnaSupport enum value + EnaSupportRequired = "required" +) + const ( // EndDateTypeUnlimited is a EndDateType enum value EndDateTypeUnlimited = "unlimited" @@ -96736,6 +109517,23 @@ const ( ExportTaskStateCompleted = "completed" ) +const ( + // FastSnapshotRestoreStateCodeEnabling is a FastSnapshotRestoreStateCode enum value + FastSnapshotRestoreStateCodeEnabling = "enabling" + + // FastSnapshotRestoreStateCodeOptimizing is a FastSnapshotRestoreStateCode enum value + FastSnapshotRestoreStateCodeOptimizing = "optimizing" + + // FastSnapshotRestoreStateCodeEnabled is a FastSnapshotRestoreStateCode enum value + FastSnapshotRestoreStateCodeEnabled = "enabled" + + // FastSnapshotRestoreStateCodeDisabling is a FastSnapshotRestoreStateCode enum value + FastSnapshotRestoreStateCodeDisabling = "disabling" + + // FastSnapshotRestoreStateCodeDisabled is a FastSnapshotRestoreStateCode enum value + FastSnapshotRestoreStateCodeDisabled = "disabled" +) + const ( // FleetActivityStatusError is a FleetActivityStatus enum value FleetActivityStatusError = "error" @@ -96750,6 +109548,11 @@ const ( FleetActivityStatusFulfilled = "fulfilled" ) +const ( + // FleetCapacityReservationUsageStrategyUseCapacityReservationsFirst is a FleetCapacityReservationUsageStrategy enum value + FleetCapacityReservationUsageStrategyUseCapacityReservationsFirst = "use-capacity-reservations-first" +) + const ( // FleetEventTypeInstanceChange is a FleetEventType enum value FleetEventTypeInstanceChange = "instance-change" @@ -97502,9 +110305,18 @@ const ( // InstanceTypeC5d9xlarge is a InstanceType enum value InstanceTypeC5d9xlarge = "c5d.9xlarge" + // InstanceTypeC5d12xlarge is a InstanceType enum value + InstanceTypeC5d12xlarge = "c5d.12xlarge" + // InstanceTypeC5d18xlarge is a InstanceType enum value InstanceTypeC5d18xlarge = "c5d.18xlarge" + // InstanceTypeC5d24xlarge is a InstanceType enum value + InstanceTypeC5d24xlarge = "c5d.24xlarge" + + // InstanceTypeC5dMetal is a InstanceType enum value + InstanceTypeC5dMetal = "c5d.metal" + // InstanceTypeC5nLarge is a InstanceType enum value InstanceTypeC5nLarge = "c5n.large" @@ -97873,6 +110685,26 @@ const ( // InstanceTypeR5n24xlarge is a InstanceType enum value InstanceTypeR5n24xlarge = "r5n.24xlarge" + + // InstanceTypeInf1Xlarge is a InstanceType enum value + InstanceTypeInf1Xlarge = "inf1.xlarge" + + // InstanceTypeInf12xlarge is a InstanceType enum value + InstanceTypeInf12xlarge = "inf1.2xlarge" + + // InstanceTypeInf16xlarge is a InstanceType enum value + InstanceTypeInf16xlarge = "inf1.6xlarge" + + // InstanceTypeInf124xlarge is a InstanceType enum value + InstanceTypeInf124xlarge = "inf1.24xlarge" +) + +const ( + // InstanceTypeHypervisorNitro is a InstanceTypeHypervisor enum value + InstanceTypeHypervisorNitro = "nitro" + + // InstanceTypeHypervisorXen is a InstanceTypeHypervisor enum value + InstanceTypeHypervisorXen = "xen" ) const ( @@ -97911,6 +110743,30 @@ const ( LaunchTemplateErrorCodeUnexpectedError = "unexpectedError" ) +const ( + // LaunchTemplateHttpTokensStateOptional is a LaunchTemplateHttpTokensState enum value + LaunchTemplateHttpTokensStateOptional = "optional" + + // LaunchTemplateHttpTokensStateRequired is a LaunchTemplateHttpTokensState enum value + LaunchTemplateHttpTokensStateRequired = "required" +) + +const ( + // LaunchTemplateInstanceMetadataEndpointStateDisabled is a LaunchTemplateInstanceMetadataEndpointState enum value + LaunchTemplateInstanceMetadataEndpointStateDisabled = "disabled" + + // LaunchTemplateInstanceMetadataEndpointStateEnabled is a LaunchTemplateInstanceMetadataEndpointState enum value + LaunchTemplateInstanceMetadataEndpointStateEnabled = "enabled" +) + +const ( + // LaunchTemplateInstanceMetadataOptionsStatePending is a LaunchTemplateInstanceMetadataOptionsState enum value + LaunchTemplateInstanceMetadataOptionsStatePending = "pending" + + // LaunchTemplateInstanceMetadataOptionsStateApplied is a LaunchTemplateInstanceMetadataOptionsState enum value + LaunchTemplateInstanceMetadataOptionsStateApplied = "applied" +) + const ( // ListingStateAvailable is a ListingState enum value ListingStateAvailable = "available" @@ -97939,6 +110795,42 @@ const ( ListingStatusClosed = "closed" ) +const ( + // LocalGatewayRouteStatePending is a LocalGatewayRouteState enum value + LocalGatewayRouteStatePending = "pending" + + // LocalGatewayRouteStateActive is a LocalGatewayRouteState enum value + LocalGatewayRouteStateActive = "active" + + // LocalGatewayRouteStateBlackhole is a LocalGatewayRouteState enum value + LocalGatewayRouteStateBlackhole = "blackhole" + + // LocalGatewayRouteStateDeleting is a LocalGatewayRouteState enum value + LocalGatewayRouteStateDeleting = "deleting" + + // LocalGatewayRouteStateDeleted is a LocalGatewayRouteState enum value + LocalGatewayRouteStateDeleted = "deleted" +) + +const ( + // LocalGatewayRouteTypeStatic is a LocalGatewayRouteType enum value + LocalGatewayRouteTypeStatic = "static" + + // LocalGatewayRouteTypePropagated is a LocalGatewayRouteType enum value + LocalGatewayRouteTypePropagated = "propagated" +) + +const ( + // LocationTypeRegion is a LocationType enum value + LocationTypeRegion = "region" + + // LocationTypeAvailabilityZone is a LocationType enum value + LocationTypeAvailabilityZone = "availability-zone" + + // LocationTypeAvailabilityZoneId is a LocationType enum value + LocationTypeAvailabilityZoneId = "availability-zone-id" +) + const ( // LogDestinationTypeCloudWatchLogs is a LogDestinationType enum value LogDestinationTypeCloudWatchLogs = "cloud-watch-logs" @@ -97952,6 +110844,22 @@ const ( MarketTypeSpot = "spot" ) +const ( + // MembershipTypeStatic is a MembershipType enum value + MembershipTypeStatic = "static" + + // MembershipTypeIgmp is a MembershipType enum value + MembershipTypeIgmp = "igmp" +) + +const ( + // ModifyAvailabilityZoneOptInStatusOptedIn is a ModifyAvailabilityZoneOptInStatus enum value + ModifyAvailabilityZoneOptInStatusOptedIn = "opted-in" + + // ModifyAvailabilityZoneOptInStatusNotOptedIn is a ModifyAvailabilityZoneOptInStatus enum value + ModifyAvailabilityZoneOptInStatusNotOptedIn = "not-opted-in" +) + const ( // MonitoringStateDisabled is a MonitoringState enum value MonitoringStateDisabled = "disabled" @@ -97974,6 +110882,14 @@ const ( MoveStatusRestoringToClassic = "restoringToClassic" ) +const ( + // MulticastSupportValueEnable is a MulticastSupportValue enum value + MulticastSupportValueEnable = "enable" + + // MulticastSupportValueDisable is a MulticastSupportValue enum value + MulticastSupportValueDisable = "disable" +) + const ( // NatGatewayStatePending is a NatGatewayState enum value NatGatewayStatePending = "pending" @@ -98126,6 +111042,17 @@ const ( PlacementGroupStateDeleted = "deleted" ) +const ( + // PlacementGroupStrategyCluster is a PlacementGroupStrategy enum value + PlacementGroupStrategyCluster = "cluster" + + // PlacementGroupStrategyPartition is a PlacementGroupStrategy enum value + PlacementGroupStrategyPartition = "partition" + + // PlacementGroupStrategySpread is a PlacementGroupStrategy enum value + PlacementGroupStrategySpread = "spread" +) + const ( // PlacementStrategyCluster is a PlacementStrategy enum value PlacementStrategyCluster = "cluster" @@ -98304,6 +111231,9 @@ const ( // ResourceTypeInternetGateway is a ResourceType enum value ResourceTypeInternetGateway = "internet-gateway" + // ResourceTypeKeyPair is a ResourceType enum value + ResourceTypeKeyPair = "key-pair" + // ResourceTypeLaunchTemplate is a ResourceType enum value ResourceTypeLaunchTemplate = "launch-template" @@ -98316,6 +111246,9 @@ const ( // ResourceTypeNetworkInterface is a ResourceType enum value ResourceTypeNetworkInterface = "network-interface" + // ResourceTypePlacementGroup is a ResourceType enum value + ResourceTypePlacementGroup = "placement-group" + // ResourceTypeReservedInstances is a ResourceType enum value ResourceTypeReservedInstances = "reserved-instances" @@ -98328,6 +111261,9 @@ const ( // ResourceTypeSnapshot is a ResourceType enum value ResourceTypeSnapshot = "snapshot" + // ResourceTypeSpotFleetRequest is a ResourceType enum value + ResourceTypeSpotFleetRequest = "spot-fleet-request" + // ResourceTypeSpotInstancesRequest is a ResourceType enum value ResourceTypeSpotInstancesRequest = "spot-instances-request" @@ -98349,6 +111285,9 @@ const ( // ResourceTypeTransitGatewayAttachment is a ResourceType enum value ResourceTypeTransitGatewayAttachment = "transit-gateway-attachment" + // ResourceTypeTransitGatewayMulticastDomain is a ResourceType enum value + ResourceTypeTransitGatewayMulticastDomain = "transit-gateway-multicast-domain" + // ResourceTypeTransitGatewayRouteTable is a ResourceType enum value ResourceTypeTransitGatewayRouteTable = "transit-gateway-route-table" @@ -98366,6 +111305,17 @@ const ( // ResourceTypeVpnGateway is a ResourceType enum value ResourceTypeVpnGateway = "vpn-gateway" + + // ResourceTypeVpcFlowLog is a ResourceType enum value + ResourceTypeVpcFlowLog = "vpc-flow-log" +) + +const ( + // RootDeviceTypeEbs is a RootDeviceType enum value + RootDeviceTypeEbs = "ebs" + + // RootDeviceTypeInstanceStore is a RootDeviceType enum value + RootDeviceTypeInstanceStore = "instance-store" ) const ( @@ -98387,6 +111337,23 @@ const ( RouteStateBlackhole = "blackhole" ) +const ( + // RouteTableAssociationStateCodeAssociating is a RouteTableAssociationStateCode enum value + RouteTableAssociationStateCodeAssociating = "associating" + + // RouteTableAssociationStateCodeAssociated is a RouteTableAssociationStateCode enum value + RouteTableAssociationStateCodeAssociated = "associated" + + // RouteTableAssociationStateCodeDisassociating is a RouteTableAssociationStateCode enum value + RouteTableAssociationStateCodeDisassociating = "disassociating" + + // RouteTableAssociationStateCodeDisassociated is a RouteTableAssociationStateCode enum value + RouteTableAssociationStateCodeDisassociated = "disassociated" + + // RouteTableAssociationStateCodeFailed is a RouteTableAssociationStateCode enum value + RouteTableAssociationStateCodeFailed = "failed" +) + const ( // RuleActionAllow is a RuleAction enum value RuleActionAllow = "allow" @@ -98395,6 +111362,14 @@ const ( RuleActionDeny = "deny" ) +const ( + // ScopeAvailabilityZone is a Scope enum value + ScopeAvailabilityZone = "Availability Zone" + + // ScopeRegion is a Scope enum value + ScopeRegion = "Region" +) + const ( // ServiceStatePending is a ServiceState enum value ServiceStatePending = "Pending" @@ -98702,9 +111677,15 @@ const ( // TransitGatewayAttachmentResourceTypeDirectConnectGateway is a TransitGatewayAttachmentResourceType enum value TransitGatewayAttachmentResourceTypeDirectConnectGateway = "direct-connect-gateway" + + // TransitGatewayAttachmentResourceTypeTgwPeering is a TransitGatewayAttachmentResourceType enum value + TransitGatewayAttachmentResourceTypeTgwPeering = "tgw-peering" ) const ( + // TransitGatewayAttachmentStateInitiating is a TransitGatewayAttachmentState enum value + TransitGatewayAttachmentStateInitiating = "initiating" + // TransitGatewayAttachmentStatePendingAcceptance is a TransitGatewayAttachmentState enum value TransitGatewayAttachmentStatePendingAcceptance = "pendingAcceptance" @@ -98739,6 +111720,34 @@ const ( TransitGatewayAttachmentStateFailing = "failing" ) +const ( + // TransitGatewayMulitcastDomainAssociationStateAssociating is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateAssociating = "associating" + + // TransitGatewayMulitcastDomainAssociationStateAssociated is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateAssociated = "associated" + + // TransitGatewayMulitcastDomainAssociationStateDisassociating is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateDisassociating = "disassociating" + + // TransitGatewayMulitcastDomainAssociationStateDisassociated is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateDisassociated = "disassociated" +) + +const ( + // TransitGatewayMulticastDomainStatePending is a TransitGatewayMulticastDomainState enum value + TransitGatewayMulticastDomainStatePending = "pending" + + // TransitGatewayMulticastDomainStateAvailable is a TransitGatewayMulticastDomainState enum value + TransitGatewayMulticastDomainStateAvailable = "available" + + // TransitGatewayMulticastDomainStateDeleting is a TransitGatewayMulticastDomainState enum value + TransitGatewayMulticastDomainStateDeleting = "deleting" + + // TransitGatewayMulticastDomainStateDeleted is a TransitGatewayMulticastDomainState enum value + TransitGatewayMulticastDomainStateDeleted = "deleted" +) + const ( // TransitGatewayPropagationStateEnabling is a TransitGatewayPropagationState enum value TransitGatewayPropagationStateEnabling = "enabling" @@ -98817,6 +111826,17 @@ const ( TransportProtocolUdp = "udp" ) +const ( + // UnlimitedSupportedInstanceFamilyT2 is a UnlimitedSupportedInstanceFamily enum value + UnlimitedSupportedInstanceFamilyT2 = "t2" + + // UnlimitedSupportedInstanceFamilyT3 is a UnlimitedSupportedInstanceFamily enum value + UnlimitedSupportedInstanceFamilyT3 = "t3" + + // UnlimitedSupportedInstanceFamilyT3a is a UnlimitedSupportedInstanceFamily enum value + UnlimitedSupportedInstanceFamilyT3a = "t3a" +) + const ( // UnsuccessfulInstanceCreditSpecificationErrorCodeInvalidInstanceIdMalformed is a UnsuccessfulInstanceCreditSpecificationErrorCode enum value UnsuccessfulInstanceCreditSpecificationErrorCodeInvalidInstanceIdMalformed = "InvalidInstanceID.Malformed" @@ -98831,6 +111851,14 @@ const ( UnsuccessfulInstanceCreditSpecificationErrorCodeInstanceCreditSpecificationNotSupported = "InstanceCreditSpecification.NotSupported" ) +const ( + // UsageClassTypeSpot is a UsageClassType enum value + UsageClassTypeSpot = "spot" + + // UsageClassTypeOnDemand is a UsageClassType enum value + UsageClassTypeOnDemand = "on-demand" +) + const ( // VirtualizationTypeHvm is a VirtualizationType enum value VirtualizationTypeHvm = "hvm" @@ -99043,11 +112071,3 @@ const ( // VpnStaticRouteSourceStatic is a VpnStaticRouteSource enum value VpnStaticRouteSourceStatic = "Static" ) - -const ( - // ScopeAvailabilityZone is a scope enum value - ScopeAvailabilityZone = "Availability Zone" - - // ScopeRegion is a scope enum value - ScopeRegion = "Region" -) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index b0afb065b1..5f30b99748 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -64,6 +64,10 @@ type EC2API interface { AcceptReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.AcceptReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.AcceptReservedInstancesExchangeQuoteOutput, error) AcceptReservedInstancesExchangeQuoteRequest(*ec2.AcceptReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.AcceptReservedInstancesExchangeQuoteOutput) + AcceptTransitGatewayPeeringAttachment(*ec2.AcceptTransitGatewayPeeringAttachmentInput) (*ec2.AcceptTransitGatewayPeeringAttachmentOutput, error) + AcceptTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.AcceptTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.AcceptTransitGatewayPeeringAttachmentOutput, error) + AcceptTransitGatewayPeeringAttachmentRequest(*ec2.AcceptTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.AcceptTransitGatewayPeeringAttachmentOutput) + AcceptTransitGatewayVpcAttachment(*ec2.AcceptTransitGatewayVpcAttachmentInput) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error) AcceptTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.AcceptTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.AcceptTransitGatewayVpcAttachmentOutput, error) AcceptTransitGatewayVpcAttachmentRequest(*ec2.AcceptTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.AcceptTransitGatewayVpcAttachmentOutput) @@ -124,6 +128,10 @@ type EC2API interface { AssociateSubnetCidrBlockWithContext(aws.Context, *ec2.AssociateSubnetCidrBlockInput, ...request.Option) (*ec2.AssociateSubnetCidrBlockOutput, error) AssociateSubnetCidrBlockRequest(*ec2.AssociateSubnetCidrBlockInput) (*request.Request, *ec2.AssociateSubnetCidrBlockOutput) + AssociateTransitGatewayMulticastDomain(*ec2.AssociateTransitGatewayMulticastDomainInput) (*ec2.AssociateTransitGatewayMulticastDomainOutput, error) + AssociateTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.AssociateTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.AssociateTransitGatewayMulticastDomainOutput, error) + AssociateTransitGatewayMulticastDomainRequest(*ec2.AssociateTransitGatewayMulticastDomainInput) (*request.Request, *ec2.AssociateTransitGatewayMulticastDomainOutput) + AssociateTransitGatewayRouteTable(*ec2.AssociateTransitGatewayRouteTableInput) (*ec2.AssociateTransitGatewayRouteTableOutput, error) AssociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.AssociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.AssociateTransitGatewayRouteTableOutput, error) AssociateTransitGatewayRouteTableRequest(*ec2.AssociateTransitGatewayRouteTableInput) (*request.Request, *ec2.AssociateTransitGatewayRouteTableOutput) @@ -284,6 +292,14 @@ type EC2API interface { CreateLaunchTemplateVersionWithContext(aws.Context, *ec2.CreateLaunchTemplateVersionInput, ...request.Option) (*ec2.CreateLaunchTemplateVersionOutput, error) CreateLaunchTemplateVersionRequest(*ec2.CreateLaunchTemplateVersionInput) (*request.Request, *ec2.CreateLaunchTemplateVersionOutput) + CreateLocalGatewayRoute(*ec2.CreateLocalGatewayRouteInput) (*ec2.CreateLocalGatewayRouteOutput, error) + CreateLocalGatewayRouteWithContext(aws.Context, *ec2.CreateLocalGatewayRouteInput, ...request.Option) (*ec2.CreateLocalGatewayRouteOutput, error) + CreateLocalGatewayRouteRequest(*ec2.CreateLocalGatewayRouteInput) (*request.Request, *ec2.CreateLocalGatewayRouteOutput) + + CreateLocalGatewayRouteTableVpcAssociation(*ec2.CreateLocalGatewayRouteTableVpcAssociationInput) (*ec2.CreateLocalGatewayRouteTableVpcAssociationOutput, error) + CreateLocalGatewayRouteTableVpcAssociationWithContext(aws.Context, *ec2.CreateLocalGatewayRouteTableVpcAssociationInput, ...request.Option) (*ec2.CreateLocalGatewayRouteTableVpcAssociationOutput, error) + CreateLocalGatewayRouteTableVpcAssociationRequest(*ec2.CreateLocalGatewayRouteTableVpcAssociationInput) (*request.Request, *ec2.CreateLocalGatewayRouteTableVpcAssociationOutput) + CreateNatGateway(*ec2.CreateNatGatewayInput) (*ec2.CreateNatGatewayOutput, error) CreateNatGatewayWithContext(aws.Context, *ec2.CreateNatGatewayInput, ...request.Option) (*ec2.CreateNatGatewayOutput, error) CreateNatGatewayRequest(*ec2.CreateNatGatewayInput) (*request.Request, *ec2.CreateNatGatewayOutput) @@ -364,6 +380,14 @@ type EC2API interface { CreateTransitGatewayWithContext(aws.Context, *ec2.CreateTransitGatewayInput, ...request.Option) (*ec2.CreateTransitGatewayOutput, error) CreateTransitGatewayRequest(*ec2.CreateTransitGatewayInput) (*request.Request, *ec2.CreateTransitGatewayOutput) + CreateTransitGatewayMulticastDomain(*ec2.CreateTransitGatewayMulticastDomainInput) (*ec2.CreateTransitGatewayMulticastDomainOutput, error) + CreateTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.CreateTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.CreateTransitGatewayMulticastDomainOutput, error) + CreateTransitGatewayMulticastDomainRequest(*ec2.CreateTransitGatewayMulticastDomainInput) (*request.Request, *ec2.CreateTransitGatewayMulticastDomainOutput) + + CreateTransitGatewayPeeringAttachment(*ec2.CreateTransitGatewayPeeringAttachmentInput) (*ec2.CreateTransitGatewayPeeringAttachmentOutput, error) + CreateTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.CreateTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.CreateTransitGatewayPeeringAttachmentOutput, error) + CreateTransitGatewayPeeringAttachmentRequest(*ec2.CreateTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.CreateTransitGatewayPeeringAttachmentOutput) + CreateTransitGatewayRoute(*ec2.CreateTransitGatewayRouteInput) (*ec2.CreateTransitGatewayRouteOutput, error) CreateTransitGatewayRouteWithContext(aws.Context, *ec2.CreateTransitGatewayRouteInput, ...request.Option) (*ec2.CreateTransitGatewayRouteOutput, error) CreateTransitGatewayRouteRequest(*ec2.CreateTransitGatewayRouteInput) (*request.Request, *ec2.CreateTransitGatewayRouteOutput) @@ -460,6 +484,14 @@ type EC2API interface { DeleteLaunchTemplateVersionsWithContext(aws.Context, *ec2.DeleteLaunchTemplateVersionsInput, ...request.Option) (*ec2.DeleteLaunchTemplateVersionsOutput, error) DeleteLaunchTemplateVersionsRequest(*ec2.DeleteLaunchTemplateVersionsInput) (*request.Request, *ec2.DeleteLaunchTemplateVersionsOutput) + DeleteLocalGatewayRoute(*ec2.DeleteLocalGatewayRouteInput) (*ec2.DeleteLocalGatewayRouteOutput, error) + DeleteLocalGatewayRouteWithContext(aws.Context, *ec2.DeleteLocalGatewayRouteInput, ...request.Option) (*ec2.DeleteLocalGatewayRouteOutput, error) + DeleteLocalGatewayRouteRequest(*ec2.DeleteLocalGatewayRouteInput) (*request.Request, *ec2.DeleteLocalGatewayRouteOutput) + + DeleteLocalGatewayRouteTableVpcAssociation(*ec2.DeleteLocalGatewayRouteTableVpcAssociationInput) (*ec2.DeleteLocalGatewayRouteTableVpcAssociationOutput, error) + DeleteLocalGatewayRouteTableVpcAssociationWithContext(aws.Context, *ec2.DeleteLocalGatewayRouteTableVpcAssociationInput, ...request.Option) (*ec2.DeleteLocalGatewayRouteTableVpcAssociationOutput, error) + DeleteLocalGatewayRouteTableVpcAssociationRequest(*ec2.DeleteLocalGatewayRouteTableVpcAssociationInput) (*request.Request, *ec2.DeleteLocalGatewayRouteTableVpcAssociationOutput) + DeleteNatGateway(*ec2.DeleteNatGatewayInput) (*ec2.DeleteNatGatewayOutput, error) DeleteNatGatewayWithContext(aws.Context, *ec2.DeleteNatGatewayInput, ...request.Option) (*ec2.DeleteNatGatewayOutput, error) DeleteNatGatewayRequest(*ec2.DeleteNatGatewayInput) (*request.Request, *ec2.DeleteNatGatewayOutput) @@ -536,6 +568,14 @@ type EC2API interface { DeleteTransitGatewayWithContext(aws.Context, *ec2.DeleteTransitGatewayInput, ...request.Option) (*ec2.DeleteTransitGatewayOutput, error) DeleteTransitGatewayRequest(*ec2.DeleteTransitGatewayInput) (*request.Request, *ec2.DeleteTransitGatewayOutput) + DeleteTransitGatewayMulticastDomain(*ec2.DeleteTransitGatewayMulticastDomainInput) (*ec2.DeleteTransitGatewayMulticastDomainOutput, error) + DeleteTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.DeleteTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.DeleteTransitGatewayMulticastDomainOutput, error) + DeleteTransitGatewayMulticastDomainRequest(*ec2.DeleteTransitGatewayMulticastDomainInput) (*request.Request, *ec2.DeleteTransitGatewayMulticastDomainOutput) + + DeleteTransitGatewayPeeringAttachment(*ec2.DeleteTransitGatewayPeeringAttachmentInput) (*ec2.DeleteTransitGatewayPeeringAttachmentOutput, error) + DeleteTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.DeleteTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.DeleteTransitGatewayPeeringAttachmentOutput, error) + DeleteTransitGatewayPeeringAttachmentRequest(*ec2.DeleteTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.DeleteTransitGatewayPeeringAttachmentOutput) + DeleteTransitGatewayRoute(*ec2.DeleteTransitGatewayRouteInput) (*ec2.DeleteTransitGatewayRouteOutput, error) DeleteTransitGatewayRouteWithContext(aws.Context, *ec2.DeleteTransitGatewayRouteInput, ...request.Option) (*ec2.DeleteTransitGatewayRouteOutput, error) DeleteTransitGatewayRouteRequest(*ec2.DeleteTransitGatewayRouteInput) (*request.Request, *ec2.DeleteTransitGatewayRouteOutput) @@ -592,6 +632,14 @@ type EC2API interface { DeregisterImageWithContext(aws.Context, *ec2.DeregisterImageInput, ...request.Option) (*ec2.DeregisterImageOutput, error) DeregisterImageRequest(*ec2.DeregisterImageInput) (*request.Request, *ec2.DeregisterImageOutput) + DeregisterTransitGatewayMulticastGroupMembers(*ec2.DeregisterTransitGatewayMulticastGroupMembersInput) (*ec2.DeregisterTransitGatewayMulticastGroupMembersOutput, error) + DeregisterTransitGatewayMulticastGroupMembersWithContext(aws.Context, *ec2.DeregisterTransitGatewayMulticastGroupMembersInput, ...request.Option) (*ec2.DeregisterTransitGatewayMulticastGroupMembersOutput, error) + DeregisterTransitGatewayMulticastGroupMembersRequest(*ec2.DeregisterTransitGatewayMulticastGroupMembersInput) (*request.Request, *ec2.DeregisterTransitGatewayMulticastGroupMembersOutput) + + DeregisterTransitGatewayMulticastGroupSources(*ec2.DeregisterTransitGatewayMulticastGroupSourcesInput) (*ec2.DeregisterTransitGatewayMulticastGroupSourcesOutput, error) + DeregisterTransitGatewayMulticastGroupSourcesWithContext(aws.Context, *ec2.DeregisterTransitGatewayMulticastGroupSourcesInput, ...request.Option) (*ec2.DeregisterTransitGatewayMulticastGroupSourcesOutput, error) + DeregisterTransitGatewayMulticastGroupSourcesRequest(*ec2.DeregisterTransitGatewayMulticastGroupSourcesInput) (*request.Request, *ec2.DeregisterTransitGatewayMulticastGroupSourcesOutput) + DescribeAccountAttributes(*ec2.DescribeAccountAttributesInput) (*ec2.DescribeAccountAttributesOutput, error) DescribeAccountAttributesWithContext(aws.Context, *ec2.DescribeAccountAttributesInput, ...request.Option) (*ec2.DescribeAccountAttributesOutput, error) DescribeAccountAttributesRequest(*ec2.DescribeAccountAttributesInput) (*request.Request, *ec2.DescribeAccountAttributesOutput) @@ -668,6 +716,13 @@ type EC2API interface { DescribeClientVpnTargetNetworksPages(*ec2.DescribeClientVpnTargetNetworksInput, func(*ec2.DescribeClientVpnTargetNetworksOutput, bool) bool) error DescribeClientVpnTargetNetworksPagesWithContext(aws.Context, *ec2.DescribeClientVpnTargetNetworksInput, func(*ec2.DescribeClientVpnTargetNetworksOutput, bool) bool, ...request.Option) error + DescribeCoipPools(*ec2.DescribeCoipPoolsInput) (*ec2.DescribeCoipPoolsOutput, error) + DescribeCoipPoolsWithContext(aws.Context, *ec2.DescribeCoipPoolsInput, ...request.Option) (*ec2.DescribeCoipPoolsOutput, error) + DescribeCoipPoolsRequest(*ec2.DescribeCoipPoolsInput) (*request.Request, *ec2.DescribeCoipPoolsOutput) + + DescribeCoipPoolsPages(*ec2.DescribeCoipPoolsInput, func(*ec2.DescribeCoipPoolsOutput, bool) bool) error + DescribeCoipPoolsPagesWithContext(aws.Context, *ec2.DescribeCoipPoolsInput, func(*ec2.DescribeCoipPoolsOutput, bool) bool, ...request.Option) error + DescribeConversionTasks(*ec2.DescribeConversionTasksInput) (*ec2.DescribeConversionTasksOutput, error) DescribeConversionTasksWithContext(aws.Context, *ec2.DescribeConversionTasksInput, ...request.Option) (*ec2.DescribeConversionTasksOutput, error) DescribeConversionTasksRequest(*ec2.DescribeConversionTasksInput) (*request.Request, *ec2.DescribeConversionTasksOutput) @@ -698,10 +753,20 @@ type EC2API interface { DescribeExportImageTasksWithContext(aws.Context, *ec2.DescribeExportImageTasksInput, ...request.Option) (*ec2.DescribeExportImageTasksOutput, error) DescribeExportImageTasksRequest(*ec2.DescribeExportImageTasksInput) (*request.Request, *ec2.DescribeExportImageTasksOutput) + DescribeExportImageTasksPages(*ec2.DescribeExportImageTasksInput, func(*ec2.DescribeExportImageTasksOutput, bool) bool) error + DescribeExportImageTasksPagesWithContext(aws.Context, *ec2.DescribeExportImageTasksInput, func(*ec2.DescribeExportImageTasksOutput, bool) bool, ...request.Option) error + DescribeExportTasks(*ec2.DescribeExportTasksInput) (*ec2.DescribeExportTasksOutput, error) DescribeExportTasksWithContext(aws.Context, *ec2.DescribeExportTasksInput, ...request.Option) (*ec2.DescribeExportTasksOutput, error) DescribeExportTasksRequest(*ec2.DescribeExportTasksInput) (*request.Request, *ec2.DescribeExportTasksOutput) + DescribeFastSnapshotRestores(*ec2.DescribeFastSnapshotRestoresInput) (*ec2.DescribeFastSnapshotRestoresOutput, error) + DescribeFastSnapshotRestoresWithContext(aws.Context, *ec2.DescribeFastSnapshotRestoresInput, ...request.Option) (*ec2.DescribeFastSnapshotRestoresOutput, error) + DescribeFastSnapshotRestoresRequest(*ec2.DescribeFastSnapshotRestoresInput) (*request.Request, *ec2.DescribeFastSnapshotRestoresOutput) + + DescribeFastSnapshotRestoresPages(*ec2.DescribeFastSnapshotRestoresInput, func(*ec2.DescribeFastSnapshotRestoresOutput, bool) bool) error + DescribeFastSnapshotRestoresPagesWithContext(aws.Context, *ec2.DescribeFastSnapshotRestoresInput, func(*ec2.DescribeFastSnapshotRestoresOutput, bool) bool, ...request.Option) error + DescribeFleetHistory(*ec2.DescribeFleetHistoryInput) (*ec2.DescribeFleetHistoryOutput, error) DescribeFleetHistoryWithContext(aws.Context, *ec2.DescribeFleetHistoryInput, ...request.Option) (*ec2.DescribeFleetHistoryOutput, error) DescribeFleetHistoryRequest(*ec2.DescribeFleetHistoryInput) (*request.Request, *ec2.DescribeFleetHistoryOutput) @@ -811,6 +876,20 @@ type EC2API interface { DescribeInstanceStatusPages(*ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool) error DescribeInstanceStatusPagesWithContext(aws.Context, *ec2.DescribeInstanceStatusInput, func(*ec2.DescribeInstanceStatusOutput, bool) bool, ...request.Option) error + DescribeInstanceTypeOfferings(*ec2.DescribeInstanceTypeOfferingsInput) (*ec2.DescribeInstanceTypeOfferingsOutput, error) + DescribeInstanceTypeOfferingsWithContext(aws.Context, *ec2.DescribeInstanceTypeOfferingsInput, ...request.Option) (*ec2.DescribeInstanceTypeOfferingsOutput, error) + DescribeInstanceTypeOfferingsRequest(*ec2.DescribeInstanceTypeOfferingsInput) (*request.Request, *ec2.DescribeInstanceTypeOfferingsOutput) + + DescribeInstanceTypeOfferingsPages(*ec2.DescribeInstanceTypeOfferingsInput, func(*ec2.DescribeInstanceTypeOfferingsOutput, bool) bool) error + DescribeInstanceTypeOfferingsPagesWithContext(aws.Context, *ec2.DescribeInstanceTypeOfferingsInput, func(*ec2.DescribeInstanceTypeOfferingsOutput, bool) bool, ...request.Option) error + + DescribeInstanceTypes(*ec2.DescribeInstanceTypesInput) (*ec2.DescribeInstanceTypesOutput, error) + DescribeInstanceTypesWithContext(aws.Context, *ec2.DescribeInstanceTypesInput, ...request.Option) (*ec2.DescribeInstanceTypesOutput, error) + DescribeInstanceTypesRequest(*ec2.DescribeInstanceTypesInput) (*request.Request, *ec2.DescribeInstanceTypesOutput) + + DescribeInstanceTypesPages(*ec2.DescribeInstanceTypesInput, func(*ec2.DescribeInstanceTypesOutput, bool) bool) error + DescribeInstanceTypesPagesWithContext(aws.Context, *ec2.DescribeInstanceTypesInput, func(*ec2.DescribeInstanceTypesOutput, bool) bool, ...request.Option) error + DescribeInstances(*ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error) DescribeInstancesWithContext(aws.Context, *ec2.DescribeInstancesInput, ...request.Option) (*ec2.DescribeInstancesOutput, error) DescribeInstancesRequest(*ec2.DescribeInstancesInput) (*request.Request, *ec2.DescribeInstancesOutput) @@ -825,6 +904,13 @@ type EC2API interface { DescribeInternetGatewaysPages(*ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool) error DescribeInternetGatewaysPagesWithContext(aws.Context, *ec2.DescribeInternetGatewaysInput, func(*ec2.DescribeInternetGatewaysOutput, bool) bool, ...request.Option) error + DescribeIpv6Pools(*ec2.DescribeIpv6PoolsInput) (*ec2.DescribeIpv6PoolsOutput, error) + DescribeIpv6PoolsWithContext(aws.Context, *ec2.DescribeIpv6PoolsInput, ...request.Option) (*ec2.DescribeIpv6PoolsOutput, error) + DescribeIpv6PoolsRequest(*ec2.DescribeIpv6PoolsInput) (*request.Request, *ec2.DescribeIpv6PoolsOutput) + + DescribeIpv6PoolsPages(*ec2.DescribeIpv6PoolsInput, func(*ec2.DescribeIpv6PoolsOutput, bool) bool) error + DescribeIpv6PoolsPagesWithContext(aws.Context, *ec2.DescribeIpv6PoolsInput, func(*ec2.DescribeIpv6PoolsOutput, bool) bool, ...request.Option) error + DescribeKeyPairs(*ec2.DescribeKeyPairsInput) (*ec2.DescribeKeyPairsOutput, error) DescribeKeyPairsWithContext(aws.Context, *ec2.DescribeKeyPairsInput, ...request.Option) (*ec2.DescribeKeyPairsOutput, error) DescribeKeyPairsRequest(*ec2.DescribeKeyPairsInput) (*request.Request, *ec2.DescribeKeyPairsOutput) @@ -843,6 +929,48 @@ type EC2API interface { DescribeLaunchTemplatesPages(*ec2.DescribeLaunchTemplatesInput, func(*ec2.DescribeLaunchTemplatesOutput, bool) bool) error DescribeLaunchTemplatesPagesWithContext(aws.Context, *ec2.DescribeLaunchTemplatesInput, func(*ec2.DescribeLaunchTemplatesOutput, bool) bool, ...request.Option) error + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations(*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) (*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error) + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, ...request.Option) (*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, error) + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsRequest(*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput) (*request.Request, *ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput) + + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPages(*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, func(*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, bool) bool) error + DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsPagesWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsInput, func(*ec2.DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociationsOutput, bool) bool, ...request.Option) error + + DescribeLocalGatewayRouteTableVpcAssociations(*ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput) (*ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, error) + DescribeLocalGatewayRouteTableVpcAssociationsWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput, ...request.Option) (*ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, error) + DescribeLocalGatewayRouteTableVpcAssociationsRequest(*ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput) (*request.Request, *ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput) + + DescribeLocalGatewayRouteTableVpcAssociationsPages(*ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput, func(*ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, bool) bool) error + DescribeLocalGatewayRouteTableVpcAssociationsPagesWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTableVpcAssociationsInput, func(*ec2.DescribeLocalGatewayRouteTableVpcAssociationsOutput, bool) bool, ...request.Option) error + + DescribeLocalGatewayRouteTables(*ec2.DescribeLocalGatewayRouteTablesInput) (*ec2.DescribeLocalGatewayRouteTablesOutput, error) + DescribeLocalGatewayRouteTablesWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTablesInput, ...request.Option) (*ec2.DescribeLocalGatewayRouteTablesOutput, error) + DescribeLocalGatewayRouteTablesRequest(*ec2.DescribeLocalGatewayRouteTablesInput) (*request.Request, *ec2.DescribeLocalGatewayRouteTablesOutput) + + DescribeLocalGatewayRouteTablesPages(*ec2.DescribeLocalGatewayRouteTablesInput, func(*ec2.DescribeLocalGatewayRouteTablesOutput, bool) bool) error + DescribeLocalGatewayRouteTablesPagesWithContext(aws.Context, *ec2.DescribeLocalGatewayRouteTablesInput, func(*ec2.DescribeLocalGatewayRouteTablesOutput, bool) bool, ...request.Option) error + + DescribeLocalGatewayVirtualInterfaceGroups(*ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput) (*ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, error) + DescribeLocalGatewayVirtualInterfaceGroupsWithContext(aws.Context, *ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput, ...request.Option) (*ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, error) + DescribeLocalGatewayVirtualInterfaceGroupsRequest(*ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput) (*request.Request, *ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput) + + DescribeLocalGatewayVirtualInterfaceGroupsPages(*ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput, func(*ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, bool) bool) error + DescribeLocalGatewayVirtualInterfaceGroupsPagesWithContext(aws.Context, *ec2.DescribeLocalGatewayVirtualInterfaceGroupsInput, func(*ec2.DescribeLocalGatewayVirtualInterfaceGroupsOutput, bool) bool, ...request.Option) error + + DescribeLocalGatewayVirtualInterfaces(*ec2.DescribeLocalGatewayVirtualInterfacesInput) (*ec2.DescribeLocalGatewayVirtualInterfacesOutput, error) + DescribeLocalGatewayVirtualInterfacesWithContext(aws.Context, *ec2.DescribeLocalGatewayVirtualInterfacesInput, ...request.Option) (*ec2.DescribeLocalGatewayVirtualInterfacesOutput, error) + DescribeLocalGatewayVirtualInterfacesRequest(*ec2.DescribeLocalGatewayVirtualInterfacesInput) (*request.Request, *ec2.DescribeLocalGatewayVirtualInterfacesOutput) + + DescribeLocalGatewayVirtualInterfacesPages(*ec2.DescribeLocalGatewayVirtualInterfacesInput, func(*ec2.DescribeLocalGatewayVirtualInterfacesOutput, bool) bool) error + DescribeLocalGatewayVirtualInterfacesPagesWithContext(aws.Context, *ec2.DescribeLocalGatewayVirtualInterfacesInput, func(*ec2.DescribeLocalGatewayVirtualInterfacesOutput, bool) bool, ...request.Option) error + + DescribeLocalGateways(*ec2.DescribeLocalGatewaysInput) (*ec2.DescribeLocalGatewaysOutput, error) + DescribeLocalGatewaysWithContext(aws.Context, *ec2.DescribeLocalGatewaysInput, ...request.Option) (*ec2.DescribeLocalGatewaysOutput, error) + DescribeLocalGatewaysRequest(*ec2.DescribeLocalGatewaysInput) (*request.Request, *ec2.DescribeLocalGatewaysOutput) + + DescribeLocalGatewaysPages(*ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool) error + DescribeLocalGatewaysPagesWithContext(aws.Context, *ec2.DescribeLocalGatewaysInput, func(*ec2.DescribeLocalGatewaysOutput, bool) bool, ...request.Option) error + DescribeMovingAddresses(*ec2.DescribeMovingAddressesInput) (*ec2.DescribeMovingAddressesOutput, error) DescribeMovingAddressesWithContext(aws.Context, *ec2.DescribeMovingAddressesInput, ...request.Option) (*ec2.DescribeMovingAddressesOutput, error) DescribeMovingAddressesRequest(*ec2.DescribeMovingAddressesInput) (*request.Request, *ec2.DescribeMovingAddressesOutput) @@ -1058,6 +1186,20 @@ type EC2API interface { DescribeTransitGatewayAttachmentsPages(*ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool) error DescribeTransitGatewayAttachmentsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool, ...request.Option) error + DescribeTransitGatewayMulticastDomains(*ec2.DescribeTransitGatewayMulticastDomainsInput) (*ec2.DescribeTransitGatewayMulticastDomainsOutput, error) + DescribeTransitGatewayMulticastDomainsWithContext(aws.Context, *ec2.DescribeTransitGatewayMulticastDomainsInput, ...request.Option) (*ec2.DescribeTransitGatewayMulticastDomainsOutput, error) + DescribeTransitGatewayMulticastDomainsRequest(*ec2.DescribeTransitGatewayMulticastDomainsInput) (*request.Request, *ec2.DescribeTransitGatewayMulticastDomainsOutput) + + DescribeTransitGatewayMulticastDomainsPages(*ec2.DescribeTransitGatewayMulticastDomainsInput, func(*ec2.DescribeTransitGatewayMulticastDomainsOutput, bool) bool) error + DescribeTransitGatewayMulticastDomainsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayMulticastDomainsInput, func(*ec2.DescribeTransitGatewayMulticastDomainsOutput, bool) bool, ...request.Option) error + + DescribeTransitGatewayPeeringAttachments(*ec2.DescribeTransitGatewayPeeringAttachmentsInput) (*ec2.DescribeTransitGatewayPeeringAttachmentsOutput, error) + DescribeTransitGatewayPeeringAttachmentsWithContext(aws.Context, *ec2.DescribeTransitGatewayPeeringAttachmentsInput, ...request.Option) (*ec2.DescribeTransitGatewayPeeringAttachmentsOutput, error) + DescribeTransitGatewayPeeringAttachmentsRequest(*ec2.DescribeTransitGatewayPeeringAttachmentsInput) (*request.Request, *ec2.DescribeTransitGatewayPeeringAttachmentsOutput) + + DescribeTransitGatewayPeeringAttachmentsPages(*ec2.DescribeTransitGatewayPeeringAttachmentsInput, func(*ec2.DescribeTransitGatewayPeeringAttachmentsOutput, bool) bool) error + DescribeTransitGatewayPeeringAttachmentsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayPeeringAttachmentsInput, func(*ec2.DescribeTransitGatewayPeeringAttachmentsOutput, bool) bool, ...request.Option) error + DescribeTransitGatewayRouteTables(*ec2.DescribeTransitGatewayRouteTablesInput) (*ec2.DescribeTransitGatewayRouteTablesOutput, error) DescribeTransitGatewayRouteTablesWithContext(aws.Context, *ec2.DescribeTransitGatewayRouteTablesInput, ...request.Option) (*ec2.DescribeTransitGatewayRouteTablesOutput, error) DescribeTransitGatewayRouteTablesRequest(*ec2.DescribeTransitGatewayRouteTablesInput) (*request.Request, *ec2.DescribeTransitGatewayRouteTablesOutput) @@ -1204,6 +1346,10 @@ type EC2API interface { DisableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.DisableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.DisableEbsEncryptionByDefaultOutput, error) DisableEbsEncryptionByDefaultRequest(*ec2.DisableEbsEncryptionByDefaultInput) (*request.Request, *ec2.DisableEbsEncryptionByDefaultOutput) + DisableFastSnapshotRestores(*ec2.DisableFastSnapshotRestoresInput) (*ec2.DisableFastSnapshotRestoresOutput, error) + DisableFastSnapshotRestoresWithContext(aws.Context, *ec2.DisableFastSnapshotRestoresInput, ...request.Option) (*ec2.DisableFastSnapshotRestoresOutput, error) + DisableFastSnapshotRestoresRequest(*ec2.DisableFastSnapshotRestoresInput) (*request.Request, *ec2.DisableFastSnapshotRestoresOutput) + DisableTransitGatewayRouteTablePropagation(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.DisableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.DisableTransitGatewayRouteTablePropagationOutput, error) DisableTransitGatewayRouteTablePropagationRequest(*ec2.DisableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.DisableTransitGatewayRouteTablePropagationOutput) @@ -1240,6 +1386,10 @@ type EC2API interface { DisassociateSubnetCidrBlockWithContext(aws.Context, *ec2.DisassociateSubnetCidrBlockInput, ...request.Option) (*ec2.DisassociateSubnetCidrBlockOutput, error) DisassociateSubnetCidrBlockRequest(*ec2.DisassociateSubnetCidrBlockInput) (*request.Request, *ec2.DisassociateSubnetCidrBlockOutput) + DisassociateTransitGatewayMulticastDomain(*ec2.DisassociateTransitGatewayMulticastDomainInput) (*ec2.DisassociateTransitGatewayMulticastDomainOutput, error) + DisassociateTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.DisassociateTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.DisassociateTransitGatewayMulticastDomainOutput, error) + DisassociateTransitGatewayMulticastDomainRequest(*ec2.DisassociateTransitGatewayMulticastDomainInput) (*request.Request, *ec2.DisassociateTransitGatewayMulticastDomainOutput) + DisassociateTransitGatewayRouteTable(*ec2.DisassociateTransitGatewayRouteTableInput) (*ec2.DisassociateTransitGatewayRouteTableOutput, error) DisassociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.DisassociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.DisassociateTransitGatewayRouteTableOutput, error) DisassociateTransitGatewayRouteTableRequest(*ec2.DisassociateTransitGatewayRouteTableInput) (*request.Request, *ec2.DisassociateTransitGatewayRouteTableOutput) @@ -1252,6 +1402,10 @@ type EC2API interface { EnableEbsEncryptionByDefaultWithContext(aws.Context, *ec2.EnableEbsEncryptionByDefaultInput, ...request.Option) (*ec2.EnableEbsEncryptionByDefaultOutput, error) EnableEbsEncryptionByDefaultRequest(*ec2.EnableEbsEncryptionByDefaultInput) (*request.Request, *ec2.EnableEbsEncryptionByDefaultOutput) + EnableFastSnapshotRestores(*ec2.EnableFastSnapshotRestoresInput) (*ec2.EnableFastSnapshotRestoresOutput, error) + EnableFastSnapshotRestoresWithContext(aws.Context, *ec2.EnableFastSnapshotRestoresInput, ...request.Option) (*ec2.EnableFastSnapshotRestoresOutput, error) + EnableFastSnapshotRestoresRequest(*ec2.EnableFastSnapshotRestoresInput) (*request.Request, *ec2.EnableFastSnapshotRestoresOutput) + EnableTransitGatewayRouteTablePropagation(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationWithContext(aws.Context, *ec2.EnableTransitGatewayRouteTablePropagationInput, ...request.Option) (*ec2.EnableTransitGatewayRouteTablePropagationOutput, error) EnableTransitGatewayRouteTablePropagationRequest(*ec2.EnableTransitGatewayRouteTablePropagationInput) (*request.Request, *ec2.EnableTransitGatewayRouteTablePropagationOutput) @@ -1288,10 +1442,21 @@ type EC2API interface { ExportTransitGatewayRoutesWithContext(aws.Context, *ec2.ExportTransitGatewayRoutesInput, ...request.Option) (*ec2.ExportTransitGatewayRoutesOutput, error) ExportTransitGatewayRoutesRequest(*ec2.ExportTransitGatewayRoutesInput) (*request.Request, *ec2.ExportTransitGatewayRoutesOutput) + GetAssociatedIpv6PoolCidrs(*ec2.GetAssociatedIpv6PoolCidrsInput) (*ec2.GetAssociatedIpv6PoolCidrsOutput, error) + GetAssociatedIpv6PoolCidrsWithContext(aws.Context, *ec2.GetAssociatedIpv6PoolCidrsInput, ...request.Option) (*ec2.GetAssociatedIpv6PoolCidrsOutput, error) + GetAssociatedIpv6PoolCidrsRequest(*ec2.GetAssociatedIpv6PoolCidrsInput) (*request.Request, *ec2.GetAssociatedIpv6PoolCidrsOutput) + + GetAssociatedIpv6PoolCidrsPages(*ec2.GetAssociatedIpv6PoolCidrsInput, func(*ec2.GetAssociatedIpv6PoolCidrsOutput, bool) bool) error + GetAssociatedIpv6PoolCidrsPagesWithContext(aws.Context, *ec2.GetAssociatedIpv6PoolCidrsInput, func(*ec2.GetAssociatedIpv6PoolCidrsOutput, bool) bool, ...request.Option) error + GetCapacityReservationUsage(*ec2.GetCapacityReservationUsageInput) (*ec2.GetCapacityReservationUsageOutput, error) GetCapacityReservationUsageWithContext(aws.Context, *ec2.GetCapacityReservationUsageInput, ...request.Option) (*ec2.GetCapacityReservationUsageOutput, error) GetCapacityReservationUsageRequest(*ec2.GetCapacityReservationUsageInput) (*request.Request, *ec2.GetCapacityReservationUsageOutput) + GetCoipPoolUsage(*ec2.GetCoipPoolUsageInput) (*ec2.GetCoipPoolUsageOutput, error) + GetCoipPoolUsageWithContext(aws.Context, *ec2.GetCoipPoolUsageInput, ...request.Option) (*ec2.GetCoipPoolUsageOutput, error) + GetCoipPoolUsageRequest(*ec2.GetCoipPoolUsageInput) (*request.Request, *ec2.GetCoipPoolUsageOutput) + GetConsoleOutput(*ec2.GetConsoleOutputInput) (*ec2.GetConsoleOutputOutput, error) GetConsoleOutputWithContext(aws.Context, *ec2.GetConsoleOutputInput, ...request.Option) (*ec2.GetConsoleOutputOutput, error) GetConsoleOutputRequest(*ec2.GetConsoleOutputInput) (*request.Request, *ec2.GetConsoleOutputOutput) @@ -1300,6 +1465,10 @@ type EC2API interface { GetConsoleScreenshotWithContext(aws.Context, *ec2.GetConsoleScreenshotInput, ...request.Option) (*ec2.GetConsoleScreenshotOutput, error) GetConsoleScreenshotRequest(*ec2.GetConsoleScreenshotInput) (*request.Request, *ec2.GetConsoleScreenshotOutput) + GetDefaultCreditSpecification(*ec2.GetDefaultCreditSpecificationInput) (*ec2.GetDefaultCreditSpecificationOutput, error) + GetDefaultCreditSpecificationWithContext(aws.Context, *ec2.GetDefaultCreditSpecificationInput, ...request.Option) (*ec2.GetDefaultCreditSpecificationOutput, error) + GetDefaultCreditSpecificationRequest(*ec2.GetDefaultCreditSpecificationInput) (*request.Request, *ec2.GetDefaultCreditSpecificationOutput) + GetEbsDefaultKmsKeyId(*ec2.GetEbsDefaultKmsKeyIdInput) (*ec2.GetEbsDefaultKmsKeyIdOutput, error) GetEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.GetEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.GetEbsDefaultKmsKeyIdOutput, error) GetEbsDefaultKmsKeyIdRequest(*ec2.GetEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.GetEbsDefaultKmsKeyIdOutput) @@ -1331,6 +1500,13 @@ type EC2API interface { GetTransitGatewayAttachmentPropagationsPages(*ec2.GetTransitGatewayAttachmentPropagationsInput, func(*ec2.GetTransitGatewayAttachmentPropagationsOutput, bool) bool) error GetTransitGatewayAttachmentPropagationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayAttachmentPropagationsInput, func(*ec2.GetTransitGatewayAttachmentPropagationsOutput, bool) bool, ...request.Option) error + GetTransitGatewayMulticastDomainAssociations(*ec2.GetTransitGatewayMulticastDomainAssociationsInput) (*ec2.GetTransitGatewayMulticastDomainAssociationsOutput, error) + GetTransitGatewayMulticastDomainAssociationsWithContext(aws.Context, *ec2.GetTransitGatewayMulticastDomainAssociationsInput, ...request.Option) (*ec2.GetTransitGatewayMulticastDomainAssociationsOutput, error) + GetTransitGatewayMulticastDomainAssociationsRequest(*ec2.GetTransitGatewayMulticastDomainAssociationsInput) (*request.Request, *ec2.GetTransitGatewayMulticastDomainAssociationsOutput) + + GetTransitGatewayMulticastDomainAssociationsPages(*ec2.GetTransitGatewayMulticastDomainAssociationsInput, func(*ec2.GetTransitGatewayMulticastDomainAssociationsOutput, bool) bool) error + GetTransitGatewayMulticastDomainAssociationsPagesWithContext(aws.Context, *ec2.GetTransitGatewayMulticastDomainAssociationsInput, func(*ec2.GetTransitGatewayMulticastDomainAssociationsOutput, bool) bool, ...request.Option) error + GetTransitGatewayRouteTableAssociations(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error) GetTransitGatewayRouteTableAssociationsWithContext(aws.Context, *ec2.GetTransitGatewayRouteTableAssociationsInput, ...request.Option) (*ec2.GetTransitGatewayRouteTableAssociationsOutput, error) GetTransitGatewayRouteTableAssociationsRequest(*ec2.GetTransitGatewayRouteTableAssociationsInput) (*request.Request, *ec2.GetTransitGatewayRouteTableAssociationsOutput) @@ -1369,6 +1545,10 @@ type EC2API interface { ImportVolumeWithContext(aws.Context, *ec2.ImportVolumeInput, ...request.Option) (*ec2.ImportVolumeOutput, error) ImportVolumeRequest(*ec2.ImportVolumeInput) (*request.Request, *ec2.ImportVolumeOutput) + ModifyAvailabilityZoneGroup(*ec2.ModifyAvailabilityZoneGroupInput) (*ec2.ModifyAvailabilityZoneGroupOutput, error) + ModifyAvailabilityZoneGroupWithContext(aws.Context, *ec2.ModifyAvailabilityZoneGroupInput, ...request.Option) (*ec2.ModifyAvailabilityZoneGroupOutput, error) + ModifyAvailabilityZoneGroupRequest(*ec2.ModifyAvailabilityZoneGroupInput) (*request.Request, *ec2.ModifyAvailabilityZoneGroupOutput) + ModifyCapacityReservation(*ec2.ModifyCapacityReservationInput) (*ec2.ModifyCapacityReservationOutput, error) ModifyCapacityReservationWithContext(aws.Context, *ec2.ModifyCapacityReservationInput, ...request.Option) (*ec2.ModifyCapacityReservationOutput, error) ModifyCapacityReservationRequest(*ec2.ModifyCapacityReservationInput) (*request.Request, *ec2.ModifyCapacityReservationOutput) @@ -1377,6 +1557,10 @@ type EC2API interface { ModifyClientVpnEndpointWithContext(aws.Context, *ec2.ModifyClientVpnEndpointInput, ...request.Option) (*ec2.ModifyClientVpnEndpointOutput, error) ModifyClientVpnEndpointRequest(*ec2.ModifyClientVpnEndpointInput) (*request.Request, *ec2.ModifyClientVpnEndpointOutput) + ModifyDefaultCreditSpecification(*ec2.ModifyDefaultCreditSpecificationInput) (*ec2.ModifyDefaultCreditSpecificationOutput, error) + ModifyDefaultCreditSpecificationWithContext(aws.Context, *ec2.ModifyDefaultCreditSpecificationInput, ...request.Option) (*ec2.ModifyDefaultCreditSpecificationOutput, error) + ModifyDefaultCreditSpecificationRequest(*ec2.ModifyDefaultCreditSpecificationInput) (*request.Request, *ec2.ModifyDefaultCreditSpecificationOutput) + ModifyEbsDefaultKmsKeyId(*ec2.ModifyEbsDefaultKmsKeyIdInput) (*ec2.ModifyEbsDefaultKmsKeyIdOutput, error) ModifyEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.ModifyEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.ModifyEbsDefaultKmsKeyIdOutput, error) ModifyEbsDefaultKmsKeyIdRequest(*ec2.ModifyEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.ModifyEbsDefaultKmsKeyIdOutput) @@ -1549,6 +1733,18 @@ type EC2API interface { RegisterImageWithContext(aws.Context, *ec2.RegisterImageInput, ...request.Option) (*ec2.RegisterImageOutput, error) RegisterImageRequest(*ec2.RegisterImageInput) (*request.Request, *ec2.RegisterImageOutput) + RegisterTransitGatewayMulticastGroupMembers(*ec2.RegisterTransitGatewayMulticastGroupMembersInput) (*ec2.RegisterTransitGatewayMulticastGroupMembersOutput, error) + RegisterTransitGatewayMulticastGroupMembersWithContext(aws.Context, *ec2.RegisterTransitGatewayMulticastGroupMembersInput, ...request.Option) (*ec2.RegisterTransitGatewayMulticastGroupMembersOutput, error) + RegisterTransitGatewayMulticastGroupMembersRequest(*ec2.RegisterTransitGatewayMulticastGroupMembersInput) (*request.Request, *ec2.RegisterTransitGatewayMulticastGroupMembersOutput) + + RegisterTransitGatewayMulticastGroupSources(*ec2.RegisterTransitGatewayMulticastGroupSourcesInput) (*ec2.RegisterTransitGatewayMulticastGroupSourcesOutput, error) + RegisterTransitGatewayMulticastGroupSourcesWithContext(aws.Context, *ec2.RegisterTransitGatewayMulticastGroupSourcesInput, ...request.Option) (*ec2.RegisterTransitGatewayMulticastGroupSourcesOutput, error) + RegisterTransitGatewayMulticastGroupSourcesRequest(*ec2.RegisterTransitGatewayMulticastGroupSourcesInput) (*request.Request, *ec2.RegisterTransitGatewayMulticastGroupSourcesOutput) + + RejectTransitGatewayPeeringAttachment(*ec2.RejectTransitGatewayPeeringAttachmentInput) (*ec2.RejectTransitGatewayPeeringAttachmentOutput, error) + RejectTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.RejectTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.RejectTransitGatewayPeeringAttachmentOutput, error) + RejectTransitGatewayPeeringAttachmentRequest(*ec2.RejectTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.RejectTransitGatewayPeeringAttachmentOutput) + RejectTransitGatewayVpcAttachment(*ec2.RejectTransitGatewayVpcAttachmentInput) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error) RejectTransitGatewayVpcAttachmentWithContext(aws.Context, *ec2.RejectTransitGatewayVpcAttachmentInput, ...request.Option) (*ec2.RejectTransitGatewayVpcAttachmentOutput, error) RejectTransitGatewayVpcAttachmentRequest(*ec2.RejectTransitGatewayVpcAttachmentInput) (*request.Request, *ec2.RejectTransitGatewayVpcAttachmentOutput) @@ -1653,6 +1849,20 @@ type EC2API interface { RunScheduledInstancesWithContext(aws.Context, *ec2.RunScheduledInstancesInput, ...request.Option) (*ec2.RunScheduledInstancesOutput, error) RunScheduledInstancesRequest(*ec2.RunScheduledInstancesInput) (*request.Request, *ec2.RunScheduledInstancesOutput) + SearchLocalGatewayRoutes(*ec2.SearchLocalGatewayRoutesInput) (*ec2.SearchLocalGatewayRoutesOutput, error) + SearchLocalGatewayRoutesWithContext(aws.Context, *ec2.SearchLocalGatewayRoutesInput, ...request.Option) (*ec2.SearchLocalGatewayRoutesOutput, error) + SearchLocalGatewayRoutesRequest(*ec2.SearchLocalGatewayRoutesInput) (*request.Request, *ec2.SearchLocalGatewayRoutesOutput) + + SearchLocalGatewayRoutesPages(*ec2.SearchLocalGatewayRoutesInput, func(*ec2.SearchLocalGatewayRoutesOutput, bool) bool) error + SearchLocalGatewayRoutesPagesWithContext(aws.Context, *ec2.SearchLocalGatewayRoutesInput, func(*ec2.SearchLocalGatewayRoutesOutput, bool) bool, ...request.Option) error + + SearchTransitGatewayMulticastGroups(*ec2.SearchTransitGatewayMulticastGroupsInput) (*ec2.SearchTransitGatewayMulticastGroupsOutput, error) + SearchTransitGatewayMulticastGroupsWithContext(aws.Context, *ec2.SearchTransitGatewayMulticastGroupsInput, ...request.Option) (*ec2.SearchTransitGatewayMulticastGroupsOutput, error) + SearchTransitGatewayMulticastGroupsRequest(*ec2.SearchTransitGatewayMulticastGroupsInput) (*request.Request, *ec2.SearchTransitGatewayMulticastGroupsOutput) + + SearchTransitGatewayMulticastGroupsPages(*ec2.SearchTransitGatewayMulticastGroupsInput, func(*ec2.SearchTransitGatewayMulticastGroupsOutput, bool) bool) error + SearchTransitGatewayMulticastGroupsPagesWithContext(aws.Context, *ec2.SearchTransitGatewayMulticastGroupsInput, func(*ec2.SearchTransitGatewayMulticastGroupsOutput, bool) bool, ...request.Option) error + SearchTransitGatewayRoutes(*ec2.SearchTransitGatewayRoutesInput) (*ec2.SearchTransitGatewayRoutesOutput, error) SearchTransitGatewayRoutesWithContext(aws.Context, *ec2.SearchTransitGatewayRoutesInput, ...request.Option) (*ec2.SearchTransitGatewayRoutesOutput, error) SearchTransitGatewayRoutesRequest(*ec2.SearchTransitGatewayRoutesInput) (*request.Request, *ec2.SearchTransitGatewayRoutesOutput) @@ -1665,6 +1875,10 @@ type EC2API interface { StartInstancesWithContext(aws.Context, *ec2.StartInstancesInput, ...request.Option) (*ec2.StartInstancesOutput, error) StartInstancesRequest(*ec2.StartInstancesInput) (*request.Request, *ec2.StartInstancesOutput) + StartVpcEndpointServicePrivateDnsVerification(*ec2.StartVpcEndpointServicePrivateDnsVerificationInput) (*ec2.StartVpcEndpointServicePrivateDnsVerificationOutput, error) + StartVpcEndpointServicePrivateDnsVerificationWithContext(aws.Context, *ec2.StartVpcEndpointServicePrivateDnsVerificationInput, ...request.Option) (*ec2.StartVpcEndpointServicePrivateDnsVerificationOutput, error) + StartVpcEndpointServicePrivateDnsVerificationRequest(*ec2.StartVpcEndpointServicePrivateDnsVerificationInput) (*request.Request, *ec2.StartVpcEndpointServicePrivateDnsVerificationOutput) + StopInstances(*ec2.StopInstancesInput) (*ec2.StopInstancesOutput, error) StopInstancesWithContext(aws.Context, *ec2.StopInstancesInput, ...request.Option) (*ec2.StopInstancesOutput, error) StopInstancesRequest(*ec2.StopInstancesInput) (*request.Request, *ec2.StopInstancesOutput) @@ -1755,6 +1969,9 @@ type EC2API interface { WaitUntilPasswordDataAvailable(*ec2.GetPasswordDataInput) error WaitUntilPasswordDataAvailableWithContext(aws.Context, *ec2.GetPasswordDataInput, ...request.WaiterOption) error + WaitUntilSecurityGroupExists(*ec2.DescribeSecurityGroupsInput) error + WaitUntilSecurityGroupExistsWithContext(aws.Context, *ec2.DescribeSecurityGroupsInput, ...request.WaiterOption) error + WaitUntilSnapshotCompleted(*ec2.DescribeSnapshotsInput) error WaitUntilSnapshotCompletedWithContext(aws.Context, *ec2.DescribeSnapshotsInput, ...request.WaiterOption) error diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go index f8c075614f..1bde2c2f5c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "ec2" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "EC2" // ServiceID is a unique identifer of a specific service. + ServiceID = "EC2" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the EC2 client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go index 0469f0f01a..b9bdbde157 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go @@ -952,6 +952,57 @@ func (c *EC2) WaitUntilPasswordDataAvailableWithContext(ctx aws.Context, input * return w.WaitWithContext(ctx) } +// WaitUntilSecurityGroupExists uses the Amazon EC2 API operation +// DescribeSecurityGroups to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *EC2) WaitUntilSecurityGroupExists(input *DescribeSecurityGroupsInput) error { + return c.WaitUntilSecurityGroupExistsWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilSecurityGroupExistsWithContext is an extended version of WaitUntilSecurityGroupExists. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) WaitUntilSecurityGroupExistsWithContext(ctx aws.Context, input *DescribeSecurityGroupsInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilSecurityGroupExists", + MaxAttempts: 6, + Delay: request.ConstantWaiterDelay(5 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathWaiterMatch, Argument: "length(SecurityGroups[].GroupId) > `0`", + Expected: true, + }, + { + State: request.RetryWaiterState, + Matcher: request.ErrorWaiterMatch, + Expected: "InvalidGroupNotFound", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeSecurityGroupsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSecurityGroupsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + // WaitUntilSnapshotCompleted uses the Amazon EC2 API operation // DescribeSnapshots to wait for a condition to be met before returning. // If the condition is not met within the max attempt window, an error will diff --git a/vendor/github.com/aws/aws-sdk-go/service/elb/service.go b/vendor/github.com/aws/aws-sdk-go/service/elb/service.go index 2263704ba0..7ed1a60988 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elb/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elb/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "elasticloadbalancing" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "Elastic Load Balancing" // ServiceID is a unique identifer of a specific service. + ServiceID = "Elastic Load Balancing" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the ELB client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go index 10febdf4a2..c1903d5141 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go @@ -3370,11 +3370,12 @@ func (c *ELBV2) SetSubnetsRequest(input *SetSubnetsInput) (req *request.Request, // SetSubnets API operation for Elastic Load Balancing. // -// Enables the Availability Zone for the specified public subnets for the specified -// Application Load Balancer. The specified subnets replace the previously enabled -// subnets. +// Enables the Availability Zones for the specified public subnets for the specified +// load balancer. The specified subnets replace the previously enabled subnets. // -// You can't change the subnets for a Network Load Balancer. +// When you specify subnets for a Network Load Balancer, you must include all +// subnets that were enabled previously, with their existing configurations, +// plus any additional subnets. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3646,7 +3647,7 @@ type AddTagsInput struct { // ResourceArns is a required field ResourceArns []*string `type:"list" required:"true"` - // The tags. Each resource can have a maximum of 10 tags. + // The tags. // // Tags is a required field Tags []*Tag `min:"1" type:"list" required:"true"` @@ -4031,7 +4032,8 @@ type AvailabilityZone struct { // [Network Load Balancers] If you need static IP addresses for your load balancer, // you can specify one Elastic IP address per Availability Zone when you create - // the load balancer. + // an internal-facing load balancer. For internal load balancers, you can specify + // a private IP address from the IPv4 range of the subnet. LoadBalancerAddresses []*LoadBalancerAddress `type:"list"` // The ID of the subnet. You can specify one subnet per Availability Zone. @@ -4188,9 +4190,30 @@ type CreateListenerInput struct { // Protocol is a required field Protocol *string `type:"string" required:"true" enum:"ProtocolEnum"` - // [HTTPS and TLS listeners] The security policy that defines which ciphers - // and protocols are supported. The default is the current predefined security - // policy. + // [HTTPS and TLS listeners] The security policy that defines which protocols + // and ciphers are supported. The following are the possible values: + // + // * ELBSecurityPolicy-2016-08 + // + // * ELBSecurityPolicy-TLS-1-0-2015-04 + // + // * ELBSecurityPolicy-TLS-1-1-2017-01 + // + // * ELBSecurityPolicy-TLS-1-2-2017-01 + // + // * ELBSecurityPolicy-TLS-1-2-Ext-2018-06 + // + // * ELBSecurityPolicy-FS-2018-06 + // + // * ELBSecurityPolicy-FS-1-1-2019-08 + // + // * ELBSecurityPolicy-FS-1-2-2019-08 + // + // * ELBSecurityPolicy-FS-1-2-Res-2019-08 + // + // For more information, see Security Policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) + // in the Application Load Balancers Guide and Security Policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) + // in the Network Load Balancers Guide. SslPolicy *string `type:"string"` } @@ -4341,7 +4364,9 @@ type CreateLoadBalancerInput struct { // // [Network Load Balancers] You can specify subnets from one or more Availability // Zones. You can specify one Elastic IP address per subnet if you need static - // IP addresses for your load balancer. + // IP addresses for your internet-facing load balancer. For internal load balancers, + // you can specify one private IP address per subnet from the IPv4 range of + // the subnet. SubnetMappings []*SubnetMapping `type:"list"` // The IDs of the public subnets. You can specify only one subnet per Availability @@ -5729,7 +5754,7 @@ type DescribeSSLPoliciesOutput struct { // Otherwise, this is null. NextMarker *string `type:"string"` - // Information about the policies. + // Information about the security policies. SslPolicies []*SslPolicy `type:"list"` } @@ -5758,7 +5783,8 @@ func (s *DescribeSSLPoliciesOutput) SetSslPolicies(v []*SslPolicy) *DescribeSSLP type DescribeTagsInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names (ARN) of the resources. + // The Amazon Resource Names (ARN) of the resources. You can specify up to 20 + // resources in a single call. // // ResourceArns is a required field ResourceArns []*string `type:"list" required:"true"` @@ -6352,8 +6378,8 @@ type Listener struct { // The protocol for connections from clients to the load balancer. Protocol *string `type:"string" enum:"ProtocolEnum"` - // [HTTPS or TLS listener] The security policy that defines which ciphers and - // protocols are supported. The default is the current predefined security policy. + // [HTTPS or TLS listener] The security policy that defines which protocols + // and ciphers are supported. SslPolicy *string `type:"string"` } @@ -6546,11 +6572,15 @@ func (s *LoadBalancer) SetVpcId(v string) *LoadBalancer { type LoadBalancerAddress struct { _ struct{} `type:"structure"` - // [Network Load Balancers] The allocation ID of the Elastic IP address. + // [Network Load Balancers] The allocation ID of the Elastic IP address for + // an internal-facing load balancer. AllocationId *string `type:"string"` // The static IP address. IpAddress *string `type:"string"` + + // [Network Load Balancers] The private IPv4 address for an internal load balancer. + PrivateIPv4Address *string `type:"string"` } // String returns the string representation @@ -6575,6 +6605,12 @@ func (s *LoadBalancerAddress) SetIpAddress(v string) *LoadBalancerAddress { return s } +// SetPrivateIPv4Address sets the PrivateIPv4Address field's value. +func (s *LoadBalancerAddress) SetPrivateIPv4Address(v string) *LoadBalancerAddress { + s.PrivateIPv4Address = &v + return s +} + // Information about a load balancer attribute. type LoadBalancerAttribute struct { _ struct{} `type:"structure"` @@ -6608,7 +6644,8 @@ type LoadBalancerAttribute struct { // (true) or routed to targets (false). The default is false. // // * routing.http2.enabled - Indicates whether HTTP/2 is enabled. The value - // is true or false. The default is true. + // is true or false. The default is true. Elastic Load Balancing requires + // that message header names contain only alphanumeric characters and hyphens. // // The following attributes are supported by only Network Load Balancers: // @@ -6767,8 +6804,29 @@ type ModifyListenerInput struct { Protocol *string `type:"string" enum:"ProtocolEnum"` // [HTTPS and TLS listeners] The security policy that defines which protocols - // and ciphers are supported. For more information, see Security Policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) - // in the Application Load Balancers Guide. + // and ciphers are supported. The following are the possible values: + // + // * ELBSecurityPolicy-2016-08 + // + // * ELBSecurityPolicy-TLS-1-0-2015-04 + // + // * ELBSecurityPolicy-TLS-1-1-2017-01 + // + // * ELBSecurityPolicy-TLS-1-2-2017-01 + // + // * ELBSecurityPolicy-TLS-1-2-Ext-2018-06 + // + // * ELBSecurityPolicy-FS-2018-06 + // + // * ELBSecurityPolicy-FS-1-1-2019-08 + // + // * ELBSecurityPolicy-FS-1-2-2019-08 + // + // * ELBSecurityPolicy-FS-1-2-Res-2019-08 + // + // For more information, see Security Policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) + // in the Application Load Balancers Guide and Security Policies (https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) + // in the Network Load Balancers Guide. SslPolicy *string `type:"string"` } @@ -8208,11 +8266,17 @@ type SetSubnetsInput struct { // LoadBalancerArn is a required field LoadBalancerArn *string `type:"string" required:"true"` - // The IDs of the public subnets. You must specify subnets from at least two - // Availability Zones. You can specify only one subnet per Availability Zone. - // You must specify either subnets or subnet mappings. + // The IDs of the public subnets. You can specify only one subnet per Availability + // Zone. You must specify either subnets or subnet mappings. // - // You cannot specify Elastic IP addresses for your subnets. + // [Application Load Balancers] You must specify subnets from at least two Availability + // Zones. You cannot specify Elastic IP addresses for your subnets. + // + // [Network Load Balancers] You can specify subnets from one or more Availability + // Zones. If you need static IP addresses for your internet-facing load balancer, + // you can specify one Elastic IP address per subnet. For internal load balancers, + // you can specify one private IP address per subnet from the IPv4 range of + // the subnet. SubnetMappings []*SubnetMapping `type:"list"` // The IDs of the public subnets. You must specify subnets from at least two @@ -8365,9 +8429,13 @@ func (s *SslPolicy) SetSslProtocols(v []*string) *SslPolicy { type SubnetMapping struct { _ struct{} `type:"structure"` - // [Network Load Balancers] The allocation ID of the Elastic IP address. + // [Network Load Balancers] The allocation ID of the Elastic IP address for + // an internet-facing load balancer. AllocationId *string `type:"string"` + // [Network Load Balancers] The private IPv4 address for an internal load balancer. + PrivateIPv4Address *string `type:"string"` + // The ID of the subnet. SubnetId *string `type:"string"` } @@ -8388,6 +8456,12 @@ func (s *SubnetMapping) SetAllocationId(v string) *SubnetMapping { return s } +// SetPrivateIPv4Address sets the PrivateIPv4Address field's value. +func (s *SubnetMapping) SetPrivateIPv4Address(v string) *SubnetMapping { + s.PrivateIPv4Address = &v + return s +} + // SetSubnetId sets the SubnetId field's value. func (s *SubnetMapping) SetSubnetId(v string) *SubnetMapping { s.SubnetId = &v @@ -8730,8 +8804,8 @@ type TargetGroupAttribute struct { // The name of the attribute. // - // The following attribute is supported by both Application Load Balancers and - // Network Load Balancers: + // The following attributes are supported by both Application Load Balancers + // and Network Load Balancers: // // * deregistration_delay.timeout_seconds - The amount of time, in seconds, // for Elastic Load Balancing to wait before changing the state of a deregistering @@ -8739,21 +8813,26 @@ type TargetGroupAttribute struct { // value is 300 seconds. If the target is a Lambda function, this attribute // is not supported. // + // * stickiness.enabled - Indicates whether sticky sessions are enabled. + // The value is true or false. The default is false. + // + // * stickiness.type - The type of sticky sessions. The possible values are + // lb_cookie for Application Load Balancers or source_ip for Network Load + // Balancers. + // // The following attributes are supported by Application Load Balancers if the // target is not a Lambda function: // + // * load_balancing.algorithm.type - The load balancing algorithm determines + // how the load balancer selects targets when routing requests. The value + // is round_robin or least_outstanding_requests. The default is round_robin. + // // * slow_start.duration_seconds - The time period, in seconds, during which // a newly registered target receives a linearly increasing share of the // traffic to the target group. After this time period ends, the target receives // its full share of traffic. The range is 30-900 seconds (15 minutes). Slow // start mode is disabled by default. // - // * stickiness.enabled - Indicates whether sticky sessions are enabled. - // The value is true or false. The default is false. - // - // * stickiness.type - The type of sticky sessions. The possible value is - // lb_cookie. - // // * stickiness.lb_cookie.duration_seconds - The time period, in seconds, // during which requests from a client should be routed to the same target. // After this time period expires, the load balancer-generated cookie is diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/service.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/service.go index 6d5098b930..1c869cf040 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "elasticloadbalancing" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "Elastic Load Balancing v2" // ServiceID is a unique identifer of a specific service. + ServiceID = "Elastic Load Balancing v2" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the ELBV2 client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 3da022c9e1..a17131ac18 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -1284,7 +1284,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // * A list of client IDs (also known as audiences) that identify the application // or applications that are allowed to authenticate using the OIDC provider // -// * A list of thumbprints of the server certificate(s) that the IdP uses +// * A list of thumbprints of one or more server certificates that the IdP +// uses // // You get all of this information from the OIDC IdP that you want to use to // access AWS. @@ -12921,13 +12922,14 @@ func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req // The simulation does not perform the API operations; it only checks the authorization // to determine if the simulated policies allow or deny the operations. // -// If you want to simulate existing policies attached to an IAM user, group, -// or role, use SimulatePrincipalPolicy instead. +// If you want to simulate existing policies that are attached to an IAM user, +// group, or role, use SimulatePrincipalPolicy instead. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. You can use the Condition -// element of an IAM policy to evaluate context keys. To get the list of context -// keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy. +// Context keys are variables that are maintained by AWS and its services and +// which provide details about the context of an API query request. You can +// use the Condition element of an IAM policy to evaluate context keys. To get +// the list of context keys that the policies require for correct simulation, +// use GetContextKeysForCustomPolicy. // // If the output is long, you can use MaxItems and Marker parameters to paginate // the results. @@ -15505,7 +15507,7 @@ type AccessKey struct { // calls, while Inactive means it is not. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user that the access key is associated with. // @@ -15647,7 +15649,7 @@ type AccessKeyMetadata struct { // The status of the access key. Active means that the key is valid for API // calls; Inactive means it is not. - Status *string `type:"string" enum:"statusType"` + Status *string `type:"string" enum:"StatusType"` // The name of the IAM user that the key is associated with. UserName *string `min:"1" type:"string"` @@ -19987,7 +19989,7 @@ type EntityInfo struct { // The type of entity (user or role). // // Type is a required field - Type *string `type:"string" required:"true" enum:"policyOwnerEntityType"` + Type *string `type:"string" required:"true" enum:"PolicyOwnerEntityType"` } // String returns the string representation @@ -20088,12 +20090,24 @@ type EvaluationResult struct { // EvalDecision is a required field EvalDecision *string `type:"string" required:"true" enum:"PolicyEvaluationDecisionType"` - // Additional details about the results of the evaluation decision. When there - // are both IAM policies and resource policies, this parameter explains how - // each set of policies contributes to the final evaluation decision. When simulating - // cross-account access to a resource, both the resource-based policy and the - // caller's IAM policy must grant access. See How IAM Roles Differ from Resource-based - // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html) + // Additional details about the results of the cross-account evaluation decision. + // This parameter is populated for only cross-account simulations. It contains + // a brief summary of how each policy type contributes to the final evaluation + // decision. + // + // If the simulation evaluates policies within the same account and includes + // a resource ARN, then the parameter is present but the response is empty. + // If the simulation evaluates policies within the same account and specifies + // all resources (*), then the parameter is not returned. + // + // When you make a cross-account request, AWS evaluates the request in the trusting + // account and the trusted account. The request is allowed only if both evaluations + // return true. For more information about how policies are evaluated, see Evaluating + // Policies Within a Single Account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). + // + // If an AWS Organizations SCP included in the evaluation denies access, the + // simulation ends. In this case, policy evaluation does not proceed any further + // and this parameter is not returned. EvalDecisionDetails map[string]*string `type:"map"` // The ARN of the resource that the indicated API operation was tested on. @@ -20120,6 +20134,10 @@ type EvaluationResult struct { // account is part of an organization. OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"` + // Contains information about the effect that a permissions boundary has on + // a policy simulation when the boundary is applied to an IAM entity. + PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail `type:"structure"` + // The individual results of the simulation of the API operation specified in // EvalActionName on each resource. ResourceSpecificResults []*ResourceSpecificResult `type:"list"` @@ -20177,6 +20195,12 @@ func (s *EvaluationResult) SetOrganizationsDecisionDetail(v *OrganizationsDecisi return s } +// SetPermissionsBoundaryDecisionDetail sets the PermissionsBoundaryDecisionDetail field's value. +func (s *EvaluationResult) SetPermissionsBoundaryDecisionDetail(v *PermissionsBoundaryDecisionDetail) *EvaluationResult { + s.PermissionsBoundaryDecisionDetail = v + return s +} + // SetResourceSpecificResults sets the ResourceSpecificResults field's value. func (s *EvaluationResult) SetResourceSpecificResults(v []*ResourceSpecificResult) *EvaluationResult { s.ResourceSpecificResults = v @@ -21428,7 +21452,7 @@ type GetOrganizationsAccessReportInput struct { // The key that is used to sort the results. If you choose the namespace key, // the results are returned in alphabetical order. If you choose the time key, // the results are sorted numerically by the date and time. - SortKey *string `type:"string" enum:"sortKeyType"` + SortKey *string `type:"string" enum:"SortKeyType"` } // String returns the string representation @@ -21525,7 +21549,7 @@ type GetOrganizationsAccessReportOutput struct { // The status of the job. // // JobStatus is a required field - JobStatus *string `type:"string" required:"true" enum:"jobStatusType"` + JobStatus *string `type:"string" required:"true" enum:"JobStatusType"` // When IsTruncated is true, this element is present and contains the value // to use for the Marker parameter in a subsequent pagination request. @@ -22048,7 +22072,7 @@ type GetSSHPublicKeyInput struct { // PEM format, use PEM. // // Encoding is a required field - Encoding *string `type:"string" required:"true" enum:"encodingType"` + Encoding *string `type:"string" required:"true" enum:"EncodingType"` // The unique identifier for the SSH public key. // @@ -22326,7 +22350,7 @@ type GetServiceLastAccessedDetailsOutput struct { // The status of the job. // // JobStatus is a required field - JobStatus *string `type:"string" required:"true" enum:"jobStatusType"` + JobStatus *string `type:"string" required:"true" enum:"JobStatusType"` // When IsTruncated is true, this element is present and contains the value // to use for the Marker parameter in a subsequent pagination request. @@ -22533,7 +22557,7 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct { // The status of the job. // // JobStatus is a required field - JobStatus *string `type:"string" required:"true" enum:"jobStatusType"` + JobStatus *string `type:"string" required:"true" enum:"JobStatusType"` // When IsTruncated is true, this element is present and contains the value // to use for the Marker parameter in a subsequent pagination request. @@ -25065,7 +25089,7 @@ type ListPoliciesInput struct { // // This parameter is optional. If it is not included, or if it is set to All, // all policies are returned. - Scope *string `type:"string" enum:"policyScopeType"` + Scope *string `type:"string" enum:"PolicyScopeType"` } // String returns the string representation @@ -26596,7 +26620,7 @@ type ListVirtualMFADevicesInput struct { // The status (Unassigned or Assigned) of the devices to list. If you do not // specify an AssignmentStatus, the operation defaults to Any, which lists both // assigned and unassigned virtual MFA devices., - AssignmentStatus *string `type:"string" enum:"assignmentStatusType"` + AssignmentStatus *string `type:"string" enum:"AssignmentStatusType"` // Use this parameter only when paginating results and only after you receive // a response indicating that the results are truncated. Set it to the value @@ -27138,6 +27162,38 @@ func (s *PasswordPolicy) SetRequireUppercaseCharacters(v bool) *PasswordPolicy { return s } +// Contains information about the effect that a permissions boundary has on +// a policy simulation when the boundary is applied to an IAM entity. +type PermissionsBoundaryDecisionDetail struct { + _ struct{} `type:"structure"` + + // Specifies whether an action is allowed by a permissions boundary that is + // applied to an IAM entity (user or role). A value of true means that the permissions + // boundary does not deny the action. This means that the policy includes an + // Allow statement that matches the request. In this case, if an identity-based + // policy also allows the action, the request is allowed. A value of false means + // that either the requested action is not allowed (implicitly denied) or that + // the action is explicitly denied by the permissions boundary. In both of these + // cases, the action is not allowed, regardless of the identity-based policy. + AllowedByPermissionsBoundary *bool `type:"boolean"` +} + +// String returns the string representation +func (s PermissionsBoundaryDecisionDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PermissionsBoundaryDecisionDetail) GoString() string { + return s.String() +} + +// SetAllowedByPermissionsBoundary sets the AllowedByPermissionsBoundary field's value. +func (s *PermissionsBoundaryDecisionDetail) SetAllowedByPermissionsBoundary(v bool) *PermissionsBoundaryDecisionDetail { + s.AllowedByPermissionsBoundary = &v + return s +} + // Contains information about a managed policy. // // This data type is used as a response element in the CreatePolicy, GetPolicy, @@ -27342,7 +27398,7 @@ type PolicyGrantingServiceAccess struct { // This field is null for managed policies. For more information about these // policy types, see Managed Policies and Inline Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) // in the IAM User Guide. - EntityType *string `type:"string" enum:"policyOwnerEntityType"` + EntityType *string `type:"string" enum:"PolicyOwnerEntityType"` // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. // @@ -27361,7 +27417,7 @@ type PolicyGrantingServiceAccess struct { // in the IAM User Guide. // // PolicyType is a required field - PolicyType *string `type:"string" required:"true" enum:"policyType"` + PolicyType *string `type:"string" required:"true" enum:"PolicyType"` } // String returns the string representation @@ -28465,11 +28521,10 @@ func (s *ResetServiceSpecificCredentialOutput) SetServiceSpecificCredential(v *S type ResourceSpecificResult struct { _ struct{} `type:"structure"` - // Additional details about the results of the evaluation decision. When there - // are both IAM policies and resource policies, this parameter explains how - // each set of policies contributes to the final evaluation decision. When simulating - // cross-account access to a resource, both the resource-based policy and the - // caller's IAM policy must grant access. + // Additional details about the results of the evaluation decision on a single + // resource. This parameter is returned only for cross-account simulations. + // This parameter explains how each policy type contributes to the resource-specific + // evaluation decision. EvalDecisionDetails map[string]*string `type:"map"` // The result of the simulation of the simulated API operation on the resource @@ -28499,6 +28554,10 @@ type ResourceSpecificResult struct { // the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy // or GetContextKeysForPrincipalPolicy. MissingContextValues []*string `type:"list"` + + // Contains information about the effect that a permissions boundary has on + // a policy simulation when that boundary is applied to an IAM entity. + PermissionsBoundaryDecisionDetail *PermissionsBoundaryDecisionDetail `type:"structure"` } // String returns the string representation @@ -28541,6 +28600,12 @@ func (s *ResourceSpecificResult) SetMissingContextValues(v []*string) *ResourceS return s } +// SetPermissionsBoundaryDecisionDetail sets the PermissionsBoundaryDecisionDetail field's value. +func (s *ResourceSpecificResult) SetPermissionsBoundaryDecisionDetail(v *PermissionsBoundaryDecisionDetail) *ResourceSpecificResult { + s.PermissionsBoundaryDecisionDetail = v + return s +} + type ResyncMFADeviceInput struct { _ struct{} `type:"structure"` @@ -29109,7 +29174,7 @@ type SSHPublicKey struct { // key cannot be used. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the SSH public key was uploaded. @@ -29183,7 +29248,7 @@ type SSHPublicKeyMetadata struct { // key cannot be used. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the SSH public key was uploaded. @@ -29494,7 +29559,7 @@ type ServiceSpecificCredential struct { // is valid for API calls, while Inactive means it is not. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user associated with the service-specific credential. // @@ -29583,7 +29648,7 @@ type ServiceSpecificCredentialMetadata struct { // is valid for API calls, while Inactive means it is not. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user associated with the service-specific credential. // @@ -29728,7 +29793,7 @@ type SetSecurityTokenServicePreferencesInput struct { // in the IAM User Guide. // // GlobalEndpointTokenVersion is a required field - GlobalEndpointTokenVersion *string `type:"string" required:"true" enum:"globalEndpointTokenVersion"` + GlobalEndpointTokenVersion *string `type:"string" required:"true" enum:"GlobalEndpointTokenVersion"` } // String returns the string representation @@ -29795,7 +29860,7 @@ type SigningCertificate struct { // for API calls, while Inactive means it is not. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The date when the signing certificate was uploaded. UploadDate *time.Time `type:"timestamp"` @@ -29888,6 +29953,27 @@ type SimulateCustomPolicyInput struct { // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` + // The IAM permissions boundary policy to simulate. The permissions boundary + // sets the maximum permissions that an IAM entity can have. You can input only + // one permissions boundary when you pass a policy to this operation. For more + // information about permissions boundaries, see Permissions Boundaries for + // IAM Entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + // in the IAM User Guide. The policy input is specified as a string that contains + // the complete, valid JSON text of a permissions boundary policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this + // parameter is a string of characters consisting of the following: + // + // * Any printable ASCII character ranging from the space character (\u0020) + // through the end of the ASCII character range + // + // * The printable characters in the Basic Latin and Latin-1 Supplement character + // set (through \u00FF) + // + // * The special characters tab (\u0009), line feed (\u000A), and carriage + // return (\u000D) + PermissionsBoundaryPolicyInputList []*string `type:"list"` + // A list of policy documents to include in the simulation. Each document is // specified as a string containing the complete, valid JSON text of an IAM // policy. Do not include any resource-based policies in this parameter. Any @@ -30079,6 +30165,12 @@ func (s *SimulateCustomPolicyInput) SetMaxItems(v int64) *SimulateCustomPolicyIn return s } +// SetPermissionsBoundaryPolicyInputList sets the PermissionsBoundaryPolicyInputList field's value. +func (s *SimulateCustomPolicyInput) SetPermissionsBoundaryPolicyInputList(v []*string) *SimulateCustomPolicyInput { + s.PermissionsBoundaryPolicyInputList = v + return s +} + // SetPolicyInputList sets the PolicyInputList field's value. func (s *SimulateCustomPolicyInput) SetPolicyInputList(v []*string) *SimulateCustomPolicyInput { s.PolicyInputList = v @@ -30210,6 +30302,30 @@ type SimulatePrincipalPolicyInput struct { // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` + // The IAM permissions boundary policy to simulate. The permissions boundary + // sets the maximum permissions that the entity can have. You can input only + // one permissions boundary when you pass a policy to this operation. An IAM + // entity can only have one permissions boundary in effect at a time. For example, + // if a permissions boundary is attached to an entity and you pass in a different + // permissions boundary policy using this parameter, then the new permission + // boundary policy is used for the simulation. For more information about permissions + // boundaries, see Permissions Boundaries for IAM Entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) + // in the IAM User Guide. The policy input is specified as a string containing + // the complete, valid JSON text of a permissions boundary policy. + // + // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this + // parameter is a string of characters consisting of the following: + // + // * Any printable ASCII character ranging from the space character (\u0020) + // through the end of the ASCII character range + // + // * The printable characters in the Basic Latin and Latin-1 Supplement character + // set (through \u00FF) + // + // * The special characters tab (\u0009), line feed (\u000A), and carriage + // return (\u000D) + PermissionsBoundaryPolicyInputList []*string `type:"list"` + // An optional list of additional policy documents to include in the simulation. // Each document is specified as a string containing the complete, valid JSON // text of an IAM policy. @@ -30402,6 +30518,12 @@ func (s *SimulatePrincipalPolicyInput) SetMaxItems(v int64) *SimulatePrincipalPo return s } +// SetPermissionsBoundaryPolicyInputList sets the PermissionsBoundaryPolicyInputList field's value. +func (s *SimulatePrincipalPolicyInput) SetPermissionsBoundaryPolicyInputList(v []*string) *SimulatePrincipalPolicyInput { + s.PermissionsBoundaryPolicyInputList = v + return s +} + // SetPolicyInputList sets the PolicyInputList field's value. func (s *SimulatePrincipalPolicyInput) SetPolicyInputList(v []*string) *SimulatePrincipalPolicyInput { s.PolicyInputList = v @@ -30894,7 +31016,7 @@ type UpdateAccessKeyInput struct { // cannot be used. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the user whose key you want to update. // @@ -31776,7 +31898,7 @@ type UpdateSSHPublicKeyInput struct { // that the key cannot be used. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user associated with the SSH public key. // @@ -31967,7 +32089,7 @@ type UpdateServiceSpecificCredentialInput struct { // The status to be assigned to the service-specific credential. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user associated with the service-specific credential. // If you do not specify this value, then the operation assumes the user whose @@ -32060,7 +32182,7 @@ type UpdateSigningCertificateInput struct { // be used. // // Status is a required field - Status *string `type:"string" required:"true" enum:"statusType"` + Status *string `type:"string" required:"true" enum:"StatusType"` // The name of the IAM user the signing certificate belongs to. // @@ -32938,6 +33060,17 @@ func (s *VirtualMFADevice) SetUser(v *User) *VirtualMFADevice { return s } +const ( + // AssignmentStatusTypeAssigned is a AssignmentStatusType enum value + AssignmentStatusTypeAssigned = "Assigned" + + // AssignmentStatusTypeUnassigned is a AssignmentStatusType enum value + AssignmentStatusTypeUnassigned = "Unassigned" + + // AssignmentStatusTypeAny is a AssignmentStatusType enum value + AssignmentStatusTypeAny = "Any" +) + const ( // ContextKeyTypeEnumString is a ContextKeyTypeEnum enum value ContextKeyTypeEnumString = "string" @@ -32990,6 +33123,14 @@ const ( DeletionTaskStatusTypeNotStarted = "NOT_STARTED" ) +const ( + // EncodingTypeSsh is a EncodingType enum value + EncodingTypeSsh = "SSH" + + // EncodingTypePem is a EncodingType enum value + EncodingTypePem = "PEM" +) + const ( // EntityTypeUser is a EntityType enum value EntityTypeUser = "User" @@ -33007,6 +33148,25 @@ const ( EntityTypeAwsmanagedPolicy = "AWSManagedPolicy" ) +const ( + // GlobalEndpointTokenVersionV1token is a GlobalEndpointTokenVersion enum value + GlobalEndpointTokenVersionV1token = "v1Token" + + // GlobalEndpointTokenVersionV2token is a GlobalEndpointTokenVersion enum value + GlobalEndpointTokenVersionV2token = "v2Token" +) + +const ( + // JobStatusTypeInProgress is a JobStatusType enum value + JobStatusTypeInProgress = "IN_PROGRESS" + + // JobStatusTypeCompleted is a JobStatusType enum value + JobStatusTypeCompleted = "COMPLETED" + + // JobStatusTypeFailed is a JobStatusType enum value + JobStatusTypeFailed = "FAILED" +) + const ( // PermissionsBoundaryAttachmentTypePermissionsBoundaryPolicy is a PermissionsBoundaryAttachmentType enum value PermissionsBoundaryAttachmentTypePermissionsBoundaryPolicy = "PermissionsBoundaryPolicy" @@ -33023,6 +33183,28 @@ const ( PolicyEvaluationDecisionTypeImplicitDeny = "implicitDeny" ) +const ( + // PolicyOwnerEntityTypeUser is a PolicyOwnerEntityType enum value + PolicyOwnerEntityTypeUser = "USER" + + // PolicyOwnerEntityTypeRole is a PolicyOwnerEntityType enum value + PolicyOwnerEntityTypeRole = "ROLE" + + // PolicyOwnerEntityTypeGroup is a PolicyOwnerEntityType enum value + PolicyOwnerEntityTypeGroup = "GROUP" +) + +const ( + // PolicyScopeTypeAll is a PolicyScopeType enum value + PolicyScopeTypeAll = "All" + + // PolicyScopeTypeAws is a PolicyScopeType enum value + PolicyScopeTypeAws = "AWS" + + // PolicyScopeTypeLocal is a PolicyScopeType enum value + PolicyScopeTypeLocal = "Local" +) + const ( // PolicySourceTypeUser is a PolicySourceType enum value PolicySourceTypeUser = "user" @@ -33046,6 +33228,14 @@ const ( PolicySourceTypeNone = "none" ) +const ( + // PolicyTypeInline is a PolicyType enum value + PolicyTypeInline = "INLINE" + + // PolicyTypeManaged is a PolicyType enum value + PolicyTypeManaged = "MANAGED" +) + // The policy usage type that indicates whether the policy is used as a permissions // policy or as the permissions boundary for an entity. // @@ -33077,171 +33267,103 @@ const ( ) const ( - // AssignmentStatusTypeAssigned is a assignmentStatusType enum value - AssignmentStatusTypeAssigned = "Assigned" - - // AssignmentStatusTypeUnassigned is a assignmentStatusType enum value - AssignmentStatusTypeUnassigned = "Unassigned" - - // AssignmentStatusTypeAny is a assignmentStatusType enum value - AssignmentStatusTypeAny = "Any" -) - -const ( - // EncodingTypeSsh is a encodingType enum value - EncodingTypeSsh = "SSH" - - // EncodingTypePem is a encodingType enum value - EncodingTypePem = "PEM" -) - -const ( - // GlobalEndpointTokenVersionV1token is a globalEndpointTokenVersion enum value - GlobalEndpointTokenVersionV1token = "v1Token" - - // GlobalEndpointTokenVersionV2token is a globalEndpointTokenVersion enum value - GlobalEndpointTokenVersionV2token = "v2Token" -) - -const ( - // JobStatusTypeInProgress is a jobStatusType enum value - JobStatusTypeInProgress = "IN_PROGRESS" - - // JobStatusTypeCompleted is a jobStatusType enum value - JobStatusTypeCompleted = "COMPLETED" - - // JobStatusTypeFailed is a jobStatusType enum value - JobStatusTypeFailed = "FAILED" -) - -const ( - // PolicyOwnerEntityTypeUser is a policyOwnerEntityType enum value - PolicyOwnerEntityTypeUser = "USER" - - // PolicyOwnerEntityTypeRole is a policyOwnerEntityType enum value - PolicyOwnerEntityTypeRole = "ROLE" - - // PolicyOwnerEntityTypeGroup is a policyOwnerEntityType enum value - PolicyOwnerEntityTypeGroup = "GROUP" -) - -const ( - // PolicyScopeTypeAll is a policyScopeType enum value - PolicyScopeTypeAll = "All" - - // PolicyScopeTypeAws is a policyScopeType enum value - PolicyScopeTypeAws = "AWS" - - // PolicyScopeTypeLocal is a policyScopeType enum value - PolicyScopeTypeLocal = "Local" -) - -const ( - // PolicyTypeInline is a policyType enum value - PolicyTypeInline = "INLINE" - - // PolicyTypeManaged is a policyType enum value - PolicyTypeManaged = "MANAGED" -) - -const ( - // SortKeyTypeServiceNamespaceAscending is a sortKeyType enum value + // SortKeyTypeServiceNamespaceAscending is a SortKeyType enum value SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING" - // SortKeyTypeServiceNamespaceDescending is a sortKeyType enum value + // SortKeyTypeServiceNamespaceDescending is a SortKeyType enum value SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING" - // SortKeyTypeLastAuthenticatedTimeAscending is a sortKeyType enum value + // SortKeyTypeLastAuthenticatedTimeAscending is a SortKeyType enum value SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING" - // SortKeyTypeLastAuthenticatedTimeDescending is a sortKeyType enum value + // SortKeyTypeLastAuthenticatedTimeDescending is a SortKeyType enum value SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING" ) const ( - // StatusTypeActive is a statusType enum value + // StatusTypeActive is a StatusType enum value StatusTypeActive = "Active" - // StatusTypeInactive is a statusType enum value + // StatusTypeInactive is a StatusType enum value StatusTypeInactive = "Inactive" ) const ( - // SummaryKeyTypeUsers is a summaryKeyType enum value + // SummaryKeyTypeUsers is a SummaryKeyType enum value SummaryKeyTypeUsers = "Users" - // SummaryKeyTypeUsersQuota is a summaryKeyType enum value + // SummaryKeyTypeUsersQuota is a SummaryKeyType enum value SummaryKeyTypeUsersQuota = "UsersQuota" - // SummaryKeyTypeGroups is a summaryKeyType enum value + // SummaryKeyTypeGroups is a SummaryKeyType enum value SummaryKeyTypeGroups = "Groups" - // SummaryKeyTypeGroupsQuota is a summaryKeyType enum value + // SummaryKeyTypeGroupsQuota is a SummaryKeyType enum value SummaryKeyTypeGroupsQuota = "GroupsQuota" - // SummaryKeyTypeServerCertificates is a summaryKeyType enum value + // SummaryKeyTypeServerCertificates is a SummaryKeyType enum value SummaryKeyTypeServerCertificates = "ServerCertificates" - // SummaryKeyTypeServerCertificatesQuota is a summaryKeyType enum value + // SummaryKeyTypeServerCertificatesQuota is a SummaryKeyType enum value SummaryKeyTypeServerCertificatesQuota = "ServerCertificatesQuota" - // SummaryKeyTypeUserPolicySizeQuota is a summaryKeyType enum value + // SummaryKeyTypeUserPolicySizeQuota is a SummaryKeyType enum value SummaryKeyTypeUserPolicySizeQuota = "UserPolicySizeQuota" - // SummaryKeyTypeGroupPolicySizeQuota is a summaryKeyType enum value + // SummaryKeyTypeGroupPolicySizeQuota is a SummaryKeyType enum value SummaryKeyTypeGroupPolicySizeQuota = "GroupPolicySizeQuota" - // SummaryKeyTypeGroupsPerUserQuota is a summaryKeyType enum value + // SummaryKeyTypeGroupsPerUserQuota is a SummaryKeyType enum value SummaryKeyTypeGroupsPerUserQuota = "GroupsPerUserQuota" - // SummaryKeyTypeSigningCertificatesPerUserQuota is a summaryKeyType enum value + // SummaryKeyTypeSigningCertificatesPerUserQuota is a SummaryKeyType enum value SummaryKeyTypeSigningCertificatesPerUserQuota = "SigningCertificatesPerUserQuota" - // SummaryKeyTypeAccessKeysPerUserQuota is a summaryKeyType enum value + // SummaryKeyTypeAccessKeysPerUserQuota is a SummaryKeyType enum value SummaryKeyTypeAccessKeysPerUserQuota = "AccessKeysPerUserQuota" - // SummaryKeyTypeMfadevices is a summaryKeyType enum value + // SummaryKeyTypeMfadevices is a SummaryKeyType enum value SummaryKeyTypeMfadevices = "MFADevices" - // SummaryKeyTypeMfadevicesInUse is a summaryKeyType enum value + // SummaryKeyTypeMfadevicesInUse is a SummaryKeyType enum value SummaryKeyTypeMfadevicesInUse = "MFADevicesInUse" - // SummaryKeyTypeAccountMfaenabled is a summaryKeyType enum value + // SummaryKeyTypeAccountMfaenabled is a SummaryKeyType enum value SummaryKeyTypeAccountMfaenabled = "AccountMFAEnabled" - // SummaryKeyTypeAccountAccessKeysPresent is a summaryKeyType enum value + // SummaryKeyTypeAccountAccessKeysPresent is a SummaryKeyType enum value SummaryKeyTypeAccountAccessKeysPresent = "AccountAccessKeysPresent" - // SummaryKeyTypeAccountSigningCertificatesPresent is a summaryKeyType enum value + // SummaryKeyTypeAccountSigningCertificatesPresent is a SummaryKeyType enum value SummaryKeyTypeAccountSigningCertificatesPresent = "AccountSigningCertificatesPresent" - // SummaryKeyTypeAttachedPoliciesPerGroupQuota is a summaryKeyType enum value + // SummaryKeyTypeAttachedPoliciesPerGroupQuota is a SummaryKeyType enum value SummaryKeyTypeAttachedPoliciesPerGroupQuota = "AttachedPoliciesPerGroupQuota" - // SummaryKeyTypeAttachedPoliciesPerRoleQuota is a summaryKeyType enum value + // SummaryKeyTypeAttachedPoliciesPerRoleQuota is a SummaryKeyType enum value SummaryKeyTypeAttachedPoliciesPerRoleQuota = "AttachedPoliciesPerRoleQuota" - // SummaryKeyTypeAttachedPoliciesPerUserQuota is a summaryKeyType enum value + // SummaryKeyTypeAttachedPoliciesPerUserQuota is a SummaryKeyType enum value SummaryKeyTypeAttachedPoliciesPerUserQuota = "AttachedPoliciesPerUserQuota" - // SummaryKeyTypePolicies is a summaryKeyType enum value + // SummaryKeyTypePolicies is a SummaryKeyType enum value SummaryKeyTypePolicies = "Policies" - // SummaryKeyTypePoliciesQuota is a summaryKeyType enum value + // SummaryKeyTypePoliciesQuota is a SummaryKeyType enum value SummaryKeyTypePoliciesQuota = "PoliciesQuota" - // SummaryKeyTypePolicySizeQuota is a summaryKeyType enum value + // SummaryKeyTypePolicySizeQuota is a SummaryKeyType enum value SummaryKeyTypePolicySizeQuota = "PolicySizeQuota" - // SummaryKeyTypePolicyVersionsInUse is a summaryKeyType enum value + // SummaryKeyTypePolicyVersionsInUse is a SummaryKeyType enum value SummaryKeyTypePolicyVersionsInUse = "PolicyVersionsInUse" - // SummaryKeyTypePolicyVersionsInUseQuota is a summaryKeyType enum value + // SummaryKeyTypePolicyVersionsInUseQuota is a SummaryKeyType enum value SummaryKeyTypePolicyVersionsInUseQuota = "PolicyVersionsInUseQuota" - // SummaryKeyTypeVersionsPerPolicyQuota is a summaryKeyType enum value + // SummaryKeyTypeVersionsPerPolicyQuota is a SummaryKeyType enum value SummaryKeyTypeVersionsPerPolicyQuota = "VersionsPerPolicyQuota" - // SummaryKeyTypeGlobalEndpointTokenVersion is a summaryKeyType enum value + // SummaryKeyTypeGlobalEndpointTokenVersion is a SummaryKeyType enum value SummaryKeyTypeGlobalEndpointTokenVersion = "GlobalEndpointTokenVersion" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/service.go b/vendor/github.com/aws/aws-sdk-go/service/iam/service.go index e2a74d28d3..6e5d371393 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "iam" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "IAM" // ServiceID is a unique identifer of a specific service. + ServiceID = "IAM" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the IAM client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index d1375b2260..725da92064 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -58,16 +58,15 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // CancelKeyDeletion API operation for AWS Key Management Service. // // Cancels the deletion of a customer master key (CMK). When this operation -// is successful, the CMK is set to the Disabled state. To enable a CMK, use -// EnableKey. You cannot perform this operation on a CMK in a different AWS -// account. +// succeeds, the key state of the CMK is Disabled. To enable the CMK, use EnableKey. +// You cannot perform this operation on a CMK in a different AWS account. // // For more information about scheduling and canceling deletion of a CMK, see // Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -77,30 +76,30 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // See the AWS API reference guide for AWS Key Management Service's // API operation CancelKeyDeletion for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { @@ -180,7 +179,9 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // at least one active HSM. To get the number of active HSMs in a cluster, use // the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. +// operation. Also, the kmsuser crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// (CU) must not be logged into the cluster. This prevents AWS KMS from using +// this account to log in. // // The connection process can take an extended amount of time to complete; up // to 20 minutes. This operation starts the connection process, but it does @@ -193,8 +194,7 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // During the connection process, AWS KMS finds the AWS CloudHSM cluster that // is associated with the custom key store, creates the connection infrastructure, // connects to the cluster, logs into the AWS CloudHSM client as the kmsuser -// crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// (CU), and rotates its password. +// CU, and rotates its password. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -215,15 +215,15 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // See the AWS API reference guide for AWS Key Management Service's // API operation ConnectCustomKeyStore for usage and error information. // -// Returned Error Codes: -// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" +// Returned Error Types: +// * CloudHsmClusterNotActiveException // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -242,15 +242,15 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" +// * CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // @@ -350,32 +350,68 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // // Creates a display name for a customer managed customer master key (CMK). -// You can use an alias to identify a CMK in selected operations, such as Encrypt -// and GenerateDataKey. +// You can use an alias to identify a CMK in cryptographic operations, such +// as Encrypt and GenerateDataKey. You can change the CMK associated with the +// alias at any time. // -// Each CMK can have multiple aliases, but each alias points to only one CMK. -// The alias name must be unique in the AWS account and region. To simplify -// code that runs in multiple regions, use the same alias name, but point it -// to a different CMK in each region. +// Aliases are easier to remember than key IDs. They can also help to simplify +// your applications. For example, if you use an alias in your code, you can +// change the CMK your code uses by associating a given alias with a different +// CMK. +// +// To run the same code in multiple AWS regions, use an alias in your code, +// such as alias/ApplicationKey. Then, in each AWS Region, create an alias/ApplicationKey +// alias that is associated with a CMK in that Region. When you run your code, +// it uses the alias/ApplicationKey CMK for that AWS Region without any Region-specific +// code. +// +// This operation does not return a response. To get the alias that you created, +// use the ListAliases operation. +// +// To use aliases successfully, be aware of the following information. +// +// * Each alias points to only one CMK at a time, although a single CMK can +// have multiple aliases. The alias and its associated CMK must be in the +// same AWS account and Region. +// +// * You can associate an alias with any customer managed CMK in the same +// AWS account and Region. However, you do not have permission to associate +// an alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) +// or an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk). +// +// * To change the CMK associated with an alias, use the UpdateAlias operation. +// The current CMK and the new CMK must be the same type (both symmetric +// or both asymmetric) and they must have the same key usage (ENCRYPT_DECRYPT +// or SIGN_VERIFY). This restriction prevents cryptographic errors in code +// that uses aliases. +// +// * The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. +// It can contain only alphanumeric characters, forward slashes (/), underscores +// (_), and dashes (-). The alias name cannot begin with alias/aws/. The +// alias/aws/ prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// +// * The alias name must be unique within an AWS Region. However, you can +// use the same alias name in multiple Regions of the same AWS account. Each +// instance of the alias is associated with a CMK in its Region. +// +// * After you create an alias, you cannot change its alias name. However, +// you can use the DeleteAlias operation to delete the alias and then create +// a new alias with the desired name. +// +// * You can use an alias name or alias ARN to identify a CMK in AWS KMS +// cryptographic operations and in the DescribeKey operation. However, you +// cannot use alias names or alias ARNs in API operations that manage CMKs, +// such as DisableKey or GetKeyPolicy. For information about the valid CMK +// identifiers for each AWS KMS API operation, see the descriptions of the +// KeyId parameter in the API operation documentation. // // Because an alias is not a property of a CMK, you can delete and change the // aliases of a CMK without affecting the CMK. Also, aliases do not appear in -// the response from the DescribeKey operation. To get the aliases of all CMKs, -// use the ListAliases operation. +// the response from the DescribeKey operation. To get the aliases and alias +// ARNs of CMKs in each AWS account and Region, use the ListAliases operation. // -// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. -// It can contain only alphanumeric characters, forward slashes (/), underscores -// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ -// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). -// -// The alias and the CMK it is mapped to must be in the same AWS account and -// the same region. You cannot perform this operation on an alias in a different -// AWS account. -// -// To map an existing alias to a different CMK, call UpdateAlias. -// -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -385,38 +421,38 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation CreateAlias for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeAlreadyExistsException "AlreadyExistsException" +// * AlreadyExistsException // The request was rejected because it attempted to create a resource that already // exists. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidAliasNameException "InvalidAliasNameException" +// * InvalidAliasNameException // The request was rejected because the specified alias name is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { @@ -515,8 +551,8 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // See the AWS API reference guide for AWS Key Management Service's // API operation CreateCustomKeyStore for usage and error information. // -// Returned Error Codes: -// * ErrCodeCloudHsmClusterInUseException "CloudHsmClusterInUseException" +// Returned Error Types: +// * CloudHsmClusterInUseException // The request was rejected because the specified AWS CloudHSM cluster is already // associated with a custom key store or it shares a backup history with a cluster // that is associated with a custom key store. Each custom key store must be @@ -526,28 +562,28 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // -// * ErrCodeCustomKeyStoreNameInUseException "CustomKeyStoreNameInUseException" +// * CustomKeyStoreNameInUseException // The request was rejected because the specified custom key store name is already // assigned to another custom key store in the account. Try again with a custom // key store name that is unique in the account. // -// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" +// * CloudHsmClusterNotFoundException // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster // with the specified cluster ID. Retry the request with a different cluster // ID. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" +// * CloudHsmClusterNotActiveException // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // -// * ErrCodeIncorrectTrustAnchorException "IncorrectTrustAnchorException" +// * IncorrectTrustAnchorException // The request was rejected because the trust anchor certificate in the request // is not the trust anchor certificate for the specified AWS CloudHSM cluster. // @@ -555,7 +591,7 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // you create the trust anchor certificate and save it in the customerCA.crt // file. // -// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" +// * CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // @@ -657,17 +693,44 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // principal to use the CMK when the conditions specified in the grant are met. // When setting permissions, grants are an alternative to key policies. // -// To create a grant that allows a cryptographic operation only when the encryption -// context in the operation request matches or includes a specified encryption -// context, use the Constraints parameter. For details, see GrantConstraints. +// To create a grant that allows a cryptographic operation only when the request +// includes a particular encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context), +// use the Constraints parameter. For details, see GrantConstraints. +// +// You can create grants on symmetric and asymmetric CMKs. However, if the grant +// allows an operation that the CMK does not support, CreateGrant fails with +// a ValidationException. +// +// * Grants for symmetric CMKs cannot allow operations that are not supported +// for symmetric CMKs, including Sign, Verify, and GetPublicKey. (There are +// limited exceptions to this rule for legacy operations, but you should +// not create a grant for an operation that AWS KMS does not support.) +// +// * Grants for asymmetric CMKs cannot allow operations that are not supported +// for asymmetric CMKs, including operations that generate data keys (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey) +// or data key pairs (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair), +// or operations related to automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html), +// imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or CMKs in custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// +// * Grants for asymmetric CMKs with a KeyUsage of ENCRYPT_DECRYPT cannot +// allow the Sign or Verify operations. Grants for asymmetric CMKs with a +// KeyUsage of SIGN_VERIFY cannot allow the Encrypt or Decrypt operations. +// +// * Grants for asymmetric CMKs cannot include an encryption context grant +// constraint. An encryption context is not supported on asymmetric CMKs. +// +// For information about symmetric and asymmetric CMKs, see Using Symmetric +// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. For more information about grants, // see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) // in the AWS Key Management Service Developer Guide . // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -677,41 +740,41 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation CreateGrant for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { @@ -779,23 +842,68 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // -// Creates a customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) -// (CMK) in your AWS account. +// Creates a unique customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys) +// (CMK) in your AWS account and Region. You cannot use this operation to create +// a CMK in a different AWS account. // -// You can use a CMK to encrypt small amounts of data (up to 4096 bytes) directly. -// But CMKs are more commonly used to encrypt the data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) -// that are used to encrypt data. +// You can use the CreateKey operation to create symmetric or asymmetric CMKs. // -// To create a CMK for imported key material, use the Origin parameter with -// a value of EXTERNAL. +// * Symmetric CMKs contain a 256-bit symmetric key that never leaves AWS +// KMS unencrypted. To use the CMK, you must call AWS KMS. You can use a +// symmetric CMK to encrypt and decrypt small amounts of data, but they are +// typically used to generate data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) +// and data keys pairs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs). +// For details, see GenerateDataKey and GenerateDataKeyPair. // -// To create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), +// * Asymmetric CMKs can contain an RSA key pair or an Elliptic Curve (ECC) +// key pair. The private key in an asymmetric CMK never leaves AWS KMS unencrypted. +// However, you can use the GetPublicKey operation to download the public +// key so it can be used outside of AWS KMS. CMKs with RSA key pairs can +// be used to encrypt or decrypt data or sign and verify messages (but not +// both). CMKs with ECC key pairs can be used only to sign and verify messages. +// +// For information about symmetric and asymmetric CMKs, see Using Symmetric +// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. +// +// To create different types of CMKs, use the following guidance: +// +// Asymmetric CMKs +// +// To create an asymmetric CMK, use the CustomerMasterKeySpec parameter to specify +// the type of key material in the CMK. Then, use the KeyUsage parameter to +// determine whether the CMK will be used to encrypt and decrypt or sign and +// verify. You can't change these properties after the CMK is created. +// +// Symmetric CMKs +// +// When creating a symmetric CMK, you don't need to specify the CustomerMasterKeySpec +// or KeyUsage parameters. The default value for CustomerMasterKeySpec, SYMMETRIC_DEFAULT, +// and the default value for KeyUsage, ENCRYPT_DECRYPT, are the only valid values +// for symmetric CMKs. +// +// Imported Key Material +// +// To import your own key material, begin by creating a symmetric CMK with no +// key material. To do this, use the Origin parameter of CreateKey with a value +// of EXTERNAL. Next, use GetParametersForImport operation to get a public key +// and import token, and use the public key to encrypt your key material. Then, +// use ImportKeyMaterial with your import token to import the key material. +// For step-by-step instructions, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// in the AWS Key Management Service Developer Guide . You cannot import the +// key material into an asymmetric CMK. +// +// Custom Key Stores +// +// To create a symmetric CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // use the CustomKeyStoreId parameter to specify the custom key store. You must // also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM // cluster that is associated with the custom key store must have at least two // active HSMs in different Availability Zones in the AWS Region. // -// You cannot use this operation to create a CMK in a different AWS account. +// You cannot create an asymmetric CMK in a custom key store. For information +// about custom key stores in AWS KMS see Using Custom Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// in the AWS Key Management Service Developer Guide . // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -804,40 +912,40 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // See the AWS API reference guide for AWS Key Management Service's // API operation CreateKey for usage and error information. // -// Returned Error Codes: -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// Returned Error Types: +// * MalformedPolicyDocumentException // The request was rejected because the specified policy is not syntactically // or semantically correct. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeTagException "TagException" +// * TagException // The request was rejected because one or more tags are not valid. // -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -856,7 +964,7 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // -// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" +// * CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // @@ -954,25 +1062,51 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // Decrypt API operation for AWS Key Management Service. // -// Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted -// by using any of the following operations: -// -// * GenerateDataKey -// -// * GenerateDataKeyWithoutPlaintext +// Decrypts ciphertext that was encrypted by a AWS KMS customer master key (CMK) +// using any of the following operations: // // * Encrypt // -// Whenever possible, use key policies to give users permission to call the -// Decrypt operation on the CMK, instead of IAM policies. Otherwise, you might -// create an IAM user policy that gives the user Decrypt permission on all CMKs. -// This user could decrypt ciphertext that was encrypted by CMKs in other accounts -// if the key policy for the cross-account CMK permits it. If you must use an -// IAM policy for Decrypt permissions, limit the user to particular CMKs or -// particular trusted accounts. +// * GenerateDataKey // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// * GenerateDataKeyPair +// +// * GenerateDataKeyWithoutPlaintext +// +// * GenerateDataKeyPairWithoutPlaintext +// +// You can use this operation to decrypt ciphertext that was encrypted under +// a symmetric or asymmetric CMK. When the CMK is asymmetric, you must specify +// the CMK and the encryption algorithm that was used to encrypt the ciphertext. +// For information about symmetric and asymmetric CMKs, see Using Symmetric +// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. +// +// The Decrypt operation also decrypts ciphertext that was encrypted outside +// of AWS KMS by the public key in an AWS KMS asymmetric CMK. However, it cannot +// decrypt ciphertext produced by other libraries, such as the AWS Encryption +// SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). +// These libraries return a ciphertext format that is incompatible with AWS +// KMS. +// +// If the ciphertext was encrypted under a symmetric CMK, you do not need to +// specify the CMK or the encryption algorithm. AWS KMS can get this information +// from metadata that it adds to the symmetric ciphertext blob. However, if +// you prefer, you can specify the KeyId to ensure that a particular CMK is +// used to decrypt the ciphertext. If you specify a different CMK than the one +// used to encrypt the ciphertext, the Decrypt operation fails. +// +// Whenever possible, use key policies to give users permission to call the +// Decrypt operation on a particular CMK, instead of using IAM policies. Otherwise, +// you might create an IAM user policy that gives the user Decrypt permission +// on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs +// in other accounts if the key policy for the cross-account CMK permits it. +// If you must use an IAM policy for Decrypt permissions, limit the user to +// particular CMKs or particular trusted accounts. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -982,41 +1116,65 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // See the AWS API reference guide for AWS Key Management Service's // API operation Decrypt for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" -// The request was rejected because the specified ciphertext, or additional -// authenticated data incorporated into the ciphertext, such as the encryption -// context, is corrupted, missing, or otherwise invalid. +// * InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. // -// * ErrCodeKeyUnavailableException "KeyUnavailableException" -// The request was rejected because the specified CMK was not available. The -// request can be retried. +// From the ImportKeyMaterial operation, the request was rejected because AWS +// KMS could not decrypt the encrypted (wrapped) key material. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * IncorrectKeyException +// The request was rejected because the specified CMK cannot decrypt the data. +// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same CMK that was used to encrypt the ciphertext. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { @@ -1104,26 +1262,26 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteAlias for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { @@ -1229,14 +1387,14 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteCustomKeyStore for usage and error information. // -// Returned Error Codes: -// * ErrCodeCustomKeyStoreHasCMKsException "CustomKeyStoreHasCMKsException" +// Returned Error Types: +// * CustomKeyStoreHasCMKsException // The request was rejected because the custom key store contains AWS KMS customer // master keys (CMKs). After verifying that you do not need to use the CMKs, // use the ScheduleKeyDeletion operation to delete the CMKs. After they are // deleted, you can delete the custom key store. // -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -1255,11 +1413,11 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // @@ -1342,8 +1500,8 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // After you delete key material, you can use ImportKeyMaterial to reimport // the same key material into the CMK. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1353,34 +1511,34 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteImportedKeyMaterial for usage and error information. // -// Returned Error Codes: -// * ErrCodeInvalidArnException "InvalidArnException" +// Returned Error Types: +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { @@ -1483,12 +1641,12 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // See the AWS API reference guide for AWS Key Management Service's // API operation DescribeCustomKeyStores for usage and error information. // -// Returned Error Codes: -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// Returned Error Types: +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // @@ -1558,12 +1716,38 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // DescribeKey API operation for AWS Key Management Service. // -// Provides detailed information about the specified customer master key (CMK). +// Provides detailed information about a customer master key (CMK). You can +// run DescribeKey on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) +// or an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // -// You can use DescribeKey on a predefined AWS alias, that is, an AWS alias -// with no key ID. When you do, AWS KMS associates the alias with an AWS managed -// CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) -// and returns its KeyId and Arn in the response. +// This detailed information includes the key ARN, creation date (and deletion +// date, if applicable), the key state, and the origin and expiration date (if +// any) of the key material. For CMKs in custom key stores, it includes information +// about the custom key store, such as the key store ID and the AWS CloudHSM +// cluster ID. It includes fields, like KeySpec, that help you distinguish symmetric +// from asymmetric CMKs. It also provides information that is particularly important +// to asymmetric CMKs, such as the key usage (encryption or signing) and the +// encryption algorithms or signing algorithms that the CMK supports. +// +// DescribeKey does not return the following information: +// +// * Aliases associated with the CMK. To get this information, use ListAliases. +// +// * Whether automatic key rotation is enabled on the CMK. To get this information, +// use GetKeyRotationStatus. Also, some key states prevent a CMK from being +// automatically rotated. For details, see How Automatic Key Rotation Works +// (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works) +// in AWS Key Management Service Developer Guide. +// +// * Tags on the CMK. To get this information, use ListResourceTags. +// +// * Key policies and grants on the CMK. To get this information, use GetKeyPolicy +// and ListGrants. +// +// If you call the DescribeKey operation on a predefined AWS alias, that is, +// an AWS alias with no key ID, AWS KMS creates an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). +// Then, it associates the alias with the new CMK, and returns the KeyId and +// Arn of the new CMK in the response. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN or alias ARN in the value of the KeyId parameter. @@ -1575,20 +1759,20 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation DescribeKey for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // @@ -1667,8 +1851,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide . // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1678,30 +1862,30 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // See the AWS API reference guide for AWS Key Management Service's // API operation DisableKey for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { @@ -1771,11 +1955,14 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // DisableKeyRotation API operation for AWS Key Management Service. // // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified customer master key (CMK). You cannot perform this operation -// on a CMK in a different AWS account. +// for the specified symmetric customer master key (CMK). // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported +// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot perform this operation on a CMK in a different AWS account. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1785,35 +1972,35 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // See the AWS API reference guide for AWS Key Management Service's // API operation DisableKeyRotation for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // @@ -1912,8 +2099,8 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // See the AWS API reference guide for AWS Key Management Service's // API operation DisconnectCustomKeyStore for usage and error information. // -// Returned Error Codes: -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// Returned Error Types: +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -1932,11 +2119,11 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // @@ -2011,8 +2198,8 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // you to use the CMK for cryptographic operations. You cannot perform this // operation on a CMK in a different AWS account. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2022,35 +2209,35 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // See the AWS API reference guide for AWS Key Management Service's // API operation EnableKey for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { @@ -2120,14 +2307,14 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified customer master key (CMK). You cannot perform this operation -// on a CMK in a different AWS account. +// for the specified symmetric customer master key (CMK). You cannot perform +// this operation on a CMK in a different AWS account. // -// You cannot enable automatic rotation of CMKs with imported key material or -// CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported +// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2137,35 +2324,35 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // See the AWS API reference guide for AWS Key Management Service's // API operation EnableKeyRotation for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // @@ -2238,8 +2425,8 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // Encrypts plaintext into ciphertext by using a customer master key (CMK). // The Encrypt operation has two primary use cases: // -// * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such -// as an RSA key, a database password, or other sensitive information. +// * You can encrypt small amounts of arbitrary data, such as a personal +// identifier or database password, or other sensitive information. // // * You can use the Encrypt operation to move encrypted data from one AWS // region to another. In the first region, generate a data key and use the @@ -2248,16 +2435,50 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // data and encrypted data key to the new region, and decrypt in the new // region when necessary. // -// You don't need use this operation to encrypt a data key within a region. -// The GenerateDataKey and GenerateDataKeyWithoutPlaintext operations return -// an encrypted data key. +// You don't need to use the Encrypt operation to encrypt a data key. The GenerateDataKey +// and GenerateDataKeyPair operations return a plaintext data key and an encrypted +// copy of that data key. // -// Also, you don't need to use this operation to encrypt data in your application. -// You can use the plaintext and encrypted data keys that the GenerateDataKey -// operation returns. +// When you encrypt data, you must specify a symmetric or asymmetric CMK to +// use in the encryption operation. The CMK must have a KeyUsage value of ENCRYPT_DECRYPT. +// To find the KeyUsage of a CMK, use the DescribeKey operation. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// If you use a symmetric CMK, you can use an encryption context to add additional +// security to your encryption operation. If you specify an EncryptionContext +// when encrypting data, you must specify the same encryption context (a case-sensitive +// exact match) when decrypting the data. Otherwise, the request to decrypt +// fails with an InvalidCiphertextException. For more information, see Encryption +// Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide. +// +// If you specify an asymmetric CMK, you must also specify the encryption algorithm. +// The algorithm must be compatible with the CMK type. +// +// When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record +// the CMK and encryption algorithm that you choose. You will be required to +// provide the same CMK and encryption algorithm when you decrypt the data. +// If the CMK and algorithm do not match the values used to encrypt the data, +// the decrypt operation fails. +// +// You are not required to supply the CMK ID and encryption algorithm when you +// decrypt with symmetric CMKs because AWS KMS stores this information in the +// ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with +// asymmetric keys. The standard format for asymmetric key ciphertext does not +// include configurable fields. +// +// The maximum size of the data that you can encrypt varies with the type of +// CMK and the encryption algorithm that you choose. +// +// * Symmetric CMKs SYMMETRIC_DEFAULT: 4096 bytes +// +// * RSA_2048 RSAES_OAEP_SHA_1: 214 bytes RSAES_OAEP_SHA_256: 190 bytes +// +// * RSA_3072 RSAES_OAEP_SHA_1: 342 bytes RSAES_OAEP_SHA_256: 318 bytes +// +// * RSA_4096 RSAES_OAEP_SHA_1: 470 bytes RSAES_OAEP_SHA_256: 446 bytes +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // To perform this operation on a CMK in a different AWS account, specify the @@ -2270,39 +2491,51 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // See the AWS API reference guide for AWS Key Management Service's // API operation Encrypt for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeKeyUnavailableException "KeyUnavailableException" -// The request was rejected because the specified CMK was not available. The -// request can be retried. +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" -// The request was rejected because the specified KeySpec value is not valid. +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { @@ -2370,26 +2603,43 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // GenerateDataKey API operation for AWS Key Management Service. // -// Generates a unique data key. This operation returns a plaintext copy of the -// data key and a copy that is encrypted under a customer master key (CMK) that -// you specify. You can use the plaintext key to encrypt your data outside of -// KMS and store the encrypted data key with the encrypted data. +// Generates a unique symmetric data key. This operation returns a plaintext +// copy of the data key and a copy that is encrypted under a customer master +// key (CMK) that you specify. You can use the plaintext key to encrypt your +// data outside of AWS KMS and store the encrypted data key with the encrypted +// data. // // GenerateDataKey returns a unique data key for each request. The bytes in // the key are not related to the caller or CMK that is used to encrypt the // data key. // -// To generate a data key, you need to specify the customer master key (CMK) -// that will be used to encrypt the data key. You must also specify the length -// of the data key using either the KeySpec or NumberOfBytes field (but not -// both). For common key lengths (128-bit and 256-bit symmetric keys), we recommend -// that you use KeySpec. To perform this operation on a CMK in a different AWS -// account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// To generate a data key, specify the symmetric CMK that will be used to encrypt +// the data key. You cannot use an asymmetric CMK to generate data keys. To +// get the type of your CMK, use the DescribeKey operation. // -// You will find the plaintext copy of the data key in the Plaintext field of -// the response, and the encrypted copy of the data key in the CiphertextBlob +// You must also specify the length of the data key. Use either the KeySpec +// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data +// keys, use the KeySpec parameter. +// +// If the operation succeeds, the plaintext copy of the data key is in the Plaintext +// field of the response, and the encrypted copy of the data key in the CiphertextBlob // field. // +// To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. +// To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext +// operation. To get a cryptographically secure random byte string, use GenerateRandom. +// +// You can use the optional encryption context to add additional security to +// the encryption operation. If you specify an EncryptionContext, you must specify +// the same encryption context (a case-sensitive exact match) when decrypting +// the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. +// For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// // We recommend that you use the following pattern to encrypt data locally in // your application: // @@ -2409,21 +2659,6 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // Use the plaintext data key to decrypt data locally, then erase the plaintext // data key from memory. // -// To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. -// To get a cryptographically secure random byte string, use GenerateRandom. -// -// You can use the optional encryption context to add additional security to -// your encryption operation. When you specify an EncryptionContext in the GenerateDataKey -// operation, you must specify the same encryption context (a case-sensitive -// exact match) in your request to Decrypt the data key. Otherwise, the request -// to decrypt fails with an InvalidCiphertextException. For more information, -// see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) -// in the AWS Key Management Service Developer Guide . -// -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2431,39 +2666,51 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateDataKey for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeKeyUnavailableException "KeyUnavailableException" -// The request was rejected because the specified CMK was not available. The -// request can be retried. +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" -// The request was rejected because the specified KeySpec value is not valid. +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { @@ -2487,6 +2734,312 @@ func (c *KMS) GenerateDataKeyWithContext(ctx aws.Context, input *GenerateDataKey return out, req.Send() } +const opGenerateDataKeyPair = "GenerateDataKeyPair" + +// GenerateDataKeyPairRequest generates a "aws/request.Request" representing the +// client's request for the GenerateDataKeyPair operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateDataKeyPair for more information on using the GenerateDataKeyPair +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GenerateDataKeyPairRequest method. +// req, resp := client.GenerateDataKeyPairRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPair +func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req *request.Request, output *GenerateDataKeyPairOutput) { + op := &request.Operation{ + Name: opGenerateDataKeyPair, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyPairInput{} + } + + output = &GenerateDataKeyPairOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateDataKeyPair API operation for AWS Key Management Service. +// +// Generates a unique asymmetric data key pair. The GenerateDataKeyPair operation +// returns a plaintext public key, a plaintext private key, and a copy of the +// private key that is encrypted under the symmetric CMK you specify. You can +// use the data key pair to perform asymmetric cryptography outside of AWS KMS. +// +// GenerateDataKeyPair returns a unique data key pair for each request. The +// bytes in the keys are not related to the caller or the CMK that is used to +// encrypt the private key. +// +// You can use the public key that GenerateDataKeyPair returns to encrypt data +// or verify a signature outside of AWS KMS. Then, store the encrypted private +// key with the data. When you are ready to decrypt data or sign a message, +// you can use the Decrypt operation to decrypt the encrypted private key. +// +// To generate a data key pair, you must specify a symmetric customer master +// key (CMK) to encrypt the private key in a data key pair. You cannot use an +// asymmetric CMK. To get the type of your CMK, use the DescribeKey operation. +// +// If you are using the data key pair to encrypt data, or for any operation +// where you don't immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext +// operation. GenerateDataKeyPairWithoutPlaintext returns a plaintext public +// key and an encrypted private key, but omits the plaintext private key that +// you need only to decrypt ciphertext or sign a message. Later, when you need +// to decrypt the data or sign a message, use the Decrypt operation to decrypt +// the encrypted private key in the data key pair. +// +// You can use the optional encryption context to add additional security to +// the encryption operation. If you specify an EncryptionContext, you must specify +// the same encryption context (a case-sensitive exact match) when decrypting +// the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. +// For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateDataKeyPair for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPair +func (c *KMS) GenerateDataKeyPair(input *GenerateDataKeyPairInput) (*GenerateDataKeyPairOutput, error) { + req, out := c.GenerateDataKeyPairRequest(input) + return out, req.Send() +} + +// GenerateDataKeyPairWithContext is the same as GenerateDataKeyPair with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateDataKeyPair for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) GenerateDataKeyPairWithContext(ctx aws.Context, input *GenerateDataKeyPairInput, opts ...request.Option) (*GenerateDataKeyPairOutput, error) { + req, out := c.GenerateDataKeyPairRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGenerateDataKeyPairWithoutPlaintext = "GenerateDataKeyPairWithoutPlaintext" + +// GenerateDataKeyPairWithoutPlaintextRequest generates a "aws/request.Request" representing the +// client's request for the GenerateDataKeyPairWithoutPlaintext operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateDataKeyPairWithoutPlaintext for more information on using the GenerateDataKeyPairWithoutPlaintext +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GenerateDataKeyPairWithoutPlaintextRequest method. +// req, resp := client.GenerateDataKeyPairWithoutPlaintextRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairWithoutPlaintext +func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyPairWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyPairWithoutPlaintextOutput) { + op := &request.Operation{ + Name: opGenerateDataKeyPairWithoutPlaintext, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateDataKeyPairWithoutPlaintextInput{} + } + + output = &GenerateDataKeyPairWithoutPlaintextOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateDataKeyPairWithoutPlaintext API operation for AWS Key Management Service. +// +// Generates a unique asymmetric data key pair. The GenerateDataKeyPairWithoutPlaintext +// operation returns a plaintext public key and a copy of the private key that +// is encrypted under the symmetric CMK you specify. Unlike GenerateDataKeyPair, +// this operation does not return a plaintext private key. +// +// To generate a data key pair, you must specify a symmetric customer master +// key (CMK) to encrypt the private key in the data key pair. You cannot use +// an asymmetric CMK. To get the type of your CMK, use the KeySpec field in +// the DescribeKey response. +// +// You can use the public key that GenerateDataKeyPairWithoutPlaintext returns +// to encrypt data or verify a signature outside of AWS KMS. Then, store the +// encrypted private key with the data. When you are ready to decrypt data or +// sign a message, you can use the Decrypt operation to decrypt the encrypted +// private key. +// +// GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each +// request. The bytes in the key are not related to the caller or CMK that is +// used to encrypt the private key. +// +// You can use the optional encryption context to add additional security to +// the encryption operation. If you specify an EncryptionContext, you must specify +// the same encryption context (a case-sensitive exact match) when decrypting +// the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. +// For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GenerateDataKeyPairWithoutPlaintext for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyPairWithoutPlaintext +func (c *KMS) GenerateDataKeyPairWithoutPlaintext(input *GenerateDataKeyPairWithoutPlaintextInput) (*GenerateDataKeyPairWithoutPlaintextOutput, error) { + req, out := c.GenerateDataKeyPairWithoutPlaintextRequest(input) + return out, req.Send() +} + +// GenerateDataKeyPairWithoutPlaintextWithContext is the same as GenerateDataKeyPairWithoutPlaintext with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateDataKeyPairWithoutPlaintext for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) GenerateDataKeyPairWithoutPlaintextWithContext(ctx aws.Context, input *GenerateDataKeyPairWithoutPlaintextInput, opts ...request.Option) (*GenerateDataKeyPairWithoutPlaintextOutput, error) { + req, out := c.GenerateDataKeyPairWithoutPlaintextRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // GenerateDataKeyWithoutPlaintextRequest generates a "aws/request.Request" representing the @@ -2531,18 +3084,16 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. // -// Generates a unique data key. This operation returns a data key that is encrypted -// under a customer master key (CMK) that you specify. GenerateDataKeyWithoutPlaintext -// is identical to GenerateDataKey except that returns only the encrypted copy -// of the data key. +// Generates a unique symmetric data key. This operation returns a data key +// that is encrypted under a customer master key (CMK) that you specify. To +// request an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext +// operations. // -// Like GenerateDataKey, GenerateDataKeyWithoutPlaintext returns a unique data -// key for each request. The bytes in the key are not related to the caller -// or CMK that is used to encrypt the data key. -// -// This operation is useful for systems that need to encrypt data at some point, -// but not immediately. When you need to encrypt the data, you call the Decrypt -// operation on the encrypted copy of the key. +// GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation +// except that returns only the encrypted copy of the data key. This operation +// is useful for systems that need to encrypt data at some point, but not immediately. +// When you need to encrypt the data, you call the Decrypt operation on the +// encrypted copy of the key. // // It's also useful in distributed systems with different levels of trust. For // example, you might store encrypted data in containers. One component of your @@ -2553,8 +3104,27 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // the plaintext data key. In this system, the component that creates the containers // never sees the plaintext data key. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// GenerateDataKeyWithoutPlaintext returns a unique data key for each request. +// The bytes in the keys are not related to the caller or CMK that is used to +// encrypt the private key. +// +// To generate a data key, you must specify the symmetric customer master key +// (CMK) that is used to encrypt the data key. You cannot use an asymmetric +// CMK to generate a data key. To get the type of your CMK, use the DescribeKey +// operation. +// +// If the operation succeeds, you will find the encrypted copy of the data key +// in the CiphertextBlob field. +// +// You can use the optional encryption context to add additional security to +// the encryption operation. If you specify an EncryptionContext, you must specify +// the same encryption context (a case-sensitive exact match) when decrypting +// the encrypted data key. Otherwise, the request to decrypt fails with an InvalidCiphertextException. +// For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2564,39 +3134,51 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateDataKeyWithoutPlaintext for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeKeyUnavailableException "KeyUnavailableException" -// The request was rejected because the specified CMK was not available. The -// request can be retried. +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" -// The request was rejected because the specified KeySpec value is not valid. +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { @@ -2682,20 +3264,20 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateRandom for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -2790,30 +3372,30 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // See the AWS API reference guide for AWS Key Management Service's // API operation GetKeyPolicy for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { @@ -2885,8 +3467,12 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // is enabled for the specified customer master key (CMK). // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported +// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// The key rotation status for these CMKs is always false. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * Disabled: The key rotation status does not change when you disable a @@ -2907,32 +3493,32 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // See the AWS API reference guide for AWS Key Management Service's // API operation GetKeyRotationStatus for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // @@ -3002,26 +3588,29 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // GetParametersForImport API operation for AWS Key Management Service. // -// Returns the items you need in order to import key material into AWS KMS from -// your existing key management infrastructure. For more information about importing -// key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// Returns the items you need to import key material into a symmetric, customer +// managed customer master key (CMK). For more information about importing key +// material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // -// You must specify the key ID of the customer master key (CMK) into which you -// will import key material. This CMK's Origin must be EXTERNAL. You must also -// specify the wrapping algorithm and type of wrapping key (public key) that -// you will use to encrypt the key material. You cannot perform this operation -// on a CMK in a different AWS account. -// // This operation returns a public key and an import token. Use the public key -// to encrypt the key material. Store the import token to send with a subsequent -// ImportKeyMaterial request. The public key and import token from the same -// response must be used together. These items are valid for 24 hours. When -// they expire, they cannot be used for a subsequent ImportKeyMaterial request. -// To get new ones, send another GetParametersForImport request. +// to encrypt the symmetric key material. Store the import token to send with +// a subsequent ImportKeyMaterial request. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// You must specify the key ID of the symmetric CMK into which you will import +// key material. This CMK's Origin must be EXTERNAL. You must also specify the +// wrapping algorithm and type of wrapping key (public key) that you will use +// to encrypt the key material. You cannot perform this operation on an asymmetric +// CMK or on any CMK in a different AWS account. +// +// To import key material, you must use the public key and import token from +// the same response. These items are valid for 24 hours. The expiration date +// and time appear in the GetParametersForImport response. You cannot use an +// expired token in an ImportKeyMaterial request. If your key and token expire, +// send another GetParametersForImport request. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3031,34 +3620,34 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // See the AWS API reference guide for AWS Key Management Service's // API operation GetParametersForImport for usage and error information. // -// Returned Error Codes: -// * ErrCodeInvalidArnException "InvalidArnException" +// Returned Error Types: +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { @@ -3082,6 +3671,175 @@ func (c *KMS) GetParametersForImportWithContext(ctx aws.Context, input *GetParam return out, req.Send() } +const opGetPublicKey = "GetPublicKey" + +// GetPublicKeyRequest generates a "aws/request.Request" representing the +// client's request for the GetPublicKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetPublicKey for more information on using the GetPublicKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetPublicKeyRequest method. +// req, resp := client.GetPublicKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey +func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Request, output *GetPublicKeyOutput) { + op := &request.Operation{ + Name: opGetPublicKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetPublicKeyInput{} + } + + output = &GetPublicKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetPublicKey API operation for AWS Key Management Service. +// +// Returns the public key of an asymmetric CMK. Unlike the private key of a +// asymmetric CMK, which never leaves AWS KMS unencrypted, callers with kms:GetPublicKey +// permission can download the public key of an asymmetric CMK. You can share +// the public key to allow others to encrypt messages and verify signatures +// outside of AWS KMS. For information about symmetric and asymmetric CMKs, +// see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. +// +// You do not need to download the public key. Instead, you can use the public +// key within AWS KMS by calling the Encrypt, ReEncrypt, or Verify operations +// with the identifier of an asymmetric CMK. When you use the public key within +// AWS KMS, you benefit from the authentication, authorization, and logging +// that are part of every AWS KMS operation. You also reduce of risk of encrypting +// data that cannot be decrypted. These features are not effective outside of +// AWS KMS. For details, see Special Considerations for Downloading Public Keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations). +// +// To help you use the public key safely outside of AWS KMS, GetPublicKey returns +// important information about the public key in the response, including: +// +// * CustomerMasterKeySpec (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-CustomerMasterKeySpec): +// The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521. +// +// * KeyUsage (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage): +// Whether the key is used for encryption or signing. +// +// * EncryptionAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms) +// or SigningAlgorithms (https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms): +// A list of the encryption algorithms or the signing algorithms for the +// key. +// +// Although AWS KMS cannot enforce these restrictions on external operations, +// it is crucial that you use this information to prevent the public key from +// being used improperly. For example, you can prevent a public signing key +// from being used encrypt data, or prevent a public key from being used with +// an encryption algorithm that is not supported by AWS KMS. You can also avoid +// errors, such as using the wrong signing algorithm in a verification operation. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation GetPublicKey for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// * InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey +func (c *KMS) GetPublicKey(input *GetPublicKeyInput) (*GetPublicKeyOutput, error) { + req, out := c.GetPublicKeyRequest(input) + return out, req.Send() +} + +// GetPublicKeyWithContext is the same as GetPublicKey with the addition of +// the ability to pass a context and additional request options. +// +// See GetPublicKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) GetPublicKeyWithContext(ctx aws.Context, input *GetPublicKeyInput, opts ...request.Option) (*GetPublicKeyOutput, error) { + req, out := c.GetPublicKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opImportKeyMaterial = "ImportKeyMaterial" // ImportKeyMaterialRequest generates a "aws/request.Request" representing the @@ -3127,11 +3885,14 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // ImportKeyMaterial API operation for AWS Key Management Service. // -// Imports key material into an existing AWS KMS customer master key (CMK) that -// was created without key material. You cannot perform this operation on a -// CMK in a different AWS account. For more information about creating CMKs -// with no key material and then importing key material, see Importing Key Material -// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// Imports key material into an existing symmetric AWS KMS customer master key +// (CMK) that was created without key material. After you successfully import +// key material into a CMK, you can reimport the same key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material) +// into that CMK, but you cannot import different key material. +// +// You cannot perform this operation on an asymmetric CMK or on any CMK in a +// different AWS account. For more information about creating CMKs with no key +// material and then importing key material, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // Before using this operation, call GetParametersForImport. Its response includes @@ -3148,23 +3909,27 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // * The encrypted key material. To get the public key to encrypt the key // material, call GetParametersForImport. // -// * The import token that GetParametersForImport returned. This token and -// the public key used to encrypt the key material must have come from the -// same response. +// * The import token that GetParametersForImport returned. You must use +// a public key and token from the same GetParametersForImport response. // // * Whether the key material expires and if so, when. If you set an expiration -// date, you can change it only by reimporting the same key material and -// specifying a new expiration date. If the key material expires, AWS KMS -// deletes the key material and the CMK becomes unusable. To use the CMK -// again, you must reimport the same key material. +// date, AWS KMS deletes the key material from the CMK on the specified date, +// and the CMK becomes unusable. To use the CMK again, you must reimport +// the same key material. The only way to change an expiration date is by +// reimporting the same key material and specifying a new expiration date. // // When this operation is successful, the key state of the CMK changes from -// PendingImport to Enabled, and you can use the CMK. After you successfully -// import key material into a CMK, you can reimport the same key material into -// that CMK, but you cannot import different key material. +// PendingImport to Enabled, and you can use the CMK. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// If this operation fails, use the exception to help determine the problem. +// If the error is related to the key material, the import token, or wrapping +// key, use GetParametersForImport to get a new public key and import token +// for the CMK and repeat the import procedure. For help, see How To Import +// Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview) +// in the AWS Key Management Service Developer Guide. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3174,51 +3939,55 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // See the AWS API reference guide for AWS Key Management Service's // API operation ImportKeyMaterial for usage and error information. // -// Returned Error Codes: -// * ErrCodeInvalidArnException "InvalidArnException" +// Returned Error Types: +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // -// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" -// The request was rejected because the specified ciphertext, or additional -// authenticated data incorporated into the ciphertext, such as the encryption -// context, is corrupted, missing, or otherwise invalid. +// * InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. // -// * ErrCodeIncorrectKeyMaterialException "IncorrectKeyMaterialException" -// The request was rejected because the provided key material is invalid or -// is not the same key material that was previously imported into this customer -// master key (CMK). +// From the ImportKeyMaterial operation, the request was rejected because AWS +// KMS could not decrypt the encrypted (wrapped) key material. // -// * ErrCodeExpiredImportTokenException "ExpiredImportTokenException" -// The request was rejected because the provided import token is expired. Use +// * IncorrectKeyMaterialException +// The request was rejected because the key material in the request is, expired, +// invalid, or is not the same key material that was previously imported into +// this customer master key (CMK). +// +// * ExpiredImportTokenException +// The request was rejected because the specified import token is expired. Use // GetParametersForImport to get a new import token and public key, use the // new public key to encrypt the key material, and then try the request again. // -// * ErrCodeInvalidImportTokenException "InvalidImportTokenException" +// * InvalidImportTokenException // The request was rejected because the provided import token is invalid or // is associated with a different customer master key (CMK). // @@ -3309,7 +4078,7 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // The response might also include aliases that have no TargetKeyId field. These // are predefined aliases that AWS has created but has not yet associated with // a CMK. Aliases that AWS creates in your account, including predefined aliases, -// do not count against your AWS KMS aliases limit (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). +// do not count against your AWS KMS aliases quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3318,24 +4087,24 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation ListAliases for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidMarkerException "InvalidMarkerException" +// * InvalidMarkerException // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // @@ -3475,34 +4244,34 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // See the AWS API reference guide for AWS Key Management Service's // API operation ListGrants for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidMarkerException "InvalidMarkerException" +// * InvalidMarkerException // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { @@ -3640,30 +4409,30 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // See the AWS API reference guide for AWS Key Management Service's // API operation ListKeyPolicies for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { @@ -3790,7 +4559,7 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // ListKeys API operation for AWS Key Management Service. // // Gets a list of all customer master keys (CMKs) in the caller's AWS account -// and region. +// and Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3799,16 +4568,16 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // See the AWS API reference guide for AWS Key Management Service's // API operation ListKeys for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidMarkerException "InvalidMarkerException" +// * InvalidMarkerException // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // @@ -3941,20 +4710,20 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // See the AWS API reference guide for AWS Key Management Service's // API operation ListResourceTags for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalException "KMSInternalException" +// Returned Error Types: +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInvalidMarkerException "InvalidMarkerException" +// * InvalidMarkerException // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // @@ -4037,24 +4806,24 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // See the AWS API reference guide for AWS Key Management Service's // API operation ListRetirableGrants for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidMarkerException "InvalidMarkerException" +// * InvalidMarkerException // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // @@ -4138,43 +4907,43 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // See the AWS API reference guide for AWS Key Management Service's // API operation PutKeyPolicy for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" +// * MalformedPolicyDocumentException // The request was rejected because the specified policy is not syntactically // or semantically correct. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" +// * UnsupportedOperationException // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { @@ -4242,23 +5011,66 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // ReEncrypt API operation for AWS Key Management Service. // -// Encrypts data on the server side with a new customer master key (CMK) without -// exposing the plaintext of the data on the client side. The data is first -// decrypted and then reencrypted. You can also use this operation to change -// the encryption context of a ciphertext. +// Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can +// use this operation to change the customer master key (CMK) under which data +// is encrypted, such as when you manually rotate (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually) +// a CMK or change the CMK that protects a ciphertext. You can also use it to +// reencrypt ciphertext under the same CMK, such as to change the encryption +// context of a ciphertext. // -// You can reencrypt data using CMKs in different AWS accounts. +// The ReEncrypt operation can decrypt ciphertext that was encrypted by using +// an AWS KMS CMK in an AWS KMS operation, such as Encrypt or GenerateDataKey. +// It can also decrypt ciphertext that was encrypted by using the public key +// of an asymmetric CMK outside of AWS KMS. However, it cannot decrypt ciphertext +// produced by other libraries, such as the AWS Encryption SDK (https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/) +// or Amazon S3 client-side encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). +// These libraries return a ciphertext format that is incompatible with AWS +// KMS. // -// Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom -// on the source CMK and once as ReEncryptTo on the destination CMK. We recommend -// that you include the "kms:ReEncrypt*" permission in your key policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) -// to permit reencryption from or to the CMK. This permission is automatically -// included in the key policy when you create a CMK through the console. But -// you must include it manually when you create a CMK programmatically or when -// you set a key policy with the PutKeyPolicy operation. +// When you use the ReEncrypt operation, you need to provide information for +// the decrypt operation and the subsequent encrypt operation. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// * If your ciphertext was encrypted under an asymmetric CMK, you must identify +// the source CMK, that is, the CMK that encrypted the ciphertext. You must +// also supply the encryption algorithm that was used. This information is +// required to decrypt the data. +// +// * It is optional, but you can specify a source CMK even when the ciphertext +// was encrypted under a symmetric CMK. This ensures that the ciphertext +// is decrypted only by using a particular CMK. If the CMK that you specify +// cannot decrypt the ciphertext, the ReEncrypt operation fails. +// +// * To reencrypt the data, you must specify the destination CMK, that is, +// the CMK that re-encrypts the data after it is decrypted. You can select +// a symmetric or asymmetric CMK. If the destination CMK is an asymmetric +// CMK, you must also provide the encryption algorithm. The algorithm that +// you choose must be compatible with the CMK. When you use an asymmetric +// CMK to encrypt or reencrypt data, be sure to record the CMK and encryption +// algorithm that you choose. You will be required to provide the same CMK +// and encryption algorithm when you decrypt the data. If the CMK and algorithm +// do not match the values used to encrypt the data, the decrypt operation +// fails. You are not required to supply the CMK ID and encryption algorithm +// when you decrypt with symmetric CMKs because AWS KMS stores this information +// in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated +// with asymmetric keys. The standard format for asymmetric key ciphertext +// does not include configurable fields. +// +// Unlike other AWS KMS API operations, ReEncrypt callers must have two permissions: +// +// * kms:EncryptFrom permission on the source CMK +// +// * kms:EncryptTo permission on the destination CMK +// +// To permit reencryption from +// +// or to a CMK, include the "kms:ReEncrypt*" permission in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). +// This permission is automatically included in the key policy when you use +// the console to create a CMK. But you must include it manually when you create +// a CMK programmatically or when you use the PutKeyPolicy operation set a key +// policy. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4268,44 +5080,65 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // See the AWS API reference guide for AWS Key Management Service's // API operation ReEncrypt for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDisabledException "DisabledException" +// * DisabledException // The request was rejected because the specified CMK is not enabled. // -// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" -// The request was rejected because the specified ciphertext, or additional -// authenticated data incorporated into the ciphertext, such as the encryption -// context, is corrupted, missing, or otherwise invalid. +// * InvalidCiphertextException +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. // -// * ErrCodeKeyUnavailableException "KeyUnavailableException" -// The request was rejected because the specified CMK was not available. The -// request can be retried. +// From the ImportKeyMaterial operation, the request was rejected because AWS +// KMS could not decrypt the encrypted (wrapped) key material. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * IncorrectKeyException +// The request was rejected because the specified CMK cannot decrypt the data. +// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same CMK that was used to encrypt the ciphertext. +// +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" -// The request was rejected because the specified KeySpec value is not valid. +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { @@ -4398,36 +5231,36 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation RetireGrant for usage and error information. // -// Returned Error Codes: -// * ErrCodeInvalidArnException "InvalidArnException" +// Returned Error Types: +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" +// * InvalidGrantTokenException // The request was rejected because the specified grant token is not valid. // -// * ErrCodeInvalidGrantIdException "InvalidGrantIdException" +// * InvalidGrantIdException // The request was rejected because the specified GrantId is not valid. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { @@ -4509,33 +5342,33 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation RevokeGrant for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInvalidGrantIdException "InvalidGrantIdException" +// * InvalidGrantIdException // The request was rejected because the specified GrantId is not valid. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { @@ -4629,8 +5462,8 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4640,30 +5473,30 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // See the AWS API reference guide for AWS Key Management Service's // API operation ScheduleKeyDeletion for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { @@ -4687,6 +5520,164 @@ func (c *KMS) ScheduleKeyDeletionWithContext(ctx aws.Context, input *ScheduleKey return out, req.Send() } +const opSign = "Sign" + +// SignRequest generates a "aws/request.Request" representing the +// client's request for the Sign operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See Sign for more information on using the Sign +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the SignRequest method. +// req, resp := client.SignRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign +func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignOutput) { + op := &request.Operation{ + Name: opSign, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SignInput{} + } + + output = &SignOutput{} + req = c.newRequest(op, input, output) + return +} + +// Sign API operation for AWS Key Management Service. +// +// Creates a digital signature (https://en.wikipedia.org/wiki/Digital_signature) +// for a message or message digest by using the private key in an asymmetric +// CMK. To verify the signature, use the Verify operation, or use the public +// key in the same asymmetric CMK outside of AWS KMS. For information about +// symmetric and asymmetric CMKs, see Using Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. +// +// Digital signatures are generated and verified by using asymmetric key pair, +// such as an RSA or ECC pair that is represented by an asymmetric customer +// master key (CMK). The key owner (or an authorized user) uses their private +// key to sign a message. Anyone with the public key can verify that the message +// was signed with that particular private key and that the message hasn't changed +// since it was signed. +// +// To use the Sign operation, provide the following information: +// +// * Use the KeyId parameter to identify an asymmetric CMK with a KeyUsage +// value of SIGN_VERIFY. To get the KeyUsage value of a CMK, use the DescribeKey +// operation. The caller must have kms:Sign permission on the CMK. +// +// * Use the Message parameter to specify the message or message digest to +// sign. You can submit messages of up to 4096 bytes. To sign a larger message, +// generate a hash digest of the message, and then provide the hash digest +// in the Message parameter. To indicate whether the message is a full message +// or a digest, use the MessageType parameter. +// +// * Choose a signing algorithm that is compatible with the CMK. +// +// When signing a message, be sure to record the CMK and the signing algorithm. +// This information is required to verify the signature. +// +// To verify the signature that this operation generates, use the Verify operation. +// Or use the GetPublicKey operation to download the public key and then use +// the public key to verify the signature outside of AWS KMS. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation Sign for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Sign +func (c *KMS) Sign(input *SignInput) (*SignOutput, error) { + req, out := c.SignRequest(input) + return out, req.Send() +} + +// SignWithContext is the same as Sign with the addition of +// the ability to pass a context and additional request options. +// +// See Sign for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) SignWithContext(ctx aws.Context, input *SignInput, opts ...request.Option) (*SignOutput, error) { + req, out := c.SignRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the @@ -4745,8 +5736,8 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the AWS Billing and Cost Management User Guide. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4756,33 +5747,33 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation TagResource for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalException "KMSInternalException" +// Returned Error Types: +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // -// * ErrCodeLimitExceededException "LimitExceededException" -// The request was rejected because a limit was exceeded. For more information, -// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) -// in the AWS Key Management Service Developer Guide. -// -// * ErrCodeTagException "TagException" +// * TagException // The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource @@ -4858,8 +5849,8 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // To remove a tag, specify the tag key. To change the tag value of an existing // tag key, use TagResource. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4869,28 +5860,28 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // See the AWS API reference guide for AWS Key Management Service's // API operation UntagResource for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalException "KMSInternalException" +// Returned Error Types: +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // -// * ErrCodeTagException "TagException" +// * TagException // The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource @@ -4960,27 +5951,28 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // UpdateAlias API operation for AWS Key Management Service. // -// Associates an existing alias with a different customer master key (CMK). -// Each CMK can have multiple aliases, but the aliases must be unique within -// the account and region. You cannot perform this operation on an alias in -// a different AWS account. +// Associates an existing AWS KMS alias with a different customer master key +// (CMK). Each alias is associated with only one CMK at a time, although a CMK +// can have multiple aliases. The alias and the CMK must be in the same AWS +// account and region. You cannot perform this operation on an alias in a different +// AWS account. // -// This operation works only on existing aliases. To change the alias of a CMK -// to a new value, use CreateAlias to create a new alias and DeleteAlias to -// delete the old alias. +// The current and new CMK must be the same type (both symmetric or both asymmetric), +// and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This +// restriction prevents errors in code that uses aliases. If you must assign +// an alias to a different type of CMK, use DeleteAlias to delete the old alias +// and CreateAlias to create a new alias. +// +// You cannot use UpdateAlias to change an alias name. To change an alias name, +// use DeleteAlias to delete the old alias and CreateAlias to create a new alias. // // Because an alias is not a property of a CMK, you can create, update, and // delete the aliases of a CMK without affecting the CMK. Also, aliases do not // appear in the response from the DescribeKey operation. To get the aliases // of all CMKs in the account, use the ListAliases operation. // -// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. -// It can contain only alphanumeric characters, forward slashes (/), underscores -// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ -// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). -// -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4990,26 +5982,26 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateAlias for usage and error information. // -// Returned Error Codes: -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// Returned Error Types: +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { @@ -5120,17 +6112,22 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateCustomKeyStore for usage and error information. // -// Returned Error Codes: -// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" +// Returned Error Types: +// * CustomKeyStoreNotFoundException // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // -// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" +// * CustomKeyStoreNameInUseException +// The request was rejected because the specified custom key store name is already +// assigned to another custom key store in the account. Try again with a custom +// key store name that is unique in the account. +// +// * CloudHsmClusterNotFoundException // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster // with the specified cluster ID. Retry the request with a different cluster // ID. // -// * ErrCodeCloudHsmClusterNotRelatedException "CloudHsmClusterNotRelatedException" +// * CloudHsmClusterNotRelatedException // The request was rejected because the specified AWS CloudHSM cluster has a // different cluster certificate than the original cluster. You cannot use the // operation to specify an unrelated cluster. @@ -5144,7 +6141,7 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // -// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" +// * CustomKeyStoreInvalidStateException // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. @@ -5163,18 +6160,18 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" +// * CloudHsmClusterNotActiveException // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // -// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" +// * CloudHsmClusterInvalidConfigurationException // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // @@ -5278,8 +6275,8 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // // You cannot perform this operation on a CMK in a different AWS account. // -// The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5289,30 +6286,30 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateKeyDescription for usage and error information. // -// Returned Error Codes: -// * ErrCodeNotFoundException "NotFoundException" +// Returned Error Types: +// * NotFoundException // The request was rejected because the specified entity or resource could not // be found. // -// * ErrCodeInvalidArnException "InvalidArnException" +// * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // -// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" +// * DependencyTimeoutException // The system timed out while trying to fulfill the request. The request can // be retried. // -// * ErrCodeInternalException "KMSInternalException" +// * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. // -// * ErrCodeInvalidStateException "KMSInvalidStateException" +// * InvalidStateException // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// in the AWS Key Management Service Developer Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { @@ -5336,6 +6333,161 @@ func (c *KMS) UpdateKeyDescriptionWithContext(ctx aws.Context, input *UpdateKeyD return out, req.Send() } +const opVerify = "Verify" + +// VerifyRequest generates a "aws/request.Request" representing the +// client's request for the Verify operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See Verify for more information on using the Verify +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the VerifyRequest method. +// req, resp := client.VerifyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Verify +func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *VerifyOutput) { + op := &request.Operation{ + Name: opVerify, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &VerifyInput{} + } + + output = &VerifyOutput{} + req = c.newRequest(op, input, output) + return +} + +// Verify API operation for AWS Key Management Service. +// +// Verifies a digital signature that was generated by the Sign operation. +// +// Verification confirms that an authorized user signed the message with the +// specified CMK and signing algorithm, and the message hasn't changed since +// it was signed. If the signature is verified, the value of the SignatureValid +// field in the response is True. If the signature verification fails, the Verify +// operation fails with an KMSInvalidSignatureException exception. +// +// A digital signature is generated by using the private key in an asymmetric +// CMK. The signature is verified by using the public key in the same asymmetric +// CMK. For information about symmetric and asymmetric CMKs, see Using Symmetric +// and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. +// +// To verify a digital signature, you can use the Verify operation. Specify +// the same asymmetric CMK, message, and signing algorithm that were used to +// produce the signature. +// +// You can also verify the digital signature by using the public key of the +// CMK outside of AWS KMS. Use the GetPublicKey operation to download the public +// key in the asymmetric CMK and then use the public key to verify the signature +// outside of AWS KMS. The advantage of using the Verify operation is that it +// is performed within AWS KMS. As a result, it's easy to call, the operation +// is performed within the FIPS boundary, it is logged in AWS CloudTrail, and +// you can use key policy and IAM policy to determine who is authorized to use +// the CMK to verify signatures. +// +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation Verify for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * KeyUnavailableException +// The request was rejected because the specified CMK was not available. You +// can retry the request. +// +// * DependencyTimeoutException +// The system timed out while trying to fulfill the request. The request can +// be retried. +// +// * InvalidKeyUsageException +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +// +// * InvalidGrantTokenException +// The request was rejected because the specified grant token is not valid. +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// * KMSInvalidSignatureException +// The request was rejected because the signature verification failed. Signature +// verification fails when it cannot confirm that signature was produced by +// signing the specified message with the specified CMK and signing algorithm. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Verify +func (c *KMS) Verify(input *VerifyInput) (*VerifyOutput, error) { + req, out := c.VerifyRequest(input) + return out, req.Send() +} + +// VerifyWithContext is the same as Verify with the addition of +// the ability to pass a context and additional request options. +// +// See Verify for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) VerifyWithContext(ctx aws.Context, input *VerifyInput, opts ...request.Option) (*VerifyOutput, error) { + req, out := c.VerifyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + // Contains information about an alias. type AliasListEntry struct { _ struct{} `type:"structure"` @@ -5378,6 +6530,63 @@ func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { return s } +// The request was rejected because it attempted to create a resource that already +// exists. +type AlreadyExistsException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s AlreadyExistsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AlreadyExistsException) GoString() string { + return s.String() +} + +func newErrorAlreadyExistsException(v protocol.ResponseMetadata) error { + return &AlreadyExistsException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s AlreadyExistsException) Code() string { + return "AlreadyExistsException" +} + +// Message returns the exception's message. +func (s AlreadyExistsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s AlreadyExistsException) OrigErr() error { + return nil +} + +func (s AlreadyExistsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s AlreadyExistsException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s AlreadyExistsException) RequestID() string { + return s.respMetadata.RequestID +} + type CancelKeyDeletionInput struct { _ struct{} `type:"structure"` @@ -5453,6 +6662,339 @@ func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { return s } +// The request was rejected because the specified AWS CloudHSM cluster is already +// associated with a custom key store or it shares a backup history with a cluster +// that is associated with a custom key store. Each custom key store must be +// associated with a different AWS CloudHSM cluster. +// +// Clusters that share a backup history have the same cluster certificate. To +// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. +type CloudHsmClusterInUseException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CloudHsmClusterInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudHsmClusterInUseException) GoString() string { + return s.String() +} + +func newErrorCloudHsmClusterInUseException(v protocol.ResponseMetadata) error { + return &CloudHsmClusterInUseException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CloudHsmClusterInUseException) Code() string { + return "CloudHsmClusterInUseException" +} + +// Message returns the exception's message. +func (s CloudHsmClusterInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CloudHsmClusterInUseException) OrigErr() error { + return nil +} + +func (s CloudHsmClusterInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CloudHsmClusterInUseException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CloudHsmClusterInUseException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the associated AWS CloudHSM cluster did +// not meet the configuration requirements for a custom key store. +// +// * The cluster must be configured with private subnets in at least two +// different Availability Zones in the Region. +// +// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster--sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the cluster. +// Do not delete or change them. To get information about a particular security +// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// * The cluster must contain at least as many HSMs as the operation requires. +// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the AWS CloudHSM cluster must have at least two active HSMs, +// each in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the AWS CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an AWS CloudHSM cluster that is +// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. For information about +// creating a private subnet for an AWS CloudHSM cluster, see Create a Private +// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the AWS CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the AWS CloudHSM User Guide . +type CloudHsmClusterInvalidConfigurationException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CloudHsmClusterInvalidConfigurationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudHsmClusterInvalidConfigurationException) GoString() string { + return s.String() +} + +func newErrorCloudHsmClusterInvalidConfigurationException(v protocol.ResponseMetadata) error { + return &CloudHsmClusterInvalidConfigurationException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CloudHsmClusterInvalidConfigurationException) Code() string { + return "CloudHsmClusterInvalidConfigurationException" +} + +// Message returns the exception's message. +func (s CloudHsmClusterInvalidConfigurationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CloudHsmClusterInvalidConfigurationException) OrigErr() error { + return nil +} + +func (s CloudHsmClusterInvalidConfigurationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CloudHsmClusterInvalidConfigurationException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CloudHsmClusterInvalidConfigurationException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the AWS CloudHSM cluster that is associated +// with the custom key store is not active. Initialize and activate the cluster +// and try the command again. For detailed instructions, see Getting Started +// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// in the AWS CloudHSM User Guide. +type CloudHsmClusterNotActiveException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CloudHsmClusterNotActiveException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudHsmClusterNotActiveException) GoString() string { + return s.String() +} + +func newErrorCloudHsmClusterNotActiveException(v protocol.ResponseMetadata) error { + return &CloudHsmClusterNotActiveException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CloudHsmClusterNotActiveException) Code() string { + return "CloudHsmClusterNotActiveException" +} + +// Message returns the exception's message. +func (s CloudHsmClusterNotActiveException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CloudHsmClusterNotActiveException) OrigErr() error { + return nil +} + +func (s CloudHsmClusterNotActiveException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CloudHsmClusterNotActiveException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CloudHsmClusterNotActiveException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster +// with the specified cluster ID. Retry the request with a different cluster +// ID. +type CloudHsmClusterNotFoundException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CloudHsmClusterNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudHsmClusterNotFoundException) GoString() string { + return s.String() +} + +func newErrorCloudHsmClusterNotFoundException(v protocol.ResponseMetadata) error { + return &CloudHsmClusterNotFoundException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CloudHsmClusterNotFoundException) Code() string { + return "CloudHsmClusterNotFoundException" +} + +// Message returns the exception's message. +func (s CloudHsmClusterNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CloudHsmClusterNotFoundException) OrigErr() error { + return nil +} + +func (s CloudHsmClusterNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CloudHsmClusterNotFoundException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CloudHsmClusterNotFoundException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified AWS CloudHSM cluster has a +// different cluster certificate than the original cluster. You cannot use the +// operation to specify an unrelated cluster. +// +// Specify a cluster that shares a backup history with the original cluster. +// This includes clusters that were created from a backup of the current cluster, +// and clusters that were created from the same backup that produced the current +// cluster. +// +// Clusters that share a backup history have the same cluster certificate. To +// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. +type CloudHsmClusterNotRelatedException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CloudHsmClusterNotRelatedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudHsmClusterNotRelatedException) GoString() string { + return s.String() +} + +func newErrorCloudHsmClusterNotRelatedException(v protocol.ResponseMetadata) error { + return &CloudHsmClusterNotRelatedException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CloudHsmClusterNotRelatedException) Code() string { + return "CloudHsmClusterNotRelatedException" +} + +// Message returns the exception's message. +func (s CloudHsmClusterNotRelatedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CloudHsmClusterNotRelatedException) OrigErr() error { + return nil +} + +func (s CloudHsmClusterNotRelatedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CloudHsmClusterNotRelatedException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CloudHsmClusterNotRelatedException) RequestID() string { + return s.respMetadata.RequestID +} + type ConnectCustomKeyStoreInput struct { _ struct{} `type:"structure"` @@ -5607,11 +7149,13 @@ type CreateCustomKeyStoreInput struct { // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this // user to manage key material on your behalf. // + // The password must be a string of 7 to 32 characters. Its value is case sensitive. + // // This parameter tells AWS KMS the kmsuser account password; it does not change // the password in the AWS CloudHSM cluster. // // KeyStorePassword is a required field - KeyStorePassword *string `min:"1" type:"string" required:"true" sensitive:"true"` + KeyStorePassword *string `min:"7" type:"string" required:"true" sensitive:"true"` // Enter the content of the trust anchor certificate for the cluster. This is // the content of the customerCA.crt file that you created when you initialized @@ -5649,8 +7193,8 @@ func (s *CreateCustomKeyStoreInput) Validate() error { if s.KeyStorePassword == nil { invalidParams.Add(request.NewErrParamRequired("KeyStorePassword")) } - if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) + if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 7)) } if s.TrustAnchorCertificate == nil { invalidParams.Add(request.NewErrParamRequired("TrustAnchorCertificate")) @@ -5933,6 +7477,9 @@ type CreateKeyInput struct { // the custom key store must have at least two active HSMs, each in a different // Availability Zone in the Region. // + // This parameter is valid only for symmetric CMKs. You cannot create an asymmetric + // CMK in a custom key store. + // // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // // The response includes the custom key store ID and the ID of the AWS CloudHSM @@ -5943,33 +7490,76 @@ type CreateKeyInput struct { // of AWS KMS with the isolation and control of a single-tenant key store. CustomKeyStoreId *string `min:"1" type:"string"` + // Specifies the type of CMK to create. The default value, SYMMETRIC_DEFAULT, + // creates a CMK with a 256-bit symmetric key for encryption and decryption. + // For help choosing a key spec for your CMK, see How to Choose Your CMK Configuration + // (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) + // in the AWS Key Management Service Developer Guide. + // + // The CustomerMasterKeySpec determines whether the CMK contains a symmetric + // key or an asymmetric key pair. It also determines the encryption algorithms + // or signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec + // after the CMK is created. To further restrict the algorithms that can be + // used with the CMK, use a condition key in its key policy or IAM policy. For + // more information, see kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) + // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) + // in the AWS Key Management Service Developer Guide. + // + // AWS services that are integrated with AWS KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) + // use symmetric CMKs to protect your data. These services do not support asymmetric + // CMKs. For help determining whether a CMK is symmetric or asymmetric, see + // Identifying Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) + // in the AWS Key Management Service Developer Guide. + // + // AWS KMS supports the following key specs for CMKs: + // + // * Symmetric key (default) SYMMETRIC_DEFAULT (AES-256-GCM) + // + // * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096 + // + // * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1) + // ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1) + // + // * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1), + // commonly used for cryptocurrencies. + CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + // A description of the CMK. // // Use a description that helps you decide whether the CMK is appropriate for // a task. Description *string `type:"string"` - // The cryptographic operations for which you can use the CMK. The only valid - // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and - // decrypt data. + // Determines the cryptographic operations for which you can use the CMK. The + // default value is ENCRYPT_DECRYPT. This parameter is required only for asymmetric + // CMKs. You can't change the KeyUsage value after the CMK is created. + // + // Select only one valid value. + // + // * For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT. + // + // * For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or + // SIGN_VERIFY. + // + // * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The source of the key material for the CMK. You cannot change the origin - // after you create the CMK. - // - // The default is AWS_KMS, which means AWS KMS creates the key material in its - // own key store. + // after you create the CMK. The default is AWS_KMS, which means AWS KMS creates + // the key material. // // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material // so that you can import key material from your existing key management infrastructure. // For more information about importing key material into AWS KMS, see Importing // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) - // in the AWS Key Management Service Developer Guide. + // in the AWS Key Management Service Developer Guide. This value is valid only + // for symmetric CMKs. // // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and creates its key material in the associated AWS CloudHSM cluster. You // must also use the CustomKeyStoreId parameter to identify the custom key store. + // This value is valid only for symmetric CMKs. Origin *string `type:"string" enum:"OriginType"` // The key policy to attach to the CMK. @@ -5996,14 +7586,19 @@ type CreateKeyInput struct { // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the AWS Key Management Service Developer Guide. // - // The key policy size limit is 32 kilobytes (32768 bytes). + // The key policy size quota is 32 kilobytes (32768 bytes). Policy *string `min:"1" type:"string"` - // One or more tags. Each tag consists of a tag key and a tag value. Tag keys - // and tag values are both required, but tag values can be empty (null) strings. + // One or more tags. Each tag consists of a tag key and a tag value. Both the + // tag key and the tag value are required, but the tag value can be an empty + // (null) string. // - // Use this parameter to tag the CMK when it is created. Alternately, you can - // omit this parameter and instead tag the CMK after it is created using TagResource. + // When you add tags to an AWS resource, AWS generates a cost allocation report + // with usage and costs aggregated by tags. For information about adding, changing, + // deleting and listing tags for CMKs, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + // + // Use this parameter to tag the CMK when it is created. To add tags to an existing + // CMK, use the TagResource operation. Tags []*Tag `type:"list"` } @@ -6055,6 +7650,12 @@ func (s *CreateKeyInput) SetCustomKeyStoreId(v string) *CreateKeyInput { return s } +// SetCustomerMasterKeySpec sets the CustomerMasterKeySpec field's value. +func (s *CreateKeyInput) SetCustomerMasterKeySpec(v string) *CreateKeyInput { + s.CustomerMasterKeySpec = &v + return s +} + // SetDescription sets the Description field's value. func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { s.Description = &v @@ -6108,6 +7709,252 @@ func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { return s } +// The request was rejected because the custom key store contains AWS KMS customer +// master keys (CMKs). After verifying that you do not need to use the CMKs, +// use the ScheduleKeyDeletion operation to delete the CMKs. After they are +// deleted, you can delete the custom key store. +type CustomKeyStoreHasCMKsException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CustomKeyStoreHasCMKsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomKeyStoreHasCMKsException) GoString() string { + return s.String() +} + +func newErrorCustomKeyStoreHasCMKsException(v protocol.ResponseMetadata) error { + return &CustomKeyStoreHasCMKsException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CustomKeyStoreHasCMKsException) Code() string { + return "CustomKeyStoreHasCMKsException" +} + +// Message returns the exception's message. +func (s CustomKeyStoreHasCMKsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CustomKeyStoreHasCMKsException) OrigErr() error { + return nil +} + +func (s CustomKeyStoreHasCMKsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CustomKeyStoreHasCMKsException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CustomKeyStoreHasCMKsException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because of the ConnectionState of the custom key +// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores +// operation. +// +// This exception is thrown under the following conditions: +// +// * You requested the CreateKey or GenerateRandom operation in a custom +// key store that is not connected. These operations are valid only when +// the custom key store ConnectionState is CONNECTED. +// +// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation +// on a custom key store that is not disconnected. This operation is valid +// only when the custom key store ConnectionState is DISCONNECTED. +// +// * You requested the ConnectCustomKeyStore operation on a custom key store +// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid +// for all other ConnectionState values. +type CustomKeyStoreInvalidStateException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CustomKeyStoreInvalidStateException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomKeyStoreInvalidStateException) GoString() string { + return s.String() +} + +func newErrorCustomKeyStoreInvalidStateException(v protocol.ResponseMetadata) error { + return &CustomKeyStoreInvalidStateException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CustomKeyStoreInvalidStateException) Code() string { + return "CustomKeyStoreInvalidStateException" +} + +// Message returns the exception's message. +func (s CustomKeyStoreInvalidStateException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CustomKeyStoreInvalidStateException) OrigErr() error { + return nil +} + +func (s CustomKeyStoreInvalidStateException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CustomKeyStoreInvalidStateException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CustomKeyStoreInvalidStateException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified custom key store name is already +// assigned to another custom key store in the account. Try again with a custom +// key store name that is unique in the account. +type CustomKeyStoreNameInUseException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CustomKeyStoreNameInUseException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomKeyStoreNameInUseException) GoString() string { + return s.String() +} + +func newErrorCustomKeyStoreNameInUseException(v protocol.ResponseMetadata) error { + return &CustomKeyStoreNameInUseException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CustomKeyStoreNameInUseException) Code() string { + return "CustomKeyStoreNameInUseException" +} + +// Message returns the exception's message. +func (s CustomKeyStoreNameInUseException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CustomKeyStoreNameInUseException) OrigErr() error { + return nil +} + +func (s CustomKeyStoreNameInUseException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CustomKeyStoreNameInUseException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CustomKeyStoreNameInUseException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because AWS KMS cannot find a custom key store with +// the specified key store name or ID. +type CustomKeyStoreNotFoundException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s CustomKeyStoreNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomKeyStoreNotFoundException) GoString() string { + return s.String() +} + +func newErrorCustomKeyStoreNotFoundException(v protocol.ResponseMetadata) error { + return &CustomKeyStoreNotFoundException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s CustomKeyStoreNotFoundException) Code() string { + return "CustomKeyStoreNotFoundException" +} + +// Message returns the exception's message. +func (s CustomKeyStoreNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s CustomKeyStoreNotFoundException) OrigErr() error { + return nil +} + +func (s CustomKeyStoreNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s CustomKeyStoreNotFoundException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s CustomKeyStoreNotFoundException) RequestID() string { + return s.respMetadata.RequestID +} + // Contains information about each custom key store in the custom key store // list. type CustomKeyStoresListEntry struct { @@ -6117,7 +7964,12 @@ type CustomKeyStoresListEntry struct { // the custom key store. CloudHsmClusterId *string `min:"19" type:"string"` - // Describes the connection error. Valid values are: + // Describes the connection error. This field appears in the response only when + // the ConnectionState is FAILED. For help resolving these errors, see How to + // Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in AWS Key Management Service Developer Guide. + // + // Valid values are: // // * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with // the specified cluster ID. @@ -6131,20 +7983,42 @@ type CustomKeyStoresListEntry struct { // the custom key store before trying to connect again. // // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for - // the kmsuser crypto user in the AWS CloudHSM cluster. + // the kmsuser crypto user in the AWS CloudHSM cluster. Before you can connect + // your custom key store to its AWS CloudHSM cluster, you must change the + // kmsuser account password and update the key store password value for the + // custom key store. // // * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting // to the custom key store. // + // * SUBNET_NOT_FOUND - A subnet in the AWS CloudHSM cluster configuration + // was deleted. If AWS KMS cannot find all of the subnets that were configured + // for the cluster when the custom key store was created, attempts to connect + // fail. To fix this error, create a cluster from a backup and associate + // it with your custom key store. This process includes selecting a VPC and + // subnets. For details, see How to Fix a Connection Failure (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed) + // in the AWS Key Management Service Developer Guide. + // // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated // AWS CloudHSM cluster due to too many failed password attempts. Before // you can connect your custom key store to its AWS CloudHSM cluster, you - // must change the kmsuser account password and update the password value - // for the custom key store. + // must change the kmsuser account password and update the key store password + // value for the custom key store. // - // For help with connection failures, see Troubleshooting Custom Key Stores - // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) - // in the AWS Key Management Service Developer Guide. + // * USER_LOGGED_IN - The kmsuser CU account is logged into the the associated + // AWS CloudHSM cluster. This prevents AWS KMS from rotating the kmsuser + // account password and logging into the cluster. Before you can connect + // your custom key store to its AWS CloudHSM cluster, you must log the kmsuser + // CU out of the cluster. If you changed the kmsuser password to log into + // the cluster, you must also and update the key store password value for + // the custom key store. For help, see How to Log Out and Reconnect (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2) + // in the AWS Key Management Service Developer Guide. + // + // * USER_NOT_FOUND - AWS KMS cannot find a kmsuser CU account in the associated + // AWS CloudHSM cluster. Before you can connect your custom key store to + // its AWS CloudHSM cluster, you must create a kmsuser CU account in the + // cluster, and then update the key store password value for the custom key + // store. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` // Indicates whether the custom key store is connected to its AWS CloudHSM cluster. @@ -6159,8 +8033,9 @@ type CustomKeyStoresListEntry struct { // one active HSM. // // A value of FAILED indicates that an attempt to connect was unsuccessful. - // For help resolving a connection failure, see Troubleshooting a Custom Key - // Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // The ConnectionErrorCode field in the response indicates the cause of the + // failure. For help resolving a connection failure, see Troubleshooting a Custom + // Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` @@ -6241,9 +8116,28 @@ type DecryptInput struct { // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` - // The encryption context. If this was specified in the Encrypt function, it - // must be specified here or the decryption operation will fail. For more information, - // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). + // Specifies the encryption algorithm that will be used to decrypt the ciphertext. + // Specify the same algorithm that was used to encrypt the data. If you specify + // a different algorithm, the Decrypt operation fails. + // + // This parameter is required only when the ciphertext was encrypted under an + // asymmetric CMK. The default value, SYMMETRIC_DEFAULT, represents the only + // supported algorithm that is valid for symmetric CMKs. + EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + + // Specifies the encryption context to use when decrypting the data. An encryption + // context is valid only for cryptographic operations with a symmetric CMK. + // The standard asymmetric encryption algorithms that AWS KMS uses do not support + // an encryption context. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. @@ -6251,6 +8145,35 @@ type DecryptInput struct { // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` + + // Specifies the customer master key (CMK) that AWS KMS will use to decrypt + // the ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext. + // + // If you specify a KeyId value, the Decrypt operation succeeds only if the + // specified CMK was used to encrypt the ciphertext. + // + // This parameter is required only when the ciphertext was encrypted under an + // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the + // ciphertext blob to determine which CMK was used to encrypt the ciphertext. + // However, you can use this parameter to ensure that a particular CMK (of any + // kind) is used to decrypt the ciphertext. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + KeyId *string `min:"1" type:"string"` } // String returns the string representation @@ -6272,6 +8195,9 @@ func (s *DecryptInput) Validate() error { if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -6285,6 +8211,12 @@ func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { return s } +// SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. +func (s *DecryptInput) SetEncryptionAlgorithm(v string) *DecryptInput { + s.EncryptionAlgorithm = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput { s.EncryptionContext = v @@ -6297,15 +8229,23 @@ func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput { return s } +// SetKeyId sets the KeyId field's value. +func (s *DecryptInput) SetKeyId(v string) *DecryptInput { + s.KeyId = &v + return s +} + type DecryptOutput struct { _ struct{} `type:"structure"` - // ARN of the key used to perform the decryption. This value is returned if - // no errors are encountered during the operation. + // The encryption algorithm that was used to decrypt the ciphertext. + EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + + // The ARN of the customer master key that was used to perform the decryption. KeyId *string `min:"1" type:"string"` // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not Base64-encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -6321,6 +8261,12 @@ func (s DecryptOutput) GoString() string { return s.String() } +// SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. +func (s *DecryptOutput) SetEncryptionAlgorithm(v string) *DecryptOutput { + s.EncryptionAlgorithm = &v + return s +} + // SetKeyId sets the KeyId field's value. func (s *DecryptOutput) SetKeyId(v string) *DecryptOutput { s.KeyId = &v @@ -6511,6 +8457,63 @@ func (s DeleteImportedKeyMaterialOutput) GoString() string { return s.String() } +// The system timed out while trying to fulfill the request. The request can +// be retried. +type DependencyTimeoutException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s DependencyTimeoutException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DependencyTimeoutException) GoString() string { + return s.String() +} + +func newErrorDependencyTimeoutException(v protocol.ResponseMetadata) error { + return &DependencyTimeoutException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s DependencyTimeoutException) Code() string { + return "DependencyTimeoutException" +} + +// Message returns the exception's message. +func (s DependencyTimeoutException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s DependencyTimeoutException) OrigErr() error { + return nil +} + +func (s DependencyTimeoutException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s DependencyTimeoutException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s DependencyTimeoutException) RequestID() string { + return s.respMetadata.RequestID +} + type DescribeCustomKeyStoresInput struct { _ struct{} `type:"structure"` @@ -6809,7 +8812,10 @@ func (s DisableKeyOutput) GoString() string { type DisableKeyRotationInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies a symmetric customer master key (CMK). You cannot enable automatic + // rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), + // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -6871,6 +8877,62 @@ func (s DisableKeyRotationOutput) GoString() string { return s.String() } +// The request was rejected because the specified CMK is not enabled. +type DisabledException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s DisabledException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisabledException) GoString() string { + return s.String() +} + +func newErrorDisabledException(v protocol.ResponseMetadata) error { + return &DisabledException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s DisabledException) Code() string { + return "DisabledException" +} + +// Message returns the exception's message. +func (s DisabledException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s DisabledException) OrigErr() error { + return nil +} + +func (s DisabledException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s DisabledException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s DisabledException) RequestID() string { + return s.respMetadata.RequestID +} + type DisconnectCustomKeyStoreInput struct { _ struct{} `type:"structure"` @@ -6995,7 +9057,9 @@ func (s EnableKeyOutput) GoString() string { type EnableKeyRotationInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies a symmetric customer master key (CMK). You cannot enable automatic + // rotation of asymmetric CMKs, CMKs with imported key material, or CMKs in + // a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -7060,10 +9124,27 @@ func (s EnableKeyRotationOutput) GoString() string { type EncryptInput struct { _ struct{} `type:"structure"` - // Name-value pair that specifies the encryption context to be used for authenticated - // encryption. If used here, the same value must be supplied to the Decrypt - // API or decryption will fail. For more information, see Encryption Context - // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). + // Specifies the encryption algorithm that AWS KMS will use to encrypt the plaintext + // message. The algorithm must be compatible with the CMK that you specify. + // + // This parameter is required only for asymmetric CMKs. The default value, SYMMETRIC_DEFAULT, + // is the algorithm used for symmetric CMKs. If you are using an asymmetric + // CMK, we recommend RSAES_OAEP_SHA_256. + EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + + // Specifies the encryption context that will be used to encrypt the data. An + // encryption context is valid only for cryptographic operations with a symmetric + // CMK. The standard asymmetric encryption algorithms that AWS KMS uses do not + // support an encryption context. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. @@ -7134,6 +9215,12 @@ func (s *EncryptInput) Validate() error { return nil } +// SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. +func (s *EncryptInput) SetEncryptionAlgorithm(v string) *EncryptInput { + s.EncryptionAlgorithm = &v + return s +} + // SetEncryptionContext sets the EncryptionContext field's value. func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput { s.EncryptionContext = v @@ -7162,11 +9249,14 @@ type EncryptOutput struct { _ struct{} `type:"structure"` // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` + // The encryption algorithm that was used to encrypt the plaintext. + EncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + // The ID of the key used during encryption. KeyId *string `min:"1" type:"string"` } @@ -7187,16 +9277,87 @@ func (s *EncryptOutput) SetCiphertextBlob(v []byte) *EncryptOutput { return s } +// SetEncryptionAlgorithm sets the EncryptionAlgorithm field's value. +func (s *EncryptOutput) SetEncryptionAlgorithm(v string) *EncryptOutput { + s.EncryptionAlgorithm = &v + return s +} + // SetKeyId sets the KeyId field's value. func (s *EncryptOutput) SetKeyId(v string) *EncryptOutput { s.KeyId = &v return s } +// The request was rejected because the specified import token is expired. Use +// GetParametersForImport to get a new import token and public key, use the +// new public key to encrypt the key material, and then try the request again. +type ExpiredImportTokenException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s ExpiredImportTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExpiredImportTokenException) GoString() string { + return s.String() +} + +func newErrorExpiredImportTokenException(v protocol.ResponseMetadata) error { + return &ExpiredImportTokenException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s ExpiredImportTokenException) Code() string { + return "ExpiredImportTokenException" +} + +// Message returns the exception's message. +func (s ExpiredImportTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s ExpiredImportTokenException) OrigErr() error { + return nil +} + +func (s ExpiredImportTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s ExpiredImportTokenException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s ExpiredImportTokenException) RequestID() string { + return s.respMetadata.RequestID +} + type GenerateDataKeyInput struct { _ struct{} `type:"structure"` - // A set of key-value pairs that represents additional authenticated data. + // Specifies the encryption context that will be used when encrypting the data + // key. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. @@ -7208,7 +9369,7 @@ type GenerateDataKeyInput struct { // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // An identifier for the CMK that encrypts the data key. + // Identifies the symmetric CMK that encrypts the data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify @@ -7230,14 +9391,19 @@ type GenerateDataKeyInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, - // or AES_256 to generate a 256-bit symmetric key. + // Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric + // key, or AES_256 to generate a 256-bit symmetric key. + // + // You must specify either the KeySpec or the NumberOfBytes parameter (but not + // both) in every GenerateDataKey request. KeySpec *string `type:"string" enum:"DataKeySpec"` - // The length of the data key in bytes. For example, use the value 64 to generate - // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit - // and 256-bit symmetric keys), we recommend that you use the KeySpec field - // instead of this one. + // Specifies the length of the data key in bytes. For example, use the value + // 64 to generate a 512-bit data key (64 bytes is 512 bits). For 128-bit (16-byte) + // and 256-bit (32-byte) data keys, use the KeySpec parameter. + // + // You must specify either the KeySpec or the NumberOfBytes parameter (but not + // both) in every GenerateDataKey request. NumberOfBytes *int64 `min:"1" type:"integer"` } @@ -7304,7 +9470,7 @@ type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` // The encrypted copy of the data key. When you use the HTTP API or the AWS - // CLI, the value is Base64-encoded. Otherwise, it is not encoded. + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -7313,8 +9479,9 @@ type GenerateDataKeyOutput struct { KeyId *string `min:"1" type:"string"` // The plaintext data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. Use this data key to encrypt - // your data outside of KMS. Then, remove it from memory as soon as possible. + // is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key + // to encrypt your data outside of KMS. Then, remove it from memory as soon + // as possible. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -7348,10 +9515,17 @@ func (s *GenerateDataKeyOutput) SetPlaintext(v []byte) *GenerateDataKeyOutput { return s } -type GenerateDataKeyWithoutPlaintextInput struct { +type GenerateDataKeyPairInput struct { _ struct{} `type:"structure"` - // A set of key-value pairs that represents additional authenticated data. + // Specifies the encryption context that will be used when encrypting the private + // key in the data key pair. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. @@ -7363,7 +9537,366 @@ type GenerateDataKeyWithoutPlaintextInput struct { // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The identifier of the customer master key (CMK) that encrypts the data key. + // Specifies the symmetric CMK that encrypts the private key in the data key + // pair. You cannot specify an asymmetric CMKs. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Determines the type of data key pair that is generated. + // + // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt + // and decrypt or to sign and verify (but not both), and the rule that permits + // you to use ECC CMKs only to sign and verify, are not effective outside of + // AWS KMS. + // + // KeyPairSpec is a required field + KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` +} + +// String returns the string representation +func (s GenerateDataKeyPairInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyPairInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateDataKeyPairInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyPairInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.KeyPairSpec == nil { + invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *GenerateDataKeyPairInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GenerateDataKeyPairInput) SetGrantTokens(v []*string) *GenerateDataKeyPairInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyPairInput) SetKeyId(v string) *GenerateDataKeyPairInput { + s.KeyId = &v + return s +} + +// SetKeyPairSpec sets the KeyPairSpec field's value. +func (s *GenerateDataKeyPairInput) SetKeyPairSpec(v string) *GenerateDataKeyPairInput { + s.KeyPairSpec = &v + return s +} + +type GenerateDataKeyPairOutput struct { + _ struct{} `type:"structure"` + + // The identifier of the CMK that encrypted the private key. + KeyId *string `min:"1" type:"string"` + + // The type of data key pair that was generated. + KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` + + // The encrypted copy of the private key. When you use the HTTP API or the AWS + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. + PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` + + // The plaintext copy of the private key. When you use the HTTP API or the AWS + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // PrivateKeyPlaintext is automatically base64 encoded/decoded by the SDK. + PrivateKeyPlaintext []byte `min:"1" type:"blob" sensitive:"true"` + + // The public key (in plaintext). + // + // PublicKey is automatically base64 encoded/decoded by the SDK. + PublicKey []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateDataKeyPairOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyPairOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyPairOutput) SetKeyId(v string) *GenerateDataKeyPairOutput { + s.KeyId = &v + return s +} + +// SetKeyPairSpec sets the KeyPairSpec field's value. +func (s *GenerateDataKeyPairOutput) SetKeyPairSpec(v string) *GenerateDataKeyPairOutput { + s.KeyPairSpec = &v + return s +} + +// SetPrivateKeyCiphertextBlob sets the PrivateKeyCiphertextBlob field's value. +func (s *GenerateDataKeyPairOutput) SetPrivateKeyCiphertextBlob(v []byte) *GenerateDataKeyPairOutput { + s.PrivateKeyCiphertextBlob = v + return s +} + +// SetPrivateKeyPlaintext sets the PrivateKeyPlaintext field's value. +func (s *GenerateDataKeyPairOutput) SetPrivateKeyPlaintext(v []byte) *GenerateDataKeyPairOutput { + s.PrivateKeyPlaintext = v + return s +} + +// SetPublicKey sets the PublicKey field's value. +func (s *GenerateDataKeyPairOutput) SetPublicKey(v []byte) *GenerateDataKeyPairOutput { + s.PublicKey = v + return s +} + +type GenerateDataKeyPairWithoutPlaintextInput struct { + _ struct{} `type:"structure"` + + // Specifies the encryption context that will be used when encrypting the private + // key in the data key pair. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Specifies the CMK that encrypts the private key in the data key pair. You + // must specify a symmetric CMK. You cannot use an asymmetric CMK. To get the + // type of your CMK, use the DescribeKey operation. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Determines the type of data key pair that is generated. + // + // The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt + // and decrypt or to sign and verify (but not both), and the rule that permits + // you to use ECC CMKs only to sign and verify, are not effective outside of + // AWS KMS. + // + // KeyPairSpec is a required field + KeyPairSpec *string `type:"string" required:"true" enum:"DataKeyPairSpec"` +} + +// String returns the string representation +func (s GenerateDataKeyPairWithoutPlaintextInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyPairWithoutPlaintextInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateDataKeyPairWithoutPlaintextInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyPairWithoutPlaintextInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.KeyPairSpec == nil { + invalidParams.Add(request.NewErrParamRequired("KeyPairSpec")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionContext sets the EncryptionContext field's value. +func (s *GenerateDataKeyPairWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyPairWithoutPlaintextInput { + s.EncryptionContext = v + return s +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GenerateDataKeyPairWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyPairWithoutPlaintextInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyPairWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyPairWithoutPlaintextInput { + s.KeyId = &v + return s +} + +// SetKeyPairSpec sets the KeyPairSpec field's value. +func (s *GenerateDataKeyPairWithoutPlaintextInput) SetKeyPairSpec(v string) *GenerateDataKeyPairWithoutPlaintextInput { + s.KeyPairSpec = &v + return s +} + +type GenerateDataKeyPairWithoutPlaintextOutput struct { + _ struct{} `type:"structure"` + + // Specifies the CMK that encrypted the private key in the data key pair. You + // must specify a symmetric CMK. You cannot use an asymmetric CMK. To get the + // type of your CMK, use the DescribeKey operation. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + KeyId *string `min:"1" type:"string"` + + // The type of data key pair that was generated. + KeyPairSpec *string `type:"string" enum:"DataKeyPairSpec"` + + // The encrypted copy of the private key. When you use the HTTP API or the AWS + // CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. + // + // PrivateKeyCiphertextBlob is automatically base64 encoded/decoded by the SDK. + PrivateKeyCiphertextBlob []byte `min:"1" type:"blob"` + + // The public key (in plaintext). + // + // PublicKey is automatically base64 encoded/decoded by the SDK. + PublicKey []byte `min:"1" type:"blob"` +} + +// String returns the string representation +func (s GenerateDataKeyPairWithoutPlaintextOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateDataKeyPairWithoutPlaintextOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *GenerateDataKeyPairWithoutPlaintextOutput) SetKeyId(v string) *GenerateDataKeyPairWithoutPlaintextOutput { + s.KeyId = &v + return s +} + +// SetKeyPairSpec sets the KeyPairSpec field's value. +func (s *GenerateDataKeyPairWithoutPlaintextOutput) SetKeyPairSpec(v string) *GenerateDataKeyPairWithoutPlaintextOutput { + s.KeyPairSpec = &v + return s +} + +// SetPrivateKeyCiphertextBlob sets the PrivateKeyCiphertextBlob field's value. +func (s *GenerateDataKeyPairWithoutPlaintextOutput) SetPrivateKeyCiphertextBlob(v []byte) *GenerateDataKeyPairWithoutPlaintextOutput { + s.PrivateKeyCiphertextBlob = v + return s +} + +// SetPublicKey sets the PublicKey field's value. +func (s *GenerateDataKeyPairWithoutPlaintextOutput) SetPublicKey(v []byte) *GenerateDataKeyPairWithoutPlaintextOutput { + s.PublicKey = v + return s +} + +type GenerateDataKeyWithoutPlaintextInput struct { + _ struct{} `type:"structure"` + + // Specifies the encryption context that will be used when encrypting the data + // key. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. + EncryptionContext map[string]*string `type:"map"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // The identifier of the symmetric customer master key (CMK) that encrypts the + // data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify @@ -7459,7 +9992,7 @@ type GenerateDataKeyWithoutPlaintextOutput struct { _ struct{} `type:"structure"` // The encrypted data key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -7544,7 +10077,7 @@ type GenerateRandomOutput struct { _ struct{} `type:"structure"` // The random byte string. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not Base64-encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -7736,8 +10269,8 @@ func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotati type GetParametersForImportInput struct { _ struct{} `type:"structure"` - // The identifier of the CMK into which you will import key material. The CMK's - // Origin must be EXTERNAL. + // The identifier of the symmetric CMK into which you will import key material. + // The Origin of the CMK must be EXTERNAL. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -7875,6 +10408,165 @@ func (s *GetParametersForImportOutput) SetPublicKey(v []byte) *GetParametersForI return s } +type GetPublicKeyInput struct { + _ struct{} `type:"structure"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Identifies the asymmetric CMK that includes the public key. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetPublicKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetPublicKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetPublicKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetPublicKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *GetPublicKeyInput) SetGrantTokens(v []*string) *GetPublicKeyInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GetPublicKeyInput) SetKeyId(v string) *GetPublicKeyInput { + s.KeyId = &v + return s +} + +type GetPublicKeyOutput struct { + _ struct{} `type:"structure"` + + // The type of the of the public key that was downloaded. + CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + + // The encryption algorithms that AWS KMS supports for this key. + // + // This information is critical. If a public key encrypts data outside of AWS + // KMS by using an unsupported encryption algorithm, the ciphertext cannot be + // decrypted. + // + // This field appears in the response only when the KeyUsage of the public key + // is ENCRYPT_DECRYPT. + EncryptionAlgorithms []*string `type:"list"` + + // The identifier of the asymmetric CMK from which the public key was downloaded. + KeyId *string `min:"1" type:"string"` + + // The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or + // SIGN_VERIFY. + // + // This information is critical. If a public key with SIGN_VERIFY key usage + // encrypts data outside of AWS KMS, the ciphertext cannot be decrypted. + KeyUsage *string `type:"string" enum:"KeyUsageType"` + + // The exported public key. + // + // The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo + // (SPKI), as defined in RFC 5280 (https://tools.ietf.org/html/rfc5280). When + // you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, + // it is not Base64-encoded. + // + // PublicKey is automatically base64 encoded/decoded by the SDK. + PublicKey []byte `min:"1" type:"blob"` + + // The signing algorithms that AWS KMS supports for this key. + // + // This field appears in the response only when the KeyUsage of the public key + // is SIGN_VERIFY. + SigningAlgorithms []*string `type:"list"` +} + +// String returns the string representation +func (s GetPublicKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetPublicKeyOutput) GoString() string { + return s.String() +} + +// SetCustomerMasterKeySpec sets the CustomerMasterKeySpec field's value. +func (s *GetPublicKeyOutput) SetCustomerMasterKeySpec(v string) *GetPublicKeyOutput { + s.CustomerMasterKeySpec = &v + return s +} + +// SetEncryptionAlgorithms sets the EncryptionAlgorithms field's value. +func (s *GetPublicKeyOutput) SetEncryptionAlgorithms(v []*string) *GetPublicKeyOutput { + s.EncryptionAlgorithms = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *GetPublicKeyOutput) SetKeyId(v string) *GetPublicKeyOutput { + s.KeyId = &v + return s +} + +// SetKeyUsage sets the KeyUsage field's value. +func (s *GetPublicKeyOutput) SetKeyUsage(v string) *GetPublicKeyOutput { + s.KeyUsage = &v + return s +} + +// SetPublicKey sets the PublicKey field's value. +func (s *GetPublicKeyOutput) SetPublicKey(v []byte) *GetPublicKeyOutput { + s.PublicKey = v + return s +} + +// SetSigningAlgorithms sets the SigningAlgorithms field's value. +func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutput { + s.SigningAlgorithms = v + return s +} + // Use this structure to allow cryptographic operations in the grant only when // the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). // @@ -8047,9 +10739,10 @@ func (s *GrantListEntry) SetRetiringPrincipal(v string) *GrantListEntry { type ImportKeyMaterialInput struct { _ struct{} `type:"structure"` - // The encrypted key material to import. It must be encrypted with the public - // key that you received in the response to a previous GetParametersForImport - // request, using the wrapping algorithm that you specified in that request. + // The encrypted key material to import. The key material must be encrypted + // with the public wrapping key that GetParametersForImport returned, using + // the wrapping algorithm that you specified in the same GetParametersForImport + // request. // // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. // @@ -8070,8 +10763,9 @@ type ImportKeyMaterialInput struct { // ImportToken is a required field ImportToken []byte `min:"1" type:"blob" required:"true"` - // The identifier of the CMK to import the key material into. The CMK's Origin - // must be EXTERNAL. + // The identifier of the symmetric CMK that receives the imported key material. + // The CMK's Origin must be EXTERNAL. This must be the same CMK specified in + // the KeyID parameter of the corresponding GetParametersForImport request. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -8175,6 +10869,828 @@ func (s ImportKeyMaterialOutput) GoString() string { return s.String() } +// The request was rejected because the specified CMK cannot decrypt the data. +// The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request +// must identify the same CMK that was used to encrypt the ciphertext. +type IncorrectKeyException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s IncorrectKeyException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IncorrectKeyException) GoString() string { + return s.String() +} + +func newErrorIncorrectKeyException(v protocol.ResponseMetadata) error { + return &IncorrectKeyException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s IncorrectKeyException) Code() string { + return "IncorrectKeyException" +} + +// Message returns the exception's message. +func (s IncorrectKeyException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s IncorrectKeyException) OrigErr() error { + return nil +} + +func (s IncorrectKeyException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s IncorrectKeyException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s IncorrectKeyException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the key material in the request is, expired, +// invalid, or is not the same key material that was previously imported into +// this customer master key (CMK). +type IncorrectKeyMaterialException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s IncorrectKeyMaterialException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IncorrectKeyMaterialException) GoString() string { + return s.String() +} + +func newErrorIncorrectKeyMaterialException(v protocol.ResponseMetadata) error { + return &IncorrectKeyMaterialException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s IncorrectKeyMaterialException) Code() string { + return "IncorrectKeyMaterialException" +} + +// Message returns the exception's message. +func (s IncorrectKeyMaterialException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s IncorrectKeyMaterialException) OrigErr() error { + return nil +} + +func (s IncorrectKeyMaterialException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s IncorrectKeyMaterialException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s IncorrectKeyMaterialException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the trust anchor certificate in the request +// is not the trust anchor certificate for the specified AWS CloudHSM cluster. +// +// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// you create the trust anchor certificate and save it in the customerCA.crt +// file. +type IncorrectTrustAnchorException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s IncorrectTrustAnchorException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IncorrectTrustAnchorException) GoString() string { + return s.String() +} + +func newErrorIncorrectTrustAnchorException(v protocol.ResponseMetadata) error { + return &IncorrectTrustAnchorException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s IncorrectTrustAnchorException) Code() string { + return "IncorrectTrustAnchorException" +} + +// Message returns the exception's message. +func (s IncorrectTrustAnchorException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s IncorrectTrustAnchorException) OrigErr() error { + return nil +} + +func (s IncorrectTrustAnchorException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s IncorrectTrustAnchorException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s IncorrectTrustAnchorException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because an internal exception occurred. The request +// can be retried. +type InternalException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InternalException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InternalException) GoString() string { + return s.String() +} + +func newErrorInternalException(v protocol.ResponseMetadata) error { + return &InternalException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InternalException) Code() string { + return "KMSInternalException" +} + +// Message returns the exception's message. +func (s InternalException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InternalException) OrigErr() error { + return nil +} + +func (s InternalException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InternalException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InternalException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified alias name is not valid. +type InvalidAliasNameException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidAliasNameException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidAliasNameException) GoString() string { + return s.String() +} + +func newErrorInvalidAliasNameException(v protocol.ResponseMetadata) error { + return &InvalidAliasNameException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidAliasNameException) Code() string { + return "InvalidAliasNameException" +} + +// Message returns the exception's message. +func (s InvalidAliasNameException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidAliasNameException) OrigErr() error { + return nil +} + +func (s InvalidAliasNameException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidAliasNameException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidAliasNameException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +type InvalidArnException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidArnException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidArnException) GoString() string { + return s.String() +} + +func newErrorInvalidArnException(v protocol.ResponseMetadata) error { + return &InvalidArnException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidArnException) Code() string { + return "InvalidArnException" +} + +// Message returns the exception's message. +func (s InvalidArnException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidArnException) OrigErr() error { + return nil +} + +func (s InvalidArnException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidArnException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidArnException) RequestID() string { + return s.respMetadata.RequestID +} + +// From the Decrypt or ReEncrypt operation, the request was rejected because +// the specified ciphertext, or additional authenticated data incorporated into +// the ciphertext, such as the encryption context, is corrupted, missing, or +// otherwise invalid. +// +// From the ImportKeyMaterial operation, the request was rejected because AWS +// KMS could not decrypt the encrypted (wrapped) key material. +type InvalidCiphertextException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidCiphertextException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidCiphertextException) GoString() string { + return s.String() +} + +func newErrorInvalidCiphertextException(v protocol.ResponseMetadata) error { + return &InvalidCiphertextException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidCiphertextException) Code() string { + return "InvalidCiphertextException" +} + +// Message returns the exception's message. +func (s InvalidCiphertextException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidCiphertextException) OrigErr() error { + return nil +} + +func (s InvalidCiphertextException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidCiphertextException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidCiphertextException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified GrantId is not valid. +type InvalidGrantIdException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidGrantIdException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidGrantIdException) GoString() string { + return s.String() +} + +func newErrorInvalidGrantIdException(v protocol.ResponseMetadata) error { + return &InvalidGrantIdException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidGrantIdException) Code() string { + return "InvalidGrantIdException" +} + +// Message returns the exception's message. +func (s InvalidGrantIdException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidGrantIdException) OrigErr() error { + return nil +} + +func (s InvalidGrantIdException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidGrantIdException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidGrantIdException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified grant token is not valid. +type InvalidGrantTokenException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidGrantTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidGrantTokenException) GoString() string { + return s.String() +} + +func newErrorInvalidGrantTokenException(v protocol.ResponseMetadata) error { + return &InvalidGrantTokenException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidGrantTokenException) Code() string { + return "InvalidGrantTokenException" +} + +// Message returns the exception's message. +func (s InvalidGrantTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidGrantTokenException) OrigErr() error { + return nil +} + +func (s InvalidGrantTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidGrantTokenException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidGrantTokenException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the provided import token is invalid or +// is associated with a different customer master key (CMK). +type InvalidImportTokenException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidImportTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidImportTokenException) GoString() string { + return s.String() +} + +func newErrorInvalidImportTokenException(v protocol.ResponseMetadata) error { + return &InvalidImportTokenException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidImportTokenException) Code() string { + return "InvalidImportTokenException" +} + +// Message returns the exception's message. +func (s InvalidImportTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidImportTokenException) OrigErr() error { + return nil +} + +func (s InvalidImportTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidImportTokenException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidImportTokenException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected for one of the following reasons: +// +// * The KeyUsage value of the CMK is incompatible with the API operation. +// +// * The encryption algorithm or signing algorithm specified for the operation +// is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). +// +// For encrypting, decrypting, re-encrypting, and generating data keys, the +// KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage +// must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. +// +// To find the encryption or signing algorithms supported for a particular CMK, +// use the DescribeKey operation. +type InvalidKeyUsageException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidKeyUsageException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidKeyUsageException) GoString() string { + return s.String() +} + +func newErrorInvalidKeyUsageException(v protocol.ResponseMetadata) error { + return &InvalidKeyUsageException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidKeyUsageException) Code() string { + return "InvalidKeyUsageException" +} + +// Message returns the exception's message. +func (s InvalidKeyUsageException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidKeyUsageException) OrigErr() error { + return nil +} + +func (s InvalidKeyUsageException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidKeyUsageException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidKeyUsageException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +type InvalidMarkerException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidMarkerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidMarkerException) GoString() string { + return s.String() +} + +func newErrorInvalidMarkerException(v protocol.ResponseMetadata) error { + return &InvalidMarkerException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidMarkerException) Code() string { + return "InvalidMarkerException" +} + +// Message returns the exception's message. +func (s InvalidMarkerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidMarkerException) OrigErr() error { + return nil +} + +func (s InvalidMarkerException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidMarkerException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidMarkerException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +type InvalidStateException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidStateException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidStateException) GoString() string { + return s.String() +} + +func newErrorInvalidStateException(v protocol.ResponseMetadata) error { + return &InvalidStateException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidStateException) Code() string { + return "KMSInvalidStateException" +} + +// Message returns the exception's message. +func (s InvalidStateException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidStateException) OrigErr() error { + return nil +} + +func (s InvalidStateException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidStateException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidStateException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the signature verification failed. Signature +// verification fails when it cannot confirm that signature was produced by +// signing the specified message with the specified CMK and signing algorithm. +type KMSInvalidSignatureException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s KMSInvalidSignatureException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KMSInvalidSignatureException) GoString() string { + return s.String() +} + +func newErrorKMSInvalidSignatureException(v protocol.ResponseMetadata) error { + return &KMSInvalidSignatureException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s KMSInvalidSignatureException) Code() string { + return "KMSInvalidSignatureException" +} + +// Message returns the exception's message. +func (s KMSInvalidSignatureException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s KMSInvalidSignatureException) OrigErr() error { + return nil +} + +func (s KMSInvalidSignatureException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s KMSInvalidSignatureException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s KMSInvalidSignatureException) RequestID() string { + return s.respMetadata.RequestID +} + // Contains information about each entry in the key list. type KeyListEntry struct { _ struct{} `type:"structure"` @@ -8238,6 +11754,9 @@ type KeyMetadata struct { // in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` + // Describes the type of key material in the CMK. + CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` + // The date and time after which AWS KMS deletes the CMK. This value is present // only when KeyState is PendingDeletion. DeletionDate *time.Time `type:"timestamp"` @@ -8249,6 +11768,12 @@ type KeyMetadata struct { // is true, otherwise it is false. Enabled *bool `type:"boolean"` + // A list of encryption algorithms that the CMK supports. You cannot use the + // CMK with other encryption algorithms within AWS KMS. + // + // This field appears only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. + EncryptionAlgorithms []*string `type:"list"` + // Specifies whether the CMK's key material expires. This value is present only // when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` @@ -8271,9 +11796,7 @@ type KeyMetadata struct { // in the AWS Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` - // The cryptographic operations for which you can use the CMK. The only valid - // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and - // decrypt data. + // The cryptographic operations for which you can use the CMK. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS @@ -8283,6 +11806,12 @@ type KeyMetadata struct { // in the AWS CloudHSM cluster associated with a custom key store. Origin *string `type:"string" enum:"OriginType"` + // A list of signing algorithms that the CMK supports. You cannot use the CMK + // with other signing algorithms within AWS KMS. + // + // This field appears only when the KeyUsage of the CMK is SIGN_VERIFY. + SigningAlgorithms []*string `type:"list"` + // The time at which the imported key material expires. When the key material // expires, AWS KMS deletes the key material and the CMK becomes unusable. This // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel @@ -8330,6 +11859,12 @@ func (s *KeyMetadata) SetCustomKeyStoreId(v string) *KeyMetadata { return s } +// SetCustomerMasterKeySpec sets the CustomerMasterKeySpec field's value. +func (s *KeyMetadata) SetCustomerMasterKeySpec(v string) *KeyMetadata { + s.CustomerMasterKeySpec = &v + return s +} + // SetDeletionDate sets the DeletionDate field's value. func (s *KeyMetadata) SetDeletionDate(v time.Time) *KeyMetadata { s.DeletionDate = &v @@ -8348,6 +11883,12 @@ func (s *KeyMetadata) SetEnabled(v bool) *KeyMetadata { return s } +// SetEncryptionAlgorithms sets the EncryptionAlgorithms field's value. +func (s *KeyMetadata) SetEncryptionAlgorithms(v []*string) *KeyMetadata { + s.EncryptionAlgorithms = v + return s +} + // SetExpirationModel sets the ExpirationModel field's value. func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata { s.ExpirationModel = &v @@ -8384,12 +11925,133 @@ func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { return s } +// SetSigningAlgorithms sets the SigningAlgorithms field's value. +func (s *KeyMetadata) SetSigningAlgorithms(v []*string) *KeyMetadata { + s.SigningAlgorithms = v + return s +} + // SetValidTo sets the ValidTo field's value. func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { s.ValidTo = &v return s } +// The request was rejected because the specified CMK was not available. You +// can retry the request. +type KeyUnavailableException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s KeyUnavailableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyUnavailableException) GoString() string { + return s.String() +} + +func newErrorKeyUnavailableException(v protocol.ResponseMetadata) error { + return &KeyUnavailableException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s KeyUnavailableException) Code() string { + return "KeyUnavailableException" +} + +// Message returns the exception's message. +func (s KeyUnavailableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s KeyUnavailableException) OrigErr() error { + return nil +} + +func (s KeyUnavailableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s KeyUnavailableException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s KeyUnavailableException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +type LimitExceededException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s LimitExceededException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LimitExceededException) GoString() string { + return s.String() +} + +func newErrorLimitExceededException(v protocol.ResponseMetadata) error { + return &LimitExceededException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s LimitExceededException) Code() string { + return "LimitExceededException" +} + +// Message returns the exception's message. +func (s LimitExceededException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s LimitExceededException) OrigErr() error { + return nil +} + +func (s LimitExceededException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s LimitExceededException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s LimitExceededException) RequestID() string { + return s.respMetadata.RequestID +} + type ListAliasesInput struct { _ struct{} `type:"structure"` @@ -9075,6 +12737,120 @@ func (s *ListRetirableGrantsInput) SetRetiringPrincipal(v string) *ListRetirable return s } +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +type MalformedPolicyDocumentException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s MalformedPolicyDocumentException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MalformedPolicyDocumentException) GoString() string { + return s.String() +} + +func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { + return &MalformedPolicyDocumentException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s MalformedPolicyDocumentException) Code() string { + return "MalformedPolicyDocumentException" +} + +// Message returns the exception's message. +func (s MalformedPolicyDocumentException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s MalformedPolicyDocumentException) OrigErr() error { + return nil +} + +func (s MalformedPolicyDocumentException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s MalformedPolicyDocumentException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s MalformedPolicyDocumentException) RequestID() string { + return s.respMetadata.RequestID +} + +// The request was rejected because the specified entity or resource could not +// be found. +type NotFoundException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s NotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NotFoundException) GoString() string { + return s.String() +} + +func newErrorNotFoundException(v protocol.ResponseMetadata) error { + return &NotFoundException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s NotFoundException) Code() string { + return "NotFoundException" +} + +// Message returns the exception's message. +func (s NotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s NotFoundException) OrigErr() error { + return nil +} + +func (s NotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s NotFoundException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s NotFoundException) RequestID() string { + return s.respMetadata.RequestID +} + type PutKeyPolicyInput struct { _ struct{} `type:"structure"` @@ -9127,7 +12903,9 @@ type PutKeyPolicyInput struct { // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // - // The key policy size limit is 32 kilobytes (32768 bytes). + // The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, + // see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) + // in the AWS Key Management Service Developer Guide. // // Policy is a required field Policy *string `min:"1" type:"string" required:"true"` @@ -9224,10 +13002,33 @@ type ReEncryptInput struct { // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` - // Encryption context to use when the data is reencrypted. + // Specifies the encryption algorithm that AWS KMS will use to reecrypt the + // data after it has decrypted it. The default value, SYMMETRIC_DEFAULT, represents + // the encryption algorithm used for symmetric CMKs. + // + // This parameter is required only when the destination CMK is an asymmetric + // CMK. + DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + + // Specifies that encryption context to use when the reencrypting the data. + // + // A destination encryption context is valid only when the destination CMK is + // a symmetric CMK. The standard ciphertext format for asymmetric CMKs does + // not include fields for metadata. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. DestinationEncryptionContext map[string]*string `type:"map"` - // A unique identifier for the CMK that is used to reencrypt the data. + // A unique identifier for the CMK that is used to reencrypt the data. Specify + // a symmetric or asymmetric CMK with a KeyUsage value of ENCRYPT_DECRYPT. To + // find the KeyUsage value of a CMK, use the DescribeKey operation. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify @@ -9255,9 +13056,58 @@ type ReEncryptInput struct { // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Encryption context used to encrypt and decrypt the data specified in the - // CiphertextBlob parameter. + // Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext + // before it is reencrypted. The default value, SYMMETRIC_DEFAULT, represents + // the algorithm used for symmetric CMKs. + // + // Specify the same algorithm that was used to encrypt the ciphertext. If you + // specify a different algorithm, the decrypt attempt fails. + // + // This parameter is required only when the ciphertext was encrypted under an + // asymmetric CMK. + SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + + // Specifies the encryption context to use to decrypt the ciphertext. Enter + // the same encryption context that was used to encrypt the ciphertext. + // + // An encryption context is a collection of non-secret key-value pairs that + // represents additional authenticated data. When you use an encryption context + // to encrypt data, you must specify the same (an exact case-sensitive match) + // encryption context to decrypt the data. An encryption context is optional + // when encrypting with a symmetric CMK, but it is highly recommended. + // + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide. SourceEncryptionContext map[string]*string `type:"map"` + + // A unique identifier for the CMK that is used to decrypt the ciphertext before + // it reencrypts it using the destination CMK. + // + // This parameter is required only when the ciphertext was encrypted under an + // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the + // ciphertext blob to determine which CMK was used to encrypt the ciphertext. + // However, you can use this parameter to ensure that a particular CMK (of any + // kind) is used to decrypt the ciphertext before it is reencrypted. + // + // If you specify a KeyId value, the decrypt part of the ReEncrypt operation + // succeeds only if the specified CMK was used to encrypt the ciphertext. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + SourceKeyId *string `min:"1" type:"string"` } // String returns the string representation @@ -9285,6 +13135,9 @@ func (s *ReEncryptInput) Validate() error { if s.DestinationKeyId != nil && len(*s.DestinationKeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("DestinationKeyId", 1)) } + if s.SourceKeyId != nil && len(*s.SourceKeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SourceKeyId", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -9298,6 +13151,12 @@ func (s *ReEncryptInput) SetCiphertextBlob(v []byte) *ReEncryptInput { return s } +// SetDestinationEncryptionAlgorithm sets the DestinationEncryptionAlgorithm field's value. +func (s *ReEncryptInput) SetDestinationEncryptionAlgorithm(v string) *ReEncryptInput { + s.DestinationEncryptionAlgorithm = &v + return s +} + // SetDestinationEncryptionContext sets the DestinationEncryptionContext field's value. func (s *ReEncryptInput) SetDestinationEncryptionContext(v map[string]*string) *ReEncryptInput { s.DestinationEncryptionContext = v @@ -9316,24 +13175,43 @@ func (s *ReEncryptInput) SetGrantTokens(v []*string) *ReEncryptInput { return s } +// SetSourceEncryptionAlgorithm sets the SourceEncryptionAlgorithm field's value. +func (s *ReEncryptInput) SetSourceEncryptionAlgorithm(v string) *ReEncryptInput { + s.SourceEncryptionAlgorithm = &v + return s +} + // SetSourceEncryptionContext sets the SourceEncryptionContext field's value. func (s *ReEncryptInput) SetSourceEncryptionContext(v map[string]*string) *ReEncryptInput { s.SourceEncryptionContext = v return s } +// SetSourceKeyId sets the SourceKeyId field's value. +func (s *ReEncryptInput) SetSourceKeyId(v string) *ReEncryptInput { + s.SourceKeyId = &v + return s +} + type ReEncryptOutput struct { _ struct{} `type:"structure"` // The reencrypted data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not Base64-encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` + // The encryption algorithm that was used to reencrypt the data. + DestinationEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + // Unique identifier of the CMK used to reencrypt the data. KeyId *string `min:"1" type:"string"` + // The encryption algorithm that was used to decrypt the ciphertext before it + // was reencrypted. + SourceEncryptionAlgorithm *string `type:"string" enum:"EncryptionAlgorithmSpec"` + // Unique identifier of the CMK used to originally encrypt the data. SourceKeyId *string `min:"1" type:"string"` } @@ -9354,12 +13232,24 @@ func (s *ReEncryptOutput) SetCiphertextBlob(v []byte) *ReEncryptOutput { return s } +// SetDestinationEncryptionAlgorithm sets the DestinationEncryptionAlgorithm field's value. +func (s *ReEncryptOutput) SetDestinationEncryptionAlgorithm(v string) *ReEncryptOutput { + s.DestinationEncryptionAlgorithm = &v + return s +} + // SetKeyId sets the KeyId field's value. func (s *ReEncryptOutput) SetKeyId(v string) *ReEncryptOutput { s.KeyId = &v return s } +// SetSourceEncryptionAlgorithm sets the SourceEncryptionAlgorithm field's value. +func (s *ReEncryptOutput) SetSourceEncryptionAlgorithm(v string) *ReEncryptOutput { + s.SourceEncryptionAlgorithm = &v + return s +} + // SetSourceKeyId sets the SourceKeyId field's value. func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { s.SourceKeyId = &v @@ -9628,6 +13518,185 @@ func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutpu return s } +type SignInput struct { + _ struct{} `type:"structure"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Identifies an asymmetric CMK. AWS KMS uses the private key in the asymmetric + // CMK to sign the message. The KeyUsage type of the CMK must be SIGN_VERIFY. + // To find the KeyUsage of a CMK, use the DescribeKey operation. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Specifies the message or message digest to sign. Messages can be 0-4096 bytes. + // To sign a larger message, provide the message digest. + // + // If you provide a message, AWS KMS generates a hash digest of the message + // and then signs it. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` + + // Tells AWS KMS whether the value of the Message parameter is a message or + // message digest. The default value, RAW, indicates a message. To indicate + // a message digest, enter DIGEST. + MessageType *string `type:"string" enum:"MessageType"` + + // Specifies the signing algorithm to use when signing the message. + // + // Choose an algorithm that is compatible with the type and size of the specified + // asymmetric CMK. + // + // SigningAlgorithm is a required field + SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation +func (s SignInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SignInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SignInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SignInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + if s.SigningAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *SignInput) SetGrantTokens(v []*string) *SignInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *SignInput) SetKeyId(v string) *SignInput { + s.KeyId = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *SignInput) SetMessage(v []byte) *SignInput { + s.Message = v + return s +} + +// SetMessageType sets the MessageType field's value. +func (s *SignInput) SetMessageType(v string) *SignInput { + s.MessageType = &v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *SignInput) SetSigningAlgorithm(v string) *SignInput { + s.SigningAlgorithm = &v + return s +} + +type SignOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the asymmetric CMK that was used to sign + // the message. + KeyId *string `min:"1" type:"string"` + + // The cryptographic signature that was generated for the message. + // + // * When used with the supported RSA signing algorithms, the encoding of + // this value is defined by PKCS #1 in RFC 8017 (https://tools.ietf.org/html/rfc8017). + // + // * When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing + // algorithms, this value is a DER-encoded object as defined by ANS X9.62–2005 + // and RFC 3279 Section 2.2.3 (https://tools.ietf.org/html/rfc3279#section-2.2.3). + // This is the most commonly used signature format and is appropriate for + // most uses. + // + // When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, + // it is not Base64-encoded. + // + // Signature is automatically base64 encoded/decoded by the SDK. + Signature []byte `min:"1" type:"blob"` + + // The signing algorithm that was used to sign the message. + SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation +func (s SignOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SignOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *SignOutput) SetKeyId(v string) *SignOutput { + s.KeyId = &v + return s +} + +// SetSignature sets the Signature field's value. +func (s *SignOutput) SetSignature(v []byte) *SignOutput { + s.Signature = v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *SignOutput) SetSigningAlgorithm(v string) *SignOutput { + s.SigningAlgorithm = &v + return s +} + // A key-value pair. A tag consists of a tag key and a tag value. Tag keys and // tag values are both required, but tag values can be empty (null) strings. // @@ -9689,6 +13758,62 @@ func (s *Tag) SetTagValue(v string) *Tag { return s } +// The request was rejected because one or more tags are not valid. +type TagException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s TagException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TagException) GoString() string { + return s.String() +} + +func newErrorTagException(v protocol.ResponseMetadata) error { + return &TagException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s TagException) Code() string { + return "TagException" +} + +// Message returns the exception's message. +func (s TagException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s TagException) OrigErr() error { + return nil +} + +func (s TagException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s TagException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s TagException) RequestID() string { + return s.respMetadata.RequestID +} + type TagResourceInput struct { _ struct{} `type:"structure"` @@ -9778,6 +13903,63 @@ func (s TagResourceOutput) GoString() string { return s.String() } +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +type UnsupportedOperationException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s UnsupportedOperationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UnsupportedOperationException) GoString() string { + return s.String() +} + +func newErrorUnsupportedOperationException(v protocol.ResponseMetadata) error { + return &UnsupportedOperationException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s UnsupportedOperationException) Code() string { + return "UnsupportedOperationException" +} + +// Message returns the exception's message. +func (s UnsupportedOperationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s UnsupportedOperationException) OrigErr() error { + return nil +} + +func (s UnsupportedOperationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s UnsupportedOperationException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s UnsupportedOperationException) RequestID() string { + return s.respMetadata.RequestID +} + type UntagResourceInput struct { _ struct{} `type:"structure"` @@ -9860,14 +14042,19 @@ func (s UntagResourceOutput) GoString() string { type UpdateAliasInput struct { _ struct{} `type:"structure"` - // Specifies the name of the alias to change. This value must begin with alias/ - // followed by the alias name, such as alias/ExampleAlias. + // Identifies the alias that is changing its CMK. This value must begin with + // alias/ followed by the alias name, such as alias/ExampleAlias. You cannot + // use UpdateAlias to change the alias name. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Unique identifier of the customer master key (CMK) to be mapped to the alias. - // When the update operation completes, the alias will point to this CMK. + // Identifies the CMK to associate with the alias. When the update operation + // completes, the alias will point to this CMK. + // + // The CMK must be in the same AWS account and Region as the alias. Also, the + // new target CMK must be the same type as the current target CMK (both symmetric + // or both asymmetric) and they must have the same key usage. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -9971,7 +14158,7 @@ type UpdateCustomKeyStoreInput struct { // This parameter tells AWS KMS the current password of the kmsuser crypto user // (CU). It does not set or change the password of any users in the AWS CloudHSM // cluster. - KeyStorePassword *string `min:"1" type:"string" sensitive:"true"` + KeyStorePassword *string `min:"7" type:"string" sensitive:"true"` // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the AWS account. @@ -10000,8 +14187,8 @@ func (s *UpdateCustomKeyStoreInput) Validate() error { if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } - if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) + if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 7)) } if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) @@ -10130,6 +14317,197 @@ func (s UpdateKeyDescriptionOutput) GoString() string { return s.String() } +type VerifyInput struct { + _ struct{} `type:"structure"` + + // A list of grant tokens. + // + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // in the AWS Key Management Service Developer Guide. + GrantTokens []*string `type:"list"` + + // Identifies the asymmetric CMK that will be used to verify the signature. + // This must be the same CMK that was used to generate the signature. If you + // specify a different CMK, the signature verification fails. + // + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To + // get the alias name and alias ARN, use ListAliases. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // Specifies the message that was signed. You can submit a raw message of up + // to 4096 bytes, or a hash digest of the message. If you submit a digest, use + // the MessageType parameter with a value of DIGEST. + // + // If the message specified here is different from the message that was signed, + // the signature verification fails. A message and its hash digest are considered + // to be the same message. + // + // Message is automatically base64 encoded/decoded by the SDK. + // + // Message is a required field + Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"` + + // Tells AWS KMS whether the value of the Message parameter is a message or + // message digest. The default value, RAW, indicates a message. To indicate + // a message digest, enter DIGEST. + // + // Use the DIGEST value only when the value of the Message parameter is a message + // digest. If you use the DIGEST value with a raw message, the security of the + // verification operation can be compromised. + MessageType *string `type:"string" enum:"MessageType"` + + // The signature that the Sign operation generated. + // + // Signature is automatically base64 encoded/decoded by the SDK. + // + // Signature is a required field + Signature []byte `min:"1" type:"blob" required:"true"` + + // The signing algorithm that was used to sign the message. If you submit a + // different algorithm, the signature verification fails. + // + // SigningAlgorithm is a required field + SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation +func (s VerifyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VerifyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Message == nil { + invalidParams.Add(request.NewErrParamRequired("Message")) + } + if s.Message != nil && len(s.Message) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Message", 1)) + } + if s.Signature == nil { + invalidParams.Add(request.NewErrParamRequired("Signature")) + } + if s.Signature != nil && len(s.Signature) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Signature", 1)) + } + if s.SigningAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("SigningAlgorithm")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantTokens sets the GrantTokens field's value. +func (s *VerifyInput) SetGrantTokens(v []*string) *VerifyInput { + s.GrantTokens = v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyInput) SetKeyId(v string) *VerifyInput { + s.KeyId = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *VerifyInput) SetMessage(v []byte) *VerifyInput { + s.Message = v + return s +} + +// SetMessageType sets the MessageType field's value. +func (s *VerifyInput) SetMessageType(v string) *VerifyInput { + s.MessageType = &v + return s +} + +// SetSignature sets the Signature field's value. +func (s *VerifyInput) SetSignature(v []byte) *VerifyInput { + s.Signature = v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *VerifyInput) SetSigningAlgorithm(v string) *VerifyInput { + s.SigningAlgorithm = &v + return s +} + +type VerifyOutput struct { + _ struct{} `type:"structure"` + + // The unique identifier for the asymmetric CMK that was used to verify the + // signature. + KeyId *string `min:"1" type:"string"` + + // A Boolean value that indicates whether the signature was verified. A value + // of True indicates that the Signature was produced by signing the Message + // with the specified KeyID and SigningAlgorithm. If the signature is not verified, + // the Verify operation fails with a KMSInvalidSignatureException exception. + SignatureValid *bool `type:"boolean"` + + // The signing algorithm that was used to verify the signature. + SigningAlgorithm *string `type:"string" enum:"SigningAlgorithmSpec"` +} + +// String returns the string representation +func (s VerifyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VerifyOutput) GoString() string { + return s.String() +} + +// SetKeyId sets the KeyId field's value. +func (s *VerifyOutput) SetKeyId(v string) *VerifyOutput { + s.KeyId = &v + return s +} + +// SetSignatureValid sets the SignatureValid field's value. +func (s *VerifyOutput) SetSignatureValid(v bool) *VerifyOutput { + s.SignatureValid = &v + return s +} + +// SetSigningAlgorithm sets the SigningAlgorithm field's value. +func (s *VerifyOutput) SetSigningAlgorithm(v string) *VerifyOutput { + s.SigningAlgorithm = &v + return s +} + const ( // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" @@ -10159,6 +14537,15 @@ const ( // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" + + // ConnectionErrorCodeTypeUserNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserNotFound = "USER_NOT_FOUND" + + // ConnectionErrorCodeTypeUserLoggedIn is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeUserLoggedIn = "USER_LOGGED_IN" + + // ConnectionErrorCodeTypeSubnetNotFound is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeSubnetNotFound = "SUBNET_NOT_FOUND" ) const ( @@ -10178,6 +14565,55 @@ const ( ConnectionStateTypeDisconnecting = "DISCONNECTING" ) +const ( + // CustomerMasterKeySpecRsa2048 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecRsa2048 = "RSA_2048" + + // CustomerMasterKeySpecRsa3072 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecRsa3072 = "RSA_3072" + + // CustomerMasterKeySpecRsa4096 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecRsa4096 = "RSA_4096" + + // CustomerMasterKeySpecEccNistP256 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecEccNistP256 = "ECC_NIST_P256" + + // CustomerMasterKeySpecEccNistP384 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecEccNistP384 = "ECC_NIST_P384" + + // CustomerMasterKeySpecEccNistP521 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecEccNistP521 = "ECC_NIST_P521" + + // CustomerMasterKeySpecEccSecgP256k1 is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecEccSecgP256k1 = "ECC_SECG_P256K1" + + // CustomerMasterKeySpecSymmetricDefault is a CustomerMasterKeySpec enum value + CustomerMasterKeySpecSymmetricDefault = "SYMMETRIC_DEFAULT" +) + +const ( + // DataKeyPairSpecRsa2048 is a DataKeyPairSpec enum value + DataKeyPairSpecRsa2048 = "RSA_2048" + + // DataKeyPairSpecRsa3072 is a DataKeyPairSpec enum value + DataKeyPairSpecRsa3072 = "RSA_3072" + + // DataKeyPairSpecRsa4096 is a DataKeyPairSpec enum value + DataKeyPairSpecRsa4096 = "RSA_4096" + + // DataKeyPairSpecEccNistP256 is a DataKeyPairSpec enum value + DataKeyPairSpecEccNistP256 = "ECC_NIST_P256" + + // DataKeyPairSpecEccNistP384 is a DataKeyPairSpec enum value + DataKeyPairSpecEccNistP384 = "ECC_NIST_P384" + + // DataKeyPairSpecEccNistP521 is a DataKeyPairSpec enum value + DataKeyPairSpecEccNistP521 = "ECC_NIST_P521" + + // DataKeyPairSpecEccSecgP256k1 is a DataKeyPairSpec enum value + DataKeyPairSpecEccSecgP256k1 = "ECC_SECG_P256K1" +) + const ( // DataKeySpecAes256 is a DataKeySpec enum value DataKeySpecAes256 = "AES_256" @@ -10186,6 +14622,17 @@ const ( DataKeySpecAes128 = "AES_128" ) +const ( + // EncryptionAlgorithmSpecSymmetricDefault is a EncryptionAlgorithmSpec enum value + EncryptionAlgorithmSpecSymmetricDefault = "SYMMETRIC_DEFAULT" + + // EncryptionAlgorithmSpecRsaesOaepSha1 is a EncryptionAlgorithmSpec enum value + EncryptionAlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" + + // EncryptionAlgorithmSpecRsaesOaepSha256 is a EncryptionAlgorithmSpec enum value + EncryptionAlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" +) + const ( // ExpirationModelTypeKeyMaterialExpires is a ExpirationModelType enum value ExpirationModelTypeKeyMaterialExpires = "KEY_MATERIAL_EXPIRES" @@ -10213,6 +14660,15 @@ const ( // GrantOperationReEncryptTo is a GrantOperation enum value GrantOperationReEncryptTo = "ReEncryptTo" + // GrantOperationSign is a GrantOperation enum value + GrantOperationSign = "Sign" + + // GrantOperationVerify is a GrantOperation enum value + GrantOperationVerify = "Verify" + + // GrantOperationGetPublicKey is a GrantOperation enum value + GrantOperationGetPublicKey = "GetPublicKey" + // GrantOperationCreateGrant is a GrantOperation enum value GrantOperationCreateGrant = "CreateGrant" @@ -10221,6 +14677,12 @@ const ( // GrantOperationDescribeKey is a GrantOperation enum value GrantOperationDescribeKey = "DescribeKey" + + // GrantOperationGenerateDataKeyPair is a GrantOperation enum value + GrantOperationGenerateDataKeyPair = "GenerateDataKeyPair" + + // GrantOperationGenerateDataKeyPairWithoutPlaintext is a GrantOperation enum value + GrantOperationGenerateDataKeyPairWithoutPlaintext = "GenerateDataKeyPairWithoutPlaintext" ) const ( @@ -10249,10 +14711,21 @@ const ( ) const ( + // KeyUsageTypeSignVerify is a KeyUsageType enum value + KeyUsageTypeSignVerify = "SIGN_VERIFY" + // KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" ) +const ( + // MessageTypeRaw is a MessageType enum value + MessageTypeRaw = "RAW" + + // MessageTypeDigest is a MessageType enum value + MessageTypeDigest = "DIGEST" +) + const ( // OriginTypeAwsKms is a OriginType enum value OriginTypeAwsKms = "AWS_KMS" @@ -10264,6 +14737,35 @@ const ( OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" ) +const ( + // SigningAlgorithmSpecRsassaPssSha256 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPssSha256 = "RSASSA_PSS_SHA_256" + + // SigningAlgorithmSpecRsassaPssSha384 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPssSha384 = "RSASSA_PSS_SHA_384" + + // SigningAlgorithmSpecRsassaPssSha512 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPssSha512 = "RSASSA_PSS_SHA_512" + + // SigningAlgorithmSpecRsassaPkcs1V15Sha256 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPkcs1V15Sha256 = "RSASSA_PKCS1_V1_5_SHA_256" + + // SigningAlgorithmSpecRsassaPkcs1V15Sha384 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPkcs1V15Sha384 = "RSASSA_PKCS1_V1_5_SHA_384" + + // SigningAlgorithmSpecRsassaPkcs1V15Sha512 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecRsassaPkcs1V15Sha512 = "RSASSA_PKCS1_V1_5_SHA_512" + + // SigningAlgorithmSpecEcdsaSha256 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecEcdsaSha256 = "ECDSA_SHA_256" + + // SigningAlgorithmSpecEcdsaSha384 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecEcdsaSha384 = "ECDSA_SHA_384" + + // SigningAlgorithmSpecEcdsaSha512 is a SigningAlgorithmSpec enum value + SigningAlgorithmSpecEcdsaSha512 = "ECDSA_SHA_512" +) + const ( // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value WrappingKeySpecRsa2048 = "RSA_2048" diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index e8ce42f3b9..911bf576eb 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -2,6 +2,10 @@ package kms +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + const ( // ErrCodeAlreadyExistsException for service response error code @@ -156,17 +160,25 @@ const ( // ErrCodeExpiredImportTokenException for service response error code // "ExpiredImportTokenException". // - // The request was rejected because the provided import token is expired. Use + // The request was rejected because the specified import token is expired. Use // GetParametersForImport to get a new import token and public key, use the // new public key to encrypt the key material, and then try the request again. ErrCodeExpiredImportTokenException = "ExpiredImportTokenException" + // ErrCodeIncorrectKeyException for service response error code + // "IncorrectKeyException". + // + // The request was rejected because the specified CMK cannot decrypt the data. + // The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request + // must identify the same CMK that was used to encrypt the ciphertext. + ErrCodeIncorrectKeyException = "IncorrectKeyException" + // ErrCodeIncorrectKeyMaterialException for service response error code // "IncorrectKeyMaterialException". // - // The request was rejected because the provided key material is invalid or - // is not the same key material that was previously imported into this customer - // master key (CMK). + // The request was rejected because the key material in the request is, expired, + // invalid, or is not the same key material that was previously imported into + // this customer master key (CMK). ErrCodeIncorrectKeyMaterialException = "IncorrectKeyMaterialException" // ErrCodeIncorrectTrustAnchorException for service response error code @@ -203,9 +215,13 @@ const ( // ErrCodeInvalidCiphertextException for service response error code // "InvalidCiphertextException". // - // The request was rejected because the specified ciphertext, or additional - // authenticated data incorporated into the ciphertext, such as the encryption - // context, is corrupted, missing, or otherwise invalid. + // From the Decrypt or ReEncrypt operation, the request was rejected because + // the specified ciphertext, or additional authenticated data incorporated into + // the ciphertext, such as the encryption context, is corrupted, missing, or + // otherwise invalid. + // + // From the ImportKeyMaterial operation, the request was rejected because AWS + // KMS could not decrypt the encrypted (wrapped) key material. ErrCodeInvalidCiphertextException = "InvalidCiphertextException" // ErrCodeInvalidGrantIdException for service response error code @@ -230,7 +246,19 @@ const ( // ErrCodeInvalidKeyUsageException for service response error code // "InvalidKeyUsageException". // - // The request was rejected because the specified KeySpec value is not valid. + // The request was rejected for one of the following reasons: + // + // * The KeyUsage value of the CMK is incompatible with the API operation. + // + // * The encryption algorithm or signing algorithm specified for the operation + // is incompatible with the type of key material in the CMK (CustomerMasterKeySpec). + // + // For encrypting, decrypting, re-encrypting, and generating data keys, the + // KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage + // must be SIGN_VERIFY. To find the KeyUsage of a CMK, use the DescribeKey operation. + // + // To find the encryption or signing algorithms supported for a particular CMK, + // use the DescribeKey operation. ErrCodeInvalidKeyUsageException = "InvalidKeyUsageException" // ErrCodeInvalidMarkerException for service response error code @@ -248,21 +276,29 @@ const ( // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) - // in the AWS Key Management Service Developer Guide. + // in the AWS Key Management Service Developer Guide . ErrCodeInvalidStateException = "KMSInvalidStateException" + // ErrCodeKMSInvalidSignatureException for service response error code + // "KMSInvalidSignatureException". + // + // The request was rejected because the signature verification failed. Signature + // verification fails when it cannot confirm that signature was produced by + // signing the specified message with the specified CMK and signing algorithm. + ErrCodeKMSInvalidSignatureException = "KMSInvalidSignatureException" + // ErrCodeKeyUnavailableException for service response error code // "KeyUnavailableException". // - // The request was rejected because the specified CMK was not available. The - // request can be retried. + // The request was rejected because the specified CMK was not available. You + // can retry the request. ErrCodeKeyUnavailableException = "KeyUnavailableException" // ErrCodeLimitExceededException for service response error code // "LimitExceededException". // - // The request was rejected because a limit was exceeded. For more information, - // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) + // The request was rejected because a quota was exceeded. For more information, + // see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. ErrCodeLimitExceededException = "LimitExceededException" @@ -293,3 +329,39 @@ const ( // a specified resource is not valid for this operation. ErrCodeUnsupportedOperationException = "UnsupportedOperationException" ) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AlreadyExistsException": newErrorAlreadyExistsException, + "CloudHsmClusterInUseException": newErrorCloudHsmClusterInUseException, + "CloudHsmClusterInvalidConfigurationException": newErrorCloudHsmClusterInvalidConfigurationException, + "CloudHsmClusterNotActiveException": newErrorCloudHsmClusterNotActiveException, + "CloudHsmClusterNotFoundException": newErrorCloudHsmClusterNotFoundException, + "CloudHsmClusterNotRelatedException": newErrorCloudHsmClusterNotRelatedException, + "CustomKeyStoreHasCMKsException": newErrorCustomKeyStoreHasCMKsException, + "CustomKeyStoreInvalidStateException": newErrorCustomKeyStoreInvalidStateException, + "CustomKeyStoreNameInUseException": newErrorCustomKeyStoreNameInUseException, + "CustomKeyStoreNotFoundException": newErrorCustomKeyStoreNotFoundException, + "DependencyTimeoutException": newErrorDependencyTimeoutException, + "DisabledException": newErrorDisabledException, + "ExpiredImportTokenException": newErrorExpiredImportTokenException, + "IncorrectKeyException": newErrorIncorrectKeyException, + "IncorrectKeyMaterialException": newErrorIncorrectKeyMaterialException, + "IncorrectTrustAnchorException": newErrorIncorrectTrustAnchorException, + "KMSInternalException": newErrorInternalException, + "InvalidAliasNameException": newErrorInvalidAliasNameException, + "InvalidArnException": newErrorInvalidArnException, + "InvalidCiphertextException": newErrorInvalidCiphertextException, + "InvalidGrantIdException": newErrorInvalidGrantIdException, + "InvalidGrantTokenException": newErrorInvalidGrantTokenException, + "InvalidImportTokenException": newErrorInvalidImportTokenException, + "InvalidKeyUsageException": newErrorInvalidKeyUsageException, + "InvalidMarkerException": newErrorInvalidMarkerException, + "KMSInvalidStateException": newErrorInvalidStateException, + "KMSInvalidSignatureException": newErrorKMSInvalidSignatureException, + "KeyUnavailableException": newErrorKeyUnavailableException, + "LimitExceededException": newErrorLimitExceededException, + "MalformedPolicyDocumentException": newErrorMalformedPolicyDocumentException, + "NotFoundException": newErrorNotFoundException, + "TagException": newErrorTagException, + "UnsupportedOperationException": newErrorUnsupportedOperationException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go index efba01172d..50ca0c092e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/service.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws/client/metadata" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) @@ -31,7 +32,7 @@ var initRequest func(*request.Request) const ( ServiceName = "kms" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "KMS" // ServiceID is a unique identifer of a specific service. + ServiceID = "KMS" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the KMS client with a session. @@ -76,7 +77,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) - svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) // Run custom client initialization if present if initClient != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/service/pricing/BUILD.bazel index da2869d1b2..a1efd66330 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/BUILD.bazel @@ -18,6 +18,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws/client/metadata:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go b/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go index e85726fe6f..eddb51929b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/api.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" ) const opDescribeServices = "DescribeServices" @@ -74,21 +75,21 @@ func (c *Pricing) DescribeServicesRequest(input *DescribeServicesInput) (req *re // See the AWS API reference guide for AWS Price List Service's // API operation DescribeServices for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalErrorException "InternalErrorException" +// Returned Error Types: +// * InternalErrorException // An error on the server occurred during the processing of your request. Try // again later. // -// * ErrCodeInvalidParameterException "InvalidParameterException" +// * InvalidParameterException // One or more parameters had an invalid value. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The requested resource can't be found. // -// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" +// * InvalidNextTokenException // The pagination token is invalid. Try again without a pagination token. // -// * ErrCodeExpiredNextTokenException "ExpiredNextTokenException" +// * ExpiredNextTokenException // The pagination token expired. Try again without a pagination token. // // See also, https://docs.aws.amazon.com/goto/WebAPI/pricing-2017-10-15/DescribeServices @@ -227,21 +228,21 @@ func (c *Pricing) GetAttributeValuesRequest(input *GetAttributeValuesInput) (req // See the AWS API reference guide for AWS Price List Service's // API operation GetAttributeValues for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalErrorException "InternalErrorException" +// Returned Error Types: +// * InternalErrorException // An error on the server occurred during the processing of your request. Try // again later. // -// * ErrCodeInvalidParameterException "InvalidParameterException" +// * InvalidParameterException // One or more parameters had an invalid value. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The requested resource can't be found. // -// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" +// * InvalidNextTokenException // The pagination token is invalid. Try again without a pagination token. // -// * ErrCodeExpiredNextTokenException "ExpiredNextTokenException" +// * ExpiredNextTokenException // The pagination token expired. Try again without a pagination token. // // See also, https://docs.aws.amazon.com/goto/WebAPI/pricing-2017-10-15/GetAttributeValues @@ -377,21 +378,21 @@ func (c *Pricing) GetProductsRequest(input *GetProductsInput) (req *request.Requ // See the AWS API reference guide for AWS Price List Service's // API operation GetProducts for usage and error information. // -// Returned Error Codes: -// * ErrCodeInternalErrorException "InternalErrorException" +// Returned Error Types: +// * InternalErrorException // An error on the server occurred during the processing of your request. Try // again later. // -// * ErrCodeInvalidParameterException "InvalidParameterException" +// * InvalidParameterException // One or more parameters had an invalid value. // -// * ErrCodeNotFoundException "NotFoundException" +// * NotFoundException // The requested resource can't be found. // -// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" +// * InvalidNextTokenException // The pagination token is invalid. Try again without a pagination token. // -// * ErrCodeExpiredNextTokenException "ExpiredNextTokenException" +// * ExpiredNextTokenException // The pagination token expired. Try again without a pagination token. // // See also, https://docs.aws.amazon.com/goto/WebAPI/pricing-2017-10-15/GetProducts @@ -602,6 +603,62 @@ func (s *DescribeServicesOutput) SetServices(v []*Service) *DescribeServicesOutp return s } +// The pagination token expired. Try again without a pagination token. +type ExpiredNextTokenException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation +func (s ExpiredNextTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExpiredNextTokenException) GoString() string { + return s.String() +} + +func newErrorExpiredNextTokenException(v protocol.ResponseMetadata) error { + return &ExpiredNextTokenException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s ExpiredNextTokenException) Code() string { + return "ExpiredNextTokenException" +} + +// Message returns the exception's message. +func (s ExpiredNextTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s ExpiredNextTokenException) OrigErr() error { + return nil +} + +func (s ExpiredNextTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s ExpiredNextTokenException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s ExpiredNextTokenException) RequestID() string { + return s.respMetadata.RequestID +} + // The constraints that you want all returned products to match. type Filter struct { _ struct{} `type:"structure"` @@ -921,6 +978,231 @@ func (s *GetProductsOutput) SetPriceList(v []aws.JSONValue) *GetProductsOutput { return s } +// An error on the server occurred during the processing of your request. Try +// again later. +type InternalErrorException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation +func (s InternalErrorException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InternalErrorException) GoString() string { + return s.String() +} + +func newErrorInternalErrorException(v protocol.ResponseMetadata) error { + return &InternalErrorException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InternalErrorException) Code() string { + return "InternalErrorException" +} + +// Message returns the exception's message. +func (s InternalErrorException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InternalErrorException) OrigErr() error { + return nil +} + +func (s InternalErrorException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InternalErrorException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InternalErrorException) RequestID() string { + return s.respMetadata.RequestID +} + +// The pagination token is invalid. Try again without a pagination token. +type InvalidNextTokenException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation +func (s InvalidNextTokenException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidNextTokenException) GoString() string { + return s.String() +} + +func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { + return &InvalidNextTokenException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidNextTokenException) Code() string { + return "InvalidNextTokenException" +} + +// Message returns the exception's message. +func (s InvalidNextTokenException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidNextTokenException) OrigErr() error { + return nil +} + +func (s InvalidNextTokenException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidNextTokenException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidNextTokenException) RequestID() string { + return s.respMetadata.RequestID +} + +// One or more parameters had an invalid value. +type InvalidParameterException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation +func (s InvalidParameterException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidParameterException) GoString() string { + return s.String() +} + +func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { + return &InvalidParameterException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s InvalidParameterException) Code() string { + return "InvalidParameterException" +} + +// Message returns the exception's message. +func (s InvalidParameterException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s InvalidParameterException) OrigErr() error { + return nil +} + +func (s InvalidParameterException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s InvalidParameterException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s InvalidParameterException) RequestID() string { + return s.respMetadata.RequestID +} + +// The requested resource can't be found. +type NotFoundException struct { + _ struct{} `type:"structure"` + respMetadata protocol.ResponseMetadata + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation +func (s NotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NotFoundException) GoString() string { + return s.String() +} + +func newErrorNotFoundException(v protocol.ResponseMetadata) error { + return &NotFoundException{ + respMetadata: v, + } +} + +// Code returns the exception type name. +func (s NotFoundException) Code() string { + return "NotFoundException" +} + +// Message returns the exception's message. +func (s NotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s NotFoundException) OrigErr() error { + return nil +} + +func (s NotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s NotFoundException) StatusCode() int { + return s.respMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s NotFoundException) RequestID() string { + return s.respMetadata.RequestID +} + // The metadata for a service, such as the service code and available attribute // names. type Service struct { diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/errors.go b/vendor/github.com/aws/aws-sdk-go/service/pricing/errors.go index 10e4c44fe9..c628c9a2b0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/errors.go @@ -2,6 +2,10 @@ package pricing +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + const ( // ErrCodeExpiredNextTokenException for service response error code @@ -35,3 +39,11 @@ const ( // The requested resource can't be found. ErrCodeNotFoundException = "NotFoundException" ) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "ExpiredNextTokenException": newErrorExpiredNextTokenException, + "InternalErrorException": newErrorInternalErrorException, + "InvalidNextTokenException": newErrorInvalidNextTokenException, + "InvalidParameterException": newErrorInvalidParameterException, + "NotFoundException": newErrorNotFoundException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/pricing/service.go b/vendor/github.com/aws/aws-sdk-go/service/pricing/service.go index 7949f70638..c657fb6061 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/pricing/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/pricing/service.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws/client/metadata" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) @@ -31,7 +32,7 @@ var initRequest func(*request.Request) const ( ServiceName = "api.pricing" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "Pricing" // ServiceID is a unique identifer of a specific service. + ServiceID = "Pricing" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the Pricing client with a session. @@ -79,7 +80,9 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) - svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) // Run custom client initialization if present if initClient != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/service.go b/vendor/github.com/aws/aws-sdk-go/service/route53/service.go index 57621e450e..96f3e5fccf 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "route53" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "Route 53" // ServiceID is a unique identifer of a specific service. + ServiceID = "Route 53" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the Route53 client with a session. diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/service/s3/BUILD.bazel index d02d036bcb..2bc4518d9e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/BUILD.bazel @@ -9,6 +9,8 @@ go_library( "customizations.go", "doc.go", "doc_custom.go", + "endpoint.go", + "endpoint_errors.go", "errors.go", "host_style_bucket.go", "platform_handlers.go", @@ -24,10 +26,12 @@ go_library( visibility = ["//visibility:public"], deps = [ "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/arn:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/awsutil:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/client/metadata:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/endpoints:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library", "//vendor/github.com/aws/aws-sdk-go/internal/s3err:go_default_library", @@ -38,5 +42,6 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/private/protocol/rest:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/restxml:go_default_library", "//vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn:go_default_library", ], ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 630237b992..52e87308f6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -7,7 +7,6 @@ import ( "fmt" "io" "sync" - "sync/atomic" "time" "github.com/aws/aws-sdk-go/aws" @@ -20,6 +19,7 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi" "github.com/aws/aws-sdk-go/private/protocol/rest" "github.com/aws/aws-sdk-go/private/protocol/restxml" + "github.com/aws/aws-sdk-go/service/s3/internal/arn" ) const opAbortMultipartUpload = "AbortMultipartUpload" @@ -74,13 +74,13 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // times in order to completely free all storage consumed by all parts. // // To verify that all parts have been removed, so you don't get charged for -// the part storage, you should call the ListParts operation and ensure the -// parts list is empty. +// the part storage, you should call the ListParts operation and ensure that +// the parts list is empty. // -// For information on permissions required to use the multipart upload API, +// For information about permissions required to use the multipart upload API, // see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). // -// The following operations are related to AbortMultipartUpload +// The following operations are related to AbortMultipartUpload: // // * CreateMultipartUpload // @@ -176,15 +176,15 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // an upload, you call this operation to complete the upload. Upon receiving // this request, Amazon S3 concatenates all the parts in ascending order by // part number to create a new object. In the Complete Multipart Upload request, -// you must provide the parts list. You must ensure the parts list is complete, -// this operation concatenates the parts you provide in the list. For each part -// in the list, you must provide the part number and the ETag value, returned +// you must provide the parts list. You must ensure that the parts list is complete. +// This operation concatenates the parts that you provide in the list. For each +// part in the list, you must provide the part number and the ETag value, returned // after that part was uploaded. // // Processing of a Complete Multipart Upload request could take several minutes // to complete. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in -// progress, Amazon S3 periodically sends whitespace characters to keep the +// progress, Amazon S3 periodically sends white space characters to keep the // connection from timing out. Because a request could fail after the initial // 200 OK response has been sent, it is important that you check the response // body to determine whether the request succeeded. @@ -193,10 +193,10 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // to retry the failed requests. For more information, see Amazon S3 Error Best // Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). // -// For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// For more information about multipart uploads, see Uploading Objects Using +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). // -// For information on permissions required to use the multipart upload API, +// For information about permissions required to use the multipart upload API, // see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). // // GetBucketLifecycle has the following special errors: @@ -306,8 +306,8 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // You can store individual objects of up to 5 TB in Amazon S3. You create a // copy of your object up to 5 GB in size in a single atomic operation using // this API. However, for copying an object greater than 5 GB, you must use -// the multipart upload Upload Part - Copy API. For conceptual information, -// see Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). +// the multipart upload Upload Part - Copy API. For more information, see Copy +// Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). // // When copying an object, you can preserve all metadata (default) or specify // new metadata. However, the ACL is not preserved and is set to private for @@ -315,8 +315,8 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // a new ACL when generating a copy request. For more information, see Using // ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). // -// Amazon S3 Transfer Acceleration does not support cross-region copies. If -// you request a cross-region copy using a Transfer Acceleration endpoint, you +// Amazon S3 transfer acceleration does not support cross-region copies. If +// you request a cross-region copy using a transfer acceleration endpoint, you // get a 400 Bad Request error. For more information about transfer acceleration, // see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). // @@ -340,13 +340,13 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // // The source object that you are copying can be encrypted or unencrypted. If // the source object is encrypted, it can be encrypted by server-side encryption -// using AWS-managed encryption keys or by using a customer-provided encryption +// using AWS managed encryption keys or by using a customer-provided encryption // key. When copying an object, you can request that Amazon S3 encrypt the target -// object by using either the AWS-managed encryption keys or by using your own +// object by using either the AWS managed encryption keys or by using your own // encryption key. You can do this regardless of the form of server-side encryption // that was used to encrypt the source, or even if the source object was not // encrypted. For more information about server-side encryption, see Using Server-Side -// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). +// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). // // A copy request might return an error when Amazon S3 receives the copy request // or while Amazon S3 is copying the files. If the error occurs before the copy @@ -398,9 +398,9 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // If you do not enable versioning or suspend it on the target bucket, the version // ID that Amazon S3 generates is always null. // -// If the source object's storage class is GLACIER, then you must restore a -// copy of this object before you can use it as a source object for the copy -// operation. For more information, see . +// If the source object's storage class is GLACIER, you must restore a copy +// of this object before you can use it as a source object for the copy operation. +// For more information, see . // // Access Permissions // @@ -422,19 +422,24 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // Server-Side- Encryption-Specific Request Headers // // To encrypt the target object, you must provide the appropriate encryption-related -// request headers. The one you use depends on whether you want to use AWS-managed +// request headers. The one you use depends on whether you want to use AWS managed // encryption keys or provide your own encryption key. // -// * To encrypt the target object using server-side encryption with an AWS-managed -// encryption key, provide the following request headers, as appropriate. +// * To encrypt the target object using server-side encryption with an AWS +// managed encryption key, provide the following request headers, as appropriate. // x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id // x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms, -// but don't provide x-amz-server-side- encryption-aws-kms-key-id, Amazon -// S3 uses the AWS managed customer master key (CMK) in KMS to protect the -// data. All GET and PUT requests for an object protected by AWS KMS fail -// if you don't make them with SSL or by using SigV4. For more information -// on Server-Side Encryption with CMKs stored in Amazon KMS (SSE-KMS), see -// Protecting Data Using Server-Side Encryption with CMKs stored in KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon +// S3 uses the AWS managed CMK in AWS KMS to protect the data. If you want +// to use a customer managed AWS KMS CMK, you must provide the x-amz-server-side-encryption-aws-kms-key-id +// of the symmetric customer managed CMK. Amazon S3 only supports symmetric +// CMKs and not asymmetric CMKs. For more information, see Using Symmetric +// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. All GET and PUT requests +// for an object protected by AWS KMS fail if you don't make them with SSL +// or by using SigV4. For more information about server-side encryption with +// CMKs stored in AWS KMS (SSE-KMS), see Protecting Data Using Server-Side +// Encryption with CMKs stored in KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // * To encrypt the target object using server-side encryption with an encryption // key that you provide, use the following headers. x-amz-server-side​-encryption​-customer-algorithm @@ -444,7 +449,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // customer-provided encryption keys, you must use the following headers. // x-amz-copy-source​-server-side​-encryption​-customer-algorithm x-amz-copy-source​-server-side​-encryption​-customer-key // x-amz-copy-source-​server-side​-encryption​-customer-key-MD5 For -// more information on Server-Side Encryption with CMKs stored in Amazon +// more information about server-side encryption with CMKs stored in AWS // KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs // stored in Amazon KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // @@ -454,7 +459,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // operation. By default, all objects are private. Only the owner has full access // control. When adding a new object, you can grant permissions to individual // AWS accounts or to predefined groups defined by Amazon S3. These permissions -// are then added to the Access Control List (ACL) on the object. For more information, +// are then added to the access control list (ACL) on the object. For more information, // see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). // With this operation, you can grant access permissions using one of the following // two methods: @@ -468,7 +473,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // Each header maps to specific permissions that Amazon S3 supports in an // ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). // In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly use: x-amz-grant-read x-amz-grant-write +// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write // x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You // specify each grantee as a type=value pair, where the type is one of the // following: emailAddress – if the value specified is the email address @@ -478,7 +483,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // accounts identified by email addresses permissions to read object data // and its metadata: x-amz-grant-read: emailAddress="xyz@amazon.com", emailAddress="abc@amazon.com" // -// The following operation are related to CopyObject +// The following operations are related to CopyObject: // // * PutObject // @@ -496,7 +501,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // Returned Error Codes: // * ErrCodeObjectNotInActiveTierError "ObjectNotInActiveTierError" // The source object of the COPY operation is not in the active tier and is -// only stored in Amazon Glacier. +// only stored in Amazon S3 Glacier. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject func (c *S3) CopyObject(input *CopyObjectInput) (*CopyObjectOutput, error) { @@ -572,19 +577,19 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // Not every string is an acceptable bucket name. For information on bucket // naming restrictions, see Working with Amazon S3 Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). // -// By default, the bucket is created in the US East (N. Virginia) region. You -// can optionally specify a region in the request body. You might choose a region +// By default, the bucket is created in the US East (N. Virginia) Region. You +// can optionally specify a Region in the request body. You might choose a Region // to optimize latency, minimize costs, or address regulatory requirements. // For example, if you reside in Europe, you will probably find it advantageous -// to create buckets in the EU (Ireland) region. For more information, see How +// to create buckets in the EU (Ireland) Region. For more information, see How // to Select a Region for Your Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). // // If you send your create bucket request to the s3.amazonaws.com endpoint, -// the request go to the us-east-1 region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as region, even if the location -// constraint in the request specifies another region where the bucket is to -// be created. If you create a bucket in a region other than US East (N. Virginia) -// region, your application must be able to handle 307 redirect. For more information, +// the request goes to the us-east-1 Region. Accordingly, the signature calculations +// in Signature Version 4 must use us-east-1 as the Region, even if the location +// constraint in the request specifies another Region where the bucket is to +// be created. If you create a bucket in a Region other than US East (N. Virginia), +// your application must be able to handle 307 redirect. For more information, // see Virtual Hosting of Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). // // When creating a bucket using this operation, you can optionally specify the @@ -598,7 +603,7 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). // // * Specify access permissions explicitly using the x-amz-grant-read, x-amz-grant-write, -// x-amz-grant-read-acp, x-amz-grant-write-acp, x-amz-grant-full-control +// x-amz-grant-read-acp, x-amz-grant-write-acp, and x-amz-grant-full-control // headers. These headers map to the set of permissions Amazon S3 supports // in an ACL. For more information, see Access Control List (ACL) Overview // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). You @@ -633,9 +638,9 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // // * ErrCodeBucketAlreadyOwnedByYou "BucketAlreadyOwnedByYou" // The bucket you tried to create already exists, and you own it. Amazon S3 -// returns this error in all AWS Regions except in the North Virginia region. +// returns this error in all AWS Regions except in the North Virginia Region. // For legacy compatibility, if you re-create an existing bucket that you already -// own in the North Virginia region, Amazon S3 returns 200 OK and resets the +// own in the North Virginia Region, Amazon S3 returns 200 OK and resets the // bucket access control lists (ACLs). // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateBucket @@ -782,26 +787,27 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // encryption. Server-side encryption is for data encryption at rest. Amazon // S3 encrypts your data as it writes it to disks in its data centers and decrypts // it when you access it. The option you use depends on whether you want to -// use AWS-managed encryption keys or provide your own encryption key. +// use AWS managed encryption keys or provide your own encryption key. // // * Use encryption keys managed by Amazon S3 or customer master keys (CMKs) -// stored in Amazon Key Management Service (KMS) – If you want AWS to manage -// the keys used to encrypt data, specify the following headers in the request. -// x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id +// stored in AWS Key Management Service (AWS KMS) – If you want AWS to +// manage the keys used to encrypt data, specify the following headers in +// the request. x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id // x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms, -// but don't provide x-amz-server-side- encryption-aws-kms-key-id, Amazon +// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon // S3 uses the AWS managed CMK in AWS KMS to protect the data. All GET and // PUT requests for an object protected by AWS KMS fail if you don't make -// them with SSL or by using SigV4. For more information on Server-Side Encryption -// with CMKs Stored in Amazon KMS (SSE-KMS), see Protecting Data Using Server-Side -// Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// them with SSL or by using SigV4. For more information about server-side +// encryption with CMKs stored in AWS KMS (SSE-KMS), see Protecting Data +// Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // * Use customer-provided encryption keys – If you want to manage your // own encryption keys, provide all the following headers in the request. // x-amz-server-side​-encryption​-customer-algorithm x-amz-server-side​-encryption​-customer-key // x-amz-server-side​-encryption​-customer-key-MD5 For more information -// on Server-Side Encryption with CMKs stored in AWS KMS (SSE-KMS), see Protecting -// Data Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// about server-side encryption with CMKs stored in AWS KMS (SSE-KMS), see +// Protecting Data Using Server-Side Encryption with CMKs stored in AWS KMS +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // Access-Control-List (ACL)-Specific Request Headers // @@ -809,7 +815,7 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // operation. By default, all objects are private. Only the owner has full access // control. When adding a new object, you can grant permissions to individual // AWS accounts or to predefined groups defined by Amazon S3. These permissions -// are then added to the Access Control List (ACL) on the object. For more information, +// are then added to the access control list (ACL) on the object. For more information, // see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). // With this operation, you can grant access permissions using one of the following // two methods: @@ -823,7 +829,7 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // Each header maps to specific permissions that Amazon S3 supports in an // ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). // In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly use: x-amz-grant-read x-amz-grant-write +// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write // x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You // specify each grantee as a type=value pair, where the type is one of the // following: emailAddress – if the value specified is the email address @@ -918,8 +924,8 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // DeleteBucket API operation for Amazon Simple Storage Service. // -// Deletes the bucket. All objects (including all object versions and Delete -// Markers) in the bucket must be deleted before the bucket itself can be deleted. +// Deletes the bucket. All objects (including all object versions and delete +// markers) in the bucket must be deleted before the bucket itself can be deleted. // // Related Resources // @@ -1009,7 +1015,7 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev//using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). // -// For information about Amazon S3 analytics feature, see Amazon S3 Analytics +// For information about the Amazon S3 analytics feature, see Amazon S3 Analytics // – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). // // The following operations are related to DeleteBucketAnalyticsConfiguration: @@ -1099,9 +1105,8 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // action. The bucket owner has this permission by default and can grant this // permission to others. // -// For information more about cors, go to Enabling Cross-Origin Resource Sharing -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon -// Simple Storage Service Developer Guide. +// For information about cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) +// in the Amazon Simple Storage Service Developer Guide. // // Related Resources: // @@ -1285,7 +1290,7 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent // For information about the Amazon S3 inventory feature, see Amazon S3 Inventory // (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html). // -// Operation related to DeleteBucketInventoryConfiguration include: +// Operations related to DeleteBucketInventoryConfiguration include: // // * GetBucketInventoryConfiguration // @@ -1474,7 +1479,7 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // For information about CloudWatch request metrics for Amazon S3, see Monitoring // Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html). // -// The following operations are related to DeleteBucketMetricsConfiguration +// The following operations are related to DeleteBucketMetricsConfiguration: // // * GetBucketMetricsConfiguration // @@ -1557,15 +1562,15 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // DeleteBucketPolicy API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE operation uses the policysubresource to +// This implementation of the DELETE operation uses the policy subresource to // delete the policy of a specified bucket. If you are using an identity other // than the root user of the AWS account that owns the bucket, the calling identity // must have the DeleteBucketPolicy permissions on the specified bucket and -// belong to the bucket owner's account in order to use this operation. +// belong to the bucket owner's account to use this operation. // // If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 -// Access Denied error. If you have the correct permissions, but you're notusing -// an identity that belongs to the bucket owner's account, Amazon S3 returns +// Access Denied error. If you have the correct permissions, but you're not +// using an identity that belongs to the bucket owner's account, Amazon S3 returns // a 405 Method Not Allowed error. // // As a security precaution, the root user of the AWS account that owns a bucket @@ -1668,7 +1673,7 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 Developer Guide. // -// The following operations are related to DeleteBucketReplication +// The following operations are related to DeleteBucketReplication: // // * PutBucketReplication // @@ -1753,7 +1758,7 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // action. By default, the bucket owner has this permission and can grant this // permission to others. // -// The following operations are related to DeleteBucketTagging +// The following operations are related to DeleteBucketTagging: // // * GetBucketTagging // @@ -1847,7 +1852,7 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // For more information about hosting websites, see Hosting Websites on Amazon // S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html). // -// The following operations are related to DeleteBucketWebsite +// The following operations are related to DeleteBucketWebsite: // // * GetBucketWebsite // @@ -1935,7 +1940,7 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // header, x-amz-delete-marker, to true. // // If the object you want to delete is in a bucket where the bucket versioning -// configurationis MFA Delete enabled, you must include the x-amz-mfa request +// configuration is MFA Delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must // use HTTPS. // @@ -1945,10 +1950,10 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // You can delete objects by explicitly calling the DELETE Object API or configure // its lifecycle (PutBucketLifecycle) to enable Amazon S3 to remove them for // you. If you want to block users or accounts from removing or deleting objects -// from your bucket you must deny them the s3:DeleteObject, s3:DeleteObjectVersion +// from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, // and s3:PutLifeCycleConfiguration actions. // -// The following operation is related to DeleteObject +// The following operation is related to DeleteObject: // // * PutObject // @@ -2025,7 +2030,7 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // DeleteObjectTagging API operation for Amazon Simple Storage Service. // // Removes the entire tag set from the specified object. For more information -// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). +// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // // To use this operation, you must have permission to perform the s3:DeleteObjectTagging // action. @@ -2034,7 +2039,7 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // in the request. You will need permission for the s3:DeleteObjectVersionTagging // action. // -// The following operations are related to DeleteBucketMetricsConfiguration +// The following operations are related to DeleteBucketMetricsConfiguration: // // * PutObjectTagging // @@ -2121,11 +2126,11 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // the XML, you provide the object key names, and optionally, version IDs if // you want to delete a specific version of the object from a versioning-enabled // bucket. For each key, Amazon S3 performs a delete operation and returns the -// result of that delete, success, or failure, in the response. Note that, if +// result of that delete, success, or failure, in the response. Note that if // the object specified in the request is not found, Amazon S3 returns the result // as deleted. // -// The operation supports two modes for the response; verbose and quiet. By +// The operation supports two modes for the response: verbose and quiet. By // default, the operation uses verbose mode in which the response includes the // result of deletion of each key in your request. In quiet mode the response // includes only keys where the delete operation encountered an error. For a @@ -2134,16 +2139,16 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // // When performing this operation on an MFA Delete enabled bucket, that attempts // to delete any versioned objects, you must include an MFA token. If you do -// not provide one, the entire request will fail, even if there are non versioned -// objects you are attempting to delete. If you provide an invalid token, whether +// not provide one, the entire request will fail, even if there are non-versioned +// objects you are trying to delete. If you provide an invalid token, whether // there are versioned keys in the request or not, the entire Multi-Object Delete // request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). // // Finally, the Content-MD5 header is required for all Multi-Object Delete requests. // Amazon S3 uses the header value to ensure that your request body has not -// be altered in transit. +// been altered in transit. // -// The following operations are related to DeleteObjects +// The following operations are related to DeleteObjects: // // * CreateMultipartUpload // @@ -2228,8 +2233,8 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) // DeletePublicAccessBlock API operation for Amazon Simple Storage Service. // -// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. In order -// to use this operation, you must have the s3:PutBucketPublicAccessBlock permission. +// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use +// this operation, you must have the s3:PutBucketPublicAccessBlock permission. // For more information about permissions, see Permissions Related to Bucket // Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html). @@ -2333,9 +2338,9 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // // A GET accelerate request does not return a state value for a bucket that // has no transfer acceleration state. A bucket has no Transfer Acceleration -// state, if a state has never been set on the bucket. +// state if a state has never been set on the bucket. // -// For more information on transfer acceleration, see Transfer Acceleration +// For more information about transfer acceleration, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev//transfer-acceleration.html) // in the Amazon Simple Storage Service Developer Guide. // @@ -2597,8 +2602,8 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // action. By default, the bucket owner has this permission and can grant it // to others. // -// To learn more cors, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html)Enabling -// Cross-Origin Resource Sharing. +// For more information about cors, see Enabling Cross-Origin Resource Sharing +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). // // The following operations are related to GetBucketCors: // @@ -2866,7 +2871,8 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req // // For an updated version of this API, see GetBucketLifecycleConfiguration. // If you configured a bucket lifecycle using the filter element, you should -// the updated version of this topic. This topic is provided for backward compatibility. +// see the updated version of this topic. This topic is provided for backward +// compatibility. // // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). @@ -3071,7 +3077,7 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // GetBucketLocation API operation for Amazon Simple Storage Service. // -// Returns the region the bucket resides in. You set the bucket's region using +// Returns the Region the bucket resides in. You set the bucket's Region using // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket. // @@ -3692,7 +3698,8 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // to all Amazon S3 systems. Therefore, a get request soon after put or delete // can return a wrong result. // -// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html). +// For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) +// in the Amazon Simple Storage Service Developer Guide. // // This operation requires permissions for the s3:GetReplicationConfiguration // action. For more information about permissions, see Using Bucket Policies @@ -3702,11 +3709,7 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // also include the DeleteMarkerReplication and Priority elements. The response // also returns those elements. // -// GetBucketReplication has the following special error: -// -// * Error code: NoSuchReplicationConfiguration Description: There is no -// replication configuration with that name. HTTP Status Code: 404 Not Found -// SOAP Fault Code Prefix: Client +// For information about GetBucketReplication errors, see ReplicationErrorCodeList // // The following operations are related to GetBucketReplication: // @@ -3960,8 +3963,8 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // To retrieve the versioning state of a bucket, you must be the bucket owner. // // This implementation also returns the MFA Delete status of the versioning -// state, i.e., if the MFA Delete status is enabled, the bucket owner must use -// an authentication device to change the versioning state of the bucket. +// state. If the MFA Delete status is enabled, the bucket owner must use an +// authentication device to change the versioning state of the bucket. // // The following operations are related to GetBucketVersioning: // @@ -4053,7 +4056,7 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // bucket owners can allow other users to read the website configuration by // writing a bucket policy granting them the S3:GetBucketWebsite permission. // -// The following operations are related to DeleteBucketWebsite +// The following operations are related to DeleteBucketWebsite: // // * DeleteBucketWebsite // @@ -4831,10 +4834,10 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // GetPublicAccessBlock API operation for Amazon Simple Storage Service. // -// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. In -// order to use this operation, you must have the s3:GetBucketPublicAccessBlock -// permission. For more information about Amazon S3 permissions, see Specifying -// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). +// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To +// use this operation, you must have the s3:GetBucketPublicAccessBlock permission. +// For more information about Amazon S3 permissions, see Specifying Permissions +// in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). // // When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket // or an object, it checks the PublicAccessBlock configuration for both the @@ -5068,11 +5071,11 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // If the object you request does not exist, the error Amazon S3 returns depends // on whether you also have the s3:ListBucket permission. // -// * If you have the s3:ListBucket permission on the bucket, Amazon S3 will -// return a HTTP status code 404 ("no such key") error. +// * If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 ("no such key") error. // -// * If you don’t have the s3:ListBucket permission, Amazon S3 will return -// a HTTP status code 403 ("access denied") error. +// * If you don’t have the s3:ListBucket permission, Amazon S3 returns +// an HTTP status code 403 ("access denied") error. // // The following operation is related to HeadObject: // @@ -5848,7 +5851,7 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // ListObjects API operation for Amazon Simple Storage Service. // -// Returns some or all (up to 1000) of the objects in a bucket. You can use +// Returns some or all (up to 1,000) of the objects in a bucket. You can use // the request parameters as selection criteria to return a subset of the objects // in a bucket. A 200 OK response can contain valid or invalid XML. Be sure // to design your application to parse the contents of the response and handle @@ -6011,7 +6014,7 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // to design your application to parse the contents of the response and handle // it appropriately. // -// To use thisoperation, you must have READ access to the bucket. +// To use this operation, you must have READ access to the bucket. // // To use this operation in an AWS Identity and Access Management (IAM) policy, // you must have permissions to perform the s3:ListBucket action. The bucket @@ -6458,17 +6461,17 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // a set of predefined ACLs, known as canned ACLs. Each canned ACL has a // predefined set of grantees and permissions. Specify the canned ACL name // as the value of x-amz-acl. If you use this header, you cannot use other -// access control specific headers in your request. For more information, +// access control-specific headers in your request. For more information, // see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). // // * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, // x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using -// these headers you specify explicit access permissions and grantees (AWS -// accounts or a Amazon S3 groups) who will receive the permission. If you -// use these ACL specific headers, you cannot use x-amz-acl header to set -// a canned ACL. These parameters map to the set of permissions that Amazon -// S3 supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). +// these headers, you specify explicit access permissions and grantees (AWS +// accounts or Amazon S3 groups) who will receive the permission. If you +// use these ACL-specific headers, you cannot use the x-amz-acl header to +// set a canned ACL. These parameters map to the set of permissions that +// Amazon S3 supports in an ACL. For more information, see Access Control +// List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). // You specify each grantee as a type=value pair, where the type is one of // the following: emailAddress – if the value specified is the email address // of an AWS account id – if the value specified is the canonical user @@ -6584,13 +6587,13 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // configuration ID). You can have up to 1,000 analytics configurations per // bucket. // -// You can choose to have storage class analysis export analysis reports to -// a comma-separated values (CSV) flat file, see the DataExport request element. -// Reports are updated daily and are based on the object filters you configure. -// When selecting data export you specify a destination bucket and optional +// You can choose to have storage class analysis export analysis reports sent +// to a comma-separated values (CSV) flat file. See the DataExport request element. +// Reports are updated daily and are based on the object filters that you configure. +// When selecting data export, you specify a destination bucket and an optional // destination prefix where the file is written. You can export the data to // a destination bucket in a different account. However, the destination bucket -// must be in the same region as the bucket that you are making the PUT analytics +// must be in the same Region as the bucket that you are making the PUT analytics // configuration to. For more information, see Amazon S3 Analytics – Storage // Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html). // @@ -6724,7 +6727,7 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // // * The request's Origin header must match AllowedOrigin elements. // -// * The request method (for example, GET, PUT, HEAD and so on) or the Access-Control-Request-Method +// * The request method (for example, GET, PUT, HEAD, and so on) or the Access-Control-Request-Method // header in case of a pre-flight OPTIONS request must be one of the AllowedMethod // elements. // @@ -6819,13 +6822,9 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // This implementation of the PUT operation uses the encryption subresource // to set the default encryption state of an existing bucket. // -// This implementation of the PUT operation sets default encryption for a buckets +// This implementation of the PUT operation sets default encryption for a bucket // using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS -// customer master keys (CMKs) (SSE-KMS) bucket. For information about the Amazon -// S3 default encryption feature, see As a security precaution, the root user -// of the AWS account that owns a bucket can always use this operation, even -// if the policy explicitly denies the root user the ability to perform this -// action. in the Amazon Simple Storage Service Developer Guide. +// customer master keys (CMKs) (SSE-KMS). // // This operation requires AWS Signature Version 4. For more information, see // Authenticating Requests (AWS Signature Version 4) (sig-v4-authenticating-requests.html). @@ -7452,7 +7451,7 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // // GetBucketLifecycle has the following special error: // -// * Error code: TooManyConfigurations Description:You are attempting to +// * Error code: TooManyConfigurations Description: You are attempting to // create a new configuration but have already reached the 1,000-configuration // limit. HTTP Status Code: HTTP 400 Bad Request // @@ -7657,9 +7656,9 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // If the configuration in the request body includes only one TopicConfiguration // specifying only the s3:ReducedRedundancyLostObject event type, the response // will also include the x-amz-sns-test-message-id header containing the message -// ID of the test notification sent to topic. +// ID of the test notification sent to the topic. // -// The following operations is related to PutBucketNotificationConfiguration: +// The following operation is related to PutBucketNotificationConfiguration: // // * GetBucketNotificationConfiguration // @@ -7875,16 +7874,7 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // replication configuration, see Replicating Objects Created with SSE Using // CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html). // -// PutBucketReplication has the following special errors: -// -// * Error code: InvalidRequest Description: If the in -// has a value, the element must be specified. HTTP 400 -// -// * Error code: InvalidArgument Description: The element is empty. -// It must contain a valid account ID. HTTP 400 -// -// * Error code: InvalidArgument Description: The AWS account specified in -// the element must match the destination bucket owner. HTTP 400 +// For information on PutBucketReplication errors, see ReplicationErrorCodeList // // The following operations are related to PutBucketReplication: // @@ -8435,7 +8425,7 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // You can optionally request server-side encryption. With server-side encryption, // Amazon S3 encrypts your data as it writes it to disks in its data centers // and decrypts the data when you access it. You have the option to provide -// your own encryption key or use AWS-managed encryption keys. For more information, +// your own encryption key or use AWS managed encryption keys. For more information, // see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). // // Access Permissions @@ -8461,26 +8451,31 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // encryption. Server-side encryption is for data encryption at rest. Amazon // S3 encrypts your data as it writes it to disks in its data centers and decrypts // it when you access it. The option you use depends on whether you want to -// use AWS-managed encryption keys or provide your own encryption key. +// use AWS managed encryption keys or provide your own encryption key. // -// * Use encryption keys managed Amazon S3 or customer master keys (CMKs) -// stored in AWS Key Management Service (KMS) – If you want AWS to manage -// the keys used to encrypt data, specify the following headers in the request. -// x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id +// * Use encryption keys managed by Amazon S3 or customer master keys (CMKs) +// stored in AWS Key Management Service (AWS KMS) – If you want AWS to +// manage the keys used to encrypt data, specify the following headers in +// the request. x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id // x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms, -// but don't provide x-amz-server-side- encryption-aws-kms-key-id, Amazon -// S3 uses the AWS managed CMK in AWS KMS to protect the data. All GET and -// PUT requests for an object protected by AWS KMS fail if you don't make -// them with SSL or by using SigV4. For more information on Server-Side Encryption -// with CMKs stored in AWS KMS (SSE-KMS), see Protecting Data Using Server-Side +// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon +// S3 uses the AWS managed CMK in AWS KMS to protect the data. If you want +// to use a customer managed AWS KMS CMK, you must provide the x-amz-server-side-encryption-aws-kms-key-id +// of the symmetric customer managed CMK. Amazon S3 only supports symmetric +// CMKs and not asymmetric CMKs. For more information, see Using Symmetric +// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. All GET and PUT requests +// for an object protected by AWS KMS fail if you don't make them with SSL +// or by using SigV4. For more information about server-side encryption with +// CMKs stored in AWS KMS (SSE-KMS), see Protecting Data Using Server-Side // Encryption with CMKs stored in AWS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // * Use customer-provided encryption keys – If you want to manage your // own encryption keys, provide all the following headers in the request. // x-amz-server-side​-encryption​-customer-algorithm x-amz-server-side​-encryption​-customer-key // x-amz-server-side​-encryption​-customer-key-MD5 For more information -// on Server-Side Encryption with CMKs stored in KMS (SSE-KMS), see Protecting -// Data Using Server-Side Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// about server-side encryption with CMKs stored in KMS (SSE-KMS), see Protecting +// Data Using Server-Side Encryption with CMKs stored in AWS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // Access-Control-List (ACL)-Specific Request Headers // @@ -8510,7 +8505,7 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // in the following AWS Regions: US East (N. Virginia) US West (N. California) // US West (Oregon) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific // (Tokyo) EU (Ireland) South America (São Paulo) For a list of all the -// Amazon S3 supported regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) +// Amazon S3 supported Regions and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) // in the AWS General Reference id – if the value specified is the canonical // user ID of an AWS account uri – if you are granting permissions to a // predefined group For example, the following x-amz-grant-read header grants @@ -8527,14 +8522,19 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // use AWS-managed encryption keys or provide your own encryption key. // // * Use encryption keys managed by Amazon S3 or customer master keys (CMKs) -// stored in AWS Key Management Service (KMS) – If you want AWS to manage -// the keys used to encrypt data, specify the following headers in the request. -// x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id +// stored in AWS Key Management Service (AWS KMS) – If you want AWS to +// manage the keys used to encrypt data, specify the following headers in +// the request. x-amz-server-side​-encryption x-amz-server-side-encryption-aws-kms-key-id // x-amz-server-side-encryption-context If you specify x-amz-server-side-encryption:aws:kms, -// but don't provide x-amz-server-side- encryption-aws-kms-key-id, Amazon -// S3 uses the default AWS KMS CMK to protect the data. All GET and PUT requests +// but don't provide x-amz-server-side-encryption-aws-kms-key-id, Amazon +// S3 uses the AWS managed CMK in AWS KMS to protect the data. If you want +// to use a customer managed AWS KMS CMK, you must provide the x-amz-server-side-encryption-aws-kms-key-id +// of the symmetric customer managed CMK. Amazon S3 only supports symmetric +// CMKs and not asymmetric CMKs. For more information, see Using Symmetric +// and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) +// in the AWS Key Management Service Developer Guide. All GET and PUT requests // for an object protected by AWS KMS fail if you don't make them with SSL -// or by using SigV4. For more information on Server-Side Encryption with +// or by using SigV4. For more information about server-side encryption with // CMKs stored in AWS KMS (SSE-KMS), see Protecting Data Using Server-Side // Encryption with CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // @@ -8543,9 +8543,9 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // If you use this feature, the ETag value that Amazon S3 returns in the // response is not the MD5 of the object. x-amz-server-side​-encryption​-customer-algorithm // x-amz-server-side​-encryption​-customer-key x-amz-server-side​-encryption​-customer-key-MD5 -// For more information on Server-Side Encryption with CMKs stored in AWS -// KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with CMKs -// stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). +// For more information about server-side encryption with CMKs stored in +// AWS KMS (SSE-KMS), see Protecting Data Using Server-Side Encryption with +// CMKs stored in AWS KMS (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). // // Storage Class Options // @@ -8644,14 +8644,14 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // PutObjectAcl API operation for Amazon Simple Storage Service. // -// uses the acl subresource to set the access control list (ACL) permissions +// Uses the acl subresource to set the access control list (ACL) permissions // for an object that already exists in a bucket. You must have WRITE_ACP permission // to set the ACL of an object. // -// Depending on your application needs, you may choose to set the ACL on an +// Depending on your application needs, you can choose to set the ACL on an // object using either the request body or the headers. For example, if you // have an existing application that updates a bucket ACL using the request -// body, then you can continue to use that approach. +// body, you can continue to use that approach. // // Access Permissions // @@ -8661,14 +8661,14 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // a set of predefined ACLs, known as canned ACLs. Each canned ACL has a // predefined set of grantees and permissions. Specify the canned ACL name // as the value of x-amz-acl. If you use this header, you cannot use other -// access control specific headers in your request. For more information, +// access control-specific headers in your request. For more information, // see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). // // * Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, // x-amz-grant-write-acp, and x-amz-grant-full-control headers. When using -// these headers you specify explicit access permissions and grantees (AWS -// accounts or a Amazon S3 groups) who will receive the permission. If you -// use these ACL specific headers, you cannot use x-amz-acl header to set +// these headers, you specify explicit access permissions and grantees (AWS +// accounts or Amazon S3 groups) who will receive the permission. If you +// use these ACL-specific headers, you cannot use x-amz-acl header to set // a canned ACL. These parameters map to the set of permissions that Amazon // S3 supports in an ACL. For more information, see Access Control List (ACL) // Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). @@ -8695,7 +8695,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // // * By the person's ID: <>ID<><>GranteesEmail<> -// DisplayName is optional and ignored in the request +// DisplayName is optional and ignored in the request. // // * By URI: <>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<> @@ -9141,7 +9141,7 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // PutPublicAccessBlock API operation for Amazon Simple Storage Service. // // Creates or modifies the PublicAccessBlock configuration for an Amazon S3 -// bucket. In order to use this operation, you must have the s3:PutBucketPublicAccessBlock +// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock // permission. For more information about Amazon S3 permissions, see Specifying // Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). // @@ -9351,7 +9351,7 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // GLACIER storage class and typically complete within 12 hours from the // DEEP_ARCHIVE storage class. // -// * Bulk - Bulk retrievals are Amazon Glacier’s lowest-cost retrieval +// * Bulk - Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval // option, enabling you to retrieve large amounts, even petabytes, of data // inexpensively in a day. Bulk retrievals typically complete within 5-12 // hours from the GLACIER storage class and typically complete within 48 @@ -9432,7 +9432,7 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // // Returned Error Codes: // * ErrCodeObjectAlreadyInActiveTierError "ObjectAlreadyInActiveTierError" -// This operation is not allowed against this storage tier +// This operation is not allowed against this storage tier. // // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObject func (c *S3) RestoreObject(input *RestoreObjectInput) (*RestoreObjectOutput, error) { @@ -9495,9 +9495,15 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r output = &SelectObjectContentOutput{} req = c.newRequest(op, input, output) + + es := newSelectObjectContentEventStream() + req.Handlers.Unmarshal.PushBack(es.setStreamCloser) + output.EventStream = es + req.Handlers.Send.Swap(client.LogHTTPResponseHandler.Name, client.LogHTTPResponseHeaderHandler) req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, rest.UnmarshalHandler) - req.Handlers.Unmarshal.PushBack(output.runEventStreamLoop) + req.Handlers.Unmarshal.PushBack(es.runOutputStream) + req.Handlers.Unmarshal.PushBack(es.runOnStreamPartClose) return } @@ -9616,6 +9622,147 @@ func (c *S3) SelectObjectContentWithContext(ctx aws.Context, input *SelectObject return out, req.Send() } +// SelectObjectContentEventStream provides the event stream handling for the SelectObjectContent. +type SelectObjectContentEventStream struct { + + // Reader is the EventStream reader for the SelectObjectContentEventStream + // events. This value is automatically set by the SDK when the API call is made + // Use this member when unit testing your code with the SDK to mock out the + // EventStream Reader. + // + // Must not be nil. + Reader SelectObjectContentEventStreamReader + + outputReader io.ReadCloser + + // StreamCloser is the io.Closer for the EventStream connection. For HTTP + // EventStream this is the response Body. The stream will be closed when + // the Close method of the EventStream is called. + StreamCloser io.Closer + + done chan struct{} + closeOnce sync.Once + err *eventstreamapi.OnceError +} + +func newSelectObjectContentEventStream() *SelectObjectContentEventStream { + return &SelectObjectContentEventStream{ + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), + } +} + +func (es *SelectObjectContentEventStream) setStreamCloser(r *request.Request) { + es.StreamCloser = r.HTTPResponse.Body +} + +func (es *SelectObjectContentEventStream) runOnStreamPartClose(r *request.Request) { + if es.done == nil { + return + } + go es.waitStreamPartClose() + +} + +func (es *SelectObjectContentEventStream) waitStreamPartClose() { + var outputErrCh <-chan struct{} + if v, ok := es.Reader.(interface{ ErrorSet() <-chan struct{} }); ok { + outputErrCh = v.ErrorSet() + } + var outputClosedCh <-chan struct{} + if v, ok := es.Reader.(interface{ Closed() <-chan struct{} }); ok { + outputClosedCh = v.Closed() + } + + select { + case <-es.done: + case <-outputErrCh: + es.err.SetError(es.Reader.Err()) + es.Close() + case <-outputClosedCh: + if err := es.Reader.Err(); err != nil { + es.err.SetError(es.Reader.Err()) + } + es.Close() + } +} + +// Events returns a channel to read events from. +// +// These events are: +// +// * ContinuationEvent +// * EndEvent +// * ProgressEvent +// * RecordsEvent +// * StatsEvent +func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent { + return es.Reader.Events() +} + +func (es *SelectObjectContentEventStream) runOutputStream(r *request.Request) { + var opts []func(*eventstream.Decoder) + if r.Config.Logger != nil && r.Config.LogLevel.Matches(aws.LogDebugWithEventStreamBody) { + opts = append(opts, eventstream.DecodeWithLogger(r.Config.Logger)) + } + + unmarshalerForEvent := unmarshalerForSelectObjectContentEventStreamEvent{ + metadata: protocol.ResponseMetadata{ + StatusCode: r.HTTPResponse.StatusCode, + RequestID: r.RequestID, + }, + }.UnmarshalerForEventName + + decoder := eventstream.NewDecoder(r.HTTPResponse.Body, opts...) + eventReader := eventstreamapi.NewEventReader(decoder, + protocol.HandlerPayloadUnmarshal{ + Unmarshalers: r.Handlers.UnmarshalStream, + }, + unmarshalerForEvent, + ) + + es.outputReader = r.HTTPResponse.Body + es.Reader = newReadSelectObjectContentEventStream(eventReader) +} + +// Close closes the stream. This will also cause the stream to be closed. +// Close must be called when done using the stream API. Not calling Close +// may result in resource leaks. +// +// You can use the closing of the Reader's Events channel to terminate your +// application's read from the API's stream. +// +func (es *SelectObjectContentEventStream) Close() (err error) { + es.closeOnce.Do(es.safeClose) + return es.Err() +} + +func (es *SelectObjectContentEventStream) safeClose() { + if es.done != nil { + close(es.done) + } + + es.Reader.Close() + if es.outputReader != nil { + es.outputReader.Close() + } + + es.StreamCloser.Close() +} + +// Err returns any error that occurred while reading or writing EventStream +// Events from the service API's response. Returns nil if there were no errors. +func (es *SelectObjectContentEventStream) Err() error { + if err := es.err.Err(); err != nil { + return err + } + if err := es.Reader.Err(); err != nil { + return err + } + + return nil +} + const opUploadPart = "UploadPart" // UploadPartRequest generates a "aws/request.Request" representing the @@ -9701,7 +9848,7 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // You can optionally request server-side encryption where Amazon S3 encrypts // your data as it writes it to disks in its data centers and decrypts it for // you when you access it. You have the option of providing your own encryption -// key, or you can use the AWS-managed encryption keys. If you choose to provide +// key, or you can use the AWS managed encryption keys. If you choose to provide // your own encryption key, the request headers you provide in the request must // match the headers you used in the request to initiate the upload by using // CreateMultipartUpload. For more information, go to Using Server-Side Encryption @@ -9711,7 +9858,7 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // Server-side encryption is supported by the S3 Multipart Upload actions. Unless // you are using a customer-provided encryption key, you don't need to specify // the encryption parameters in each UploadPart request. Instead, you only need -// to specify the server side encryption parameters in the initial Initiate +// to specify the server-side encryption parameters in the initial Initiate // Multipart request. For more information, see CreateMultipartUpload. // // If you requested server-side encryption using a customer-provided encryption @@ -9831,19 +9978,18 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // to your initiate request. Amazon S3 returns a unique identifier, the upload // ID, that you must include in your upload part request. // -// For more information on using the UploadPartCopy operation, see the following -// topics: +// For more information about using the UploadPartCopy operation, see the following: // -// * For conceptual information on multipart uploads, go to Uploading Objects +// * For conceptual information about multipart uploads, see Uploading Objects // Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) // in the Amazon Simple Storage Service Developer Guide. // -// * For information on permissions required to use the multipart upload -// API, go to Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// * For information about permissions required to use the multipart upload +// API, see Multipart Upload API and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) // in the Amazon Simple Storage Service Developer Guide. // // * For information about copying objects using a single atomic operation -// vs. the multipart upload, go to Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) +// vs. the multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) // in the Amazon Simple Storage Service Developer Guide. // // * For information about using server-side encryption with customer-provided @@ -9851,18 +9997,20 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // UploadPart. // // Note the following additional considerations about the request headers x-amz-copy-source-if-match, -// x-amz-copy-source-if-none-match x-amz-copy-source-if-unmodified-since x-amz-copy-source-if-modified-since +// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and +// x-amz-copy-source-if-modified-since: // // * Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since // headers are present in the request as follows: x-amz-copy-source-if-match // condition evaluates to true, and; x-amz-copy-source-if-unmodified-since -// condition evaluates to false; then, S3 returns 200 OK and copies the data. +// condition evaluates to false; Amazon S3 returns 200 OK and copies the +// data. // // * Consideration 2 - If both of the x-amz-copy-source-if-none-match and // x-amz-copy-source-if-modified-since headers are present in the request // as follows: x-amz-copy-source-if-none-match condition evaluates to false, // and; x-amz-copy-source-if-modified-since condition evaluates to true; -// then, S3 returns 412 Precondition Failed response code. +// Amazon S3 returns 412 Precondition Failed response code. // // Versioning // @@ -9963,7 +10111,14 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI type AbortMultipartUploadInput struct { _ struct{} `locationName:"AbortMultipartUploadRequest" type:"structure"` - // The bucket to which the upload was taking place. + // The bucket name to which the upload was taking place. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -9973,10 +10128,11 @@ type AbortMultipartUploadInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -10051,6 +10207,20 @@ func (s *AbortMultipartUploadInput) SetUploadId(v string) *AbortMultipartUploadI return s } +func (s *AbortMultipartUploadInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *AbortMultipartUploadInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type AbortMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -10782,7 +10952,7 @@ func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule { return s } -// Describes how a uncompressed comma-separated values (CSV)-formatted input +// Describes how an uncompressed comma-separated values (CSV)-formatted input // object is formatted. type CSVInput struct { _ struct{} `type:"structure"` @@ -10976,7 +11146,7 @@ type CloudFunctionConfiguration struct { // If you don't provide one, Amazon S3 will assign an ID. Id *string `type:"string"` - // The role supporting the invocation of the lambda function + // The role supporting the invocation of the Lambda function InvocationRole *string `type:"string"` } @@ -11064,10 +11234,11 @@ type CompleteMultipartUploadInput struct { // The container for the multipart upload request information. MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // ID for the initiated multipart upload. @@ -11148,6 +11319,20 @@ func (s *CompleteMultipartUploadInput) SetUploadId(v string) *CompleteMultipartU return s } +func (s *CompleteMultipartUploadInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CompleteMultipartUploadInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type CompleteMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -11176,8 +11361,9 @@ type CompleteMultipartUploadOutput struct { // request. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // If you specified server-side encryption either with an Amazon S3-managed @@ -11392,6 +11578,11 @@ func (s *ContinuationEvent) UnmarshalEvent( return nil } +func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + return msg, err +} + type CopyObjectInput struct { _ struct{} `locationName:"CopyObjectRequest" type:"structure"` @@ -11439,7 +11630,8 @@ type CopyObjectInput struct { // Copies the object if it hasn't been modified since the specified time. CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` - // Specifies the algorithm to use when decrypting the source object (e.g., AES256). + // Specifies the algorithm to use when decrypting the source object (for example, + // AES256). CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt @@ -11448,8 +11640,8 @@ type CopyObjectInput struct { CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` // The date and time at which the object is no longer cacheable. @@ -11488,25 +11680,27 @@ type CopyObjectInput struct { // The date and time when you want the copied object's Object Lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the AWS KMS Encryption Context to use for object encryption. The @@ -11516,12 +11710,14 @@ type CopyObjectInput struct { // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL - // or using SigV4. Documentation on configuring any of the officially supported - // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version + // or using SigV4. For information about configuring using any of the officially + // supported AWS SDKs and AWS CLI, see Specifying the Signature Version in Request + // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // in the Amazon S3 Developer Guide. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // The type of storage to use for the object. Defaults to 'STANDARD'. @@ -11529,7 +11725,7 @@ type CopyObjectInput struct { // The tag-set for the object destination object this value must be used in // conjunction with the TaggingDirective. The tag-set must be encoded as URL - // Query parameters + // Query parameters. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // Specifies whether the object tag-set are copied from the source object or @@ -11820,6 +12016,20 @@ func (s *CopyObjectInput) SetWebsiteRedirectLocation(v string) *CopyObjectInput return s } +func (s *CopyObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CopyObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type CopyObjectOutput struct { _ struct{} `type:"structure" payload:"CopyObjectResult"` @@ -11842,7 +12052,7 @@ type CopyObjectOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` @@ -11851,12 +12061,13 @@ type CopyObjectOutput struct { // the encryption context key-value pairs. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. @@ -11933,7 +12144,7 @@ func (s *CopyObjectOutput) SetVersionId(v string) *CopyObjectOutput { return s } -// >Container for all response elements. +// Container for all response elements. type CopyObjectResult struct { _ struct{} `type:"structure"` @@ -12005,8 +12216,8 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { type CreateBucketConfiguration struct { _ struct{} `type:"structure"` - // Specifies the region where the bucket will be created. If you don't specify - // a region, the bucket is created in US East (N. Virginia) Region (us-east-1). + // Specifies the Region where the bucket will be created. If you don't specify + // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } @@ -12150,8 +12361,8 @@ func (s *CreateBucketInput) SetObjectLockEnabledForBucket(v bool) *CreateBucketI type CreateBucketOutput struct { _ struct{} `type:"structure"` - // Specifies the region where the bucket will be created. If you are creating - // a bucket on the US East (N. Virginia) region (us-east-1), you do not need + // Specifies the Region where the bucket will be created. If you are creating + // a bucket on the US East (N. Virginia) Region (us-east-1), you do not need // to specify the location. Location *string `location:"header" locationName:"Location" type:"string"` } @@ -12232,25 +12443,27 @@ type CreateMultipartUploadInput struct { // Specifies the date and time when you want the Object Lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the AWS KMS Encryption Context to use for object encryption. The @@ -12258,20 +12471,22 @@ type CreateMultipartUploadInput struct { // encryption context key-value pairs. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT - // requests for an object protected by AWS KMS will fail if not made via SSL - // or using SigV4. Documentation on configuring any of the officially supported - // AWS SDKs and CLI can be found at http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version + // Specifies the ID of the symmetric customer managed AWS KMS CMK to use for + // object encryption. All GET and PUT requests for an object protected by AWS + // KMS will fail if not made via SSL or using SigV4. For information about configuring + // using any of the officially supported AWS SDKs and AWS CLI, see Specifying + // the Signature Version in Request Authentication (https://docs.aws.amazon.com/http:/docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // in the Amazon S3 Developer Guide. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // The type of storage to use for the object. Defaults to 'STANDARD'. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The tag-set for the object. The tag-set must be encoded as URL Query parameters + // The tag-set for the object. The tag-set must be encoded as URL Query parameters. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object @@ -12488,6 +12703,20 @@ func (s *CreateMultipartUploadInput) SetWebsiteRedirectLocation(v string) *Creat return s } +func (s *CreateMultipartUploadInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CreateMultipartUploadInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type CreateMultipartUploadOutput struct { _ struct{} `type:"structure"` @@ -12508,6 +12737,13 @@ type CreateMultipartUploadOutput struct { AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // Name of the bucket to which the multipart upload was initiated. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. Bucket *string `locationName:"Bucket" type:"string"` // Object key for which the multipart upload was initiated. @@ -12523,7 +12759,7 @@ type CreateMultipartUploadOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` @@ -12532,12 +12768,13 @@ type CreateMultipartUploadOutput struct { // the encryption context key-value pairs. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // ID for the initiated multipart upload. @@ -12792,6 +13029,20 @@ func (s *DeleteBucketAnalyticsConfigurationInput) SetId(v string) *DeleteBucketA return s } +func (s *DeleteBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketAnalyticsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -12854,6 +13105,20 @@ func (s *DeleteBucketCorsInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketCorsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketCorsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketCorsOutput struct { _ struct{} `type:"structure"` } @@ -12917,6 +13182,20 @@ func (s *DeleteBucketEncryptionInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketEncryptionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketEncryptionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketEncryptionOutput struct { _ struct{} `type:"structure"` } @@ -12979,6 +13258,20 @@ func (s *DeleteBucketInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketInventoryConfigurationInput struct { _ struct{} `locationName:"DeleteBucketInventoryConfigurationRequest" type:"structure"` @@ -13041,6 +13334,20 @@ func (s *DeleteBucketInventoryConfigurationInput) SetId(v string) *DeleteBucketI return s } +func (s *DeleteBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketInventoryConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -13103,6 +13410,20 @@ func (s *DeleteBucketLifecycleInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketLifecycleInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketLifecycleInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketLifecycleOutput struct { _ struct{} `type:"structure"` } @@ -13179,6 +13500,20 @@ func (s *DeleteBucketMetricsConfigurationInput) SetId(v string) *DeleteBucketMet return s } +func (s *DeleteBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketMetricsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -13255,6 +13590,20 @@ func (s *DeleteBucketPolicyInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketPolicyInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketPolicyInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketPolicyOutput struct { _ struct{} `type:"structure"` } @@ -13317,6 +13666,20 @@ func (s *DeleteBucketReplicationInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketReplicationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketReplicationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketReplicationOutput struct { _ struct{} `type:"structure"` } @@ -13379,6 +13742,20 @@ func (s *DeleteBucketTaggingInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketTaggingOutput struct { _ struct{} `type:"structure"` } @@ -13441,6 +13818,20 @@ func (s *DeleteBucketWebsiteInput) getBucket() (v string) { return *s.Bucket } +func (s *DeleteBucketWebsiteInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteBucketWebsiteInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteBucketWebsiteOutput struct { _ struct{} `type:"structure"` } @@ -13523,7 +13914,7 @@ func (s *DeleteMarkerEntry) SetVersionId(v string) *DeleteMarkerEntry { // only Disabled. For an example configuration, see Basic Rule // Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). // -// If you don't specify the Filter element, Amazon S3 assumes the replication +// If you don't specify the Filter element, Amazon S3 assumes that the replication // configuration is the earlier version, V1. In the earlier version, Amazon // S3 handled replication of delete markers differently. For more information, // see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). @@ -13558,6 +13949,13 @@ type DeleteObjectInput struct { // The bucket name of the bucket containing the object. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -13572,14 +13970,15 @@ type DeleteObjectInput struct { // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to - // permanently delete a versionedobject if versioning is configured with MFA - // Deleteenabled. + // permanently delete a versioned object if versioning is configured with MFA + // delete enabled. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -13661,6 +14060,20 @@ func (s *DeleteObjectInput) SetVersionId(v string) *DeleteObjectInput { return s } +func (s *DeleteObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteObjectOutput struct { _ struct{} `type:"structure"` @@ -13708,7 +14121,14 @@ func (s *DeleteObjectOutput) SetVersionId(v string) *DeleteObjectOutput { type DeleteObjectTaggingInput struct { _ struct{} `locationName:"DeleteObjectTaggingRequest" type:"structure"` - // The bucket containing the objects from which to remove the tags. + // The bucket name containing the objects from which to remove the tags. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -13779,6 +14199,20 @@ func (s *DeleteObjectTaggingInput) SetVersionId(v string) *DeleteObjectTaggingIn return s } +func (s *DeleteObjectTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteObjectTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -13807,6 +14241,13 @@ type DeleteObjectsInput struct { // The bucket name containing the objects to delete. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -13823,13 +14264,14 @@ type DeleteObjectsInput struct { // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA - // Delete enabled. + // delete enabled. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -13904,6 +14346,20 @@ func (s *DeleteObjectsInput) SetRequestPayer(v string) *DeleteObjectsInput { return s } +func (s *DeleteObjectsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeleteObjectsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeleteObjectsOutput struct { _ struct{} `type:"structure"` @@ -13996,6 +14452,20 @@ func (s *DeletePublicAccessBlockInput) getBucket() (v string) { return *s.Bucket } +func (s *DeletePublicAccessBlockInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *DeletePublicAccessBlockInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type DeletePublicAccessBlockOutput struct { _ struct{} `type:"structure"` } @@ -14066,7 +14536,7 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject { } // Specifies information about where to publish analysis or configuration results -// for an Amazon S3 bucket. +// for an Amazon S3 bucket and S3 Replication Time Control (S3 RTC). type Destination struct { _ struct{} `type:"structure"` @@ -14081,7 +14551,7 @@ type Destination struct { // direct Amazon S3 to change replica ownership to the AWS account that owns // the destination bucket by specifying the AccessControlTranslation property, // this is the account ID of the destination bucket owner. For more information, - // see Replication Additional Configuration: Change Replica Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html) + // see Replication Additional Configuration: Changing the Replica Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html) // in the Amazon Simple Storage Service Developer Guide. Account *string `type:"string"` @@ -14095,6 +14565,16 @@ type Destination struct { // is specified, you must specify this element. EncryptionConfiguration *EncryptionConfiguration `type:"structure"` + // A container specifying replication metrics-related settings enabling metrics + // and Amazon S3 events for S3 Replication Time Control (S3 RTC). Must be specified + // together with a ReplicationTime block. + Metrics *Metrics `type:"structure"` + + // A container specifying S3 Replication Time Control (S3 RTC), including whether + // S3 RTC is enabled and the time when all objects and operations on objects + // must be replicated. Must be specified together with a Metrics block. + ReplicationTime *ReplicationTime `type:"structure"` + // The storage class to use when replicating objects, such as standard or reduced // redundancy. By default, Amazon S3 uses the storage class of the source object // to create the object replica. @@ -14126,6 +14606,16 @@ func (s *Destination) Validate() error { invalidParams.AddNested("AccessControlTranslation", err.(request.ErrInvalidParams)) } } + if s.Metrics != nil { + if err := s.Metrics.Validate(); err != nil { + invalidParams.AddNested("Metrics", err.(request.ErrInvalidParams)) + } + } + if s.ReplicationTime != nil { + if err := s.ReplicationTime.Validate(); err != nil { + invalidParams.AddNested("ReplicationTime", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14164,6 +14654,18 @@ func (s *Destination) SetEncryptionConfiguration(v *EncryptionConfiguration) *De return s } +// SetMetrics sets the Metrics field's value. +func (s *Destination) SetMetrics(v *Metrics) *Destination { + s.Metrics = v + return s +} + +// SetReplicationTime sets the ReplicationTime field's value. +func (s *Destination) SetReplicationTime(v *ReplicationTime) *Destination { + s.ReplicationTime = v + return s +} + // SetStorageClass sets the StorageClass field's value. func (s *Destination) SetStorageClass(v string) *Destination { s.StorageClass = &v @@ -14175,7 +14677,7 @@ type Encryption struct { _ struct{} `type:"structure"` // The server-side encryption algorithm used when storing job results in Amazon - // S3 (e.g., AES256, aws:kms). + // S3 (for example, AES256, aws:kms). // // EncryptionType is a required field EncryptionType *string `type:"string" required:"true" enum:"ServerSideEncryption"` @@ -14184,8 +14686,11 @@ type Encryption struct { // the encryption context for the restore results. KMSContext *string `type:"string"` - // If the encryption type is aws:kms, this optional value specifies the AWS - // KMS key ID to use for encryption of job results. + // If the encryption type is aws:kms, this optional value specifies the ID of + // the symmetric customer managed AWS KMS CMK to use for encryption of job results. + // Amazon S3 only supports symmetric CMKs. For more information, see Using Symmetric + // and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // in the AWS Key Management Service Developer Guide. KMSKeyId *string `type:"string" sensitive:"true"` } @@ -14235,8 +14740,12 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { type EncryptionConfiguration struct { _ struct{} `type:"structure"` - // Specifies the AWS KMS Key ID (Key ARN or Alias ARN) for the destination bucket. - // Amazon S3 uses this key to encrypt replica objects. + // Specifies the ID (Key ARN or Alias ARN) of the customer managed customer + // master key (CMK) stored in AWS Key Management Service (KMS) for the destination + // bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only + // supports symmetric customer managed CMKs. For more information, see Using + // Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // in the AWS Key Management Service Developer Guide. ReplicaKmsKeyID *string `type:"string"` } @@ -14285,6 +14794,11 @@ func (s *EndEvent) UnmarshalEvent( return nil } +func (s *EndEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + return msg, err +} + // Container for all error elements. type Error struct { _ struct{} `type:"structure"` @@ -14326,11 +14840,11 @@ type Error struct { // // * Code: BucketAlreadyOwnedByYou Description: The bucket you tried to create // already exists, and you own it. Amazon S3 returns this error in all AWS - // Regions except in the North Virginia region. For legacy compatibility, + // Regions except in the North Virginia Region. For legacy compatibility, // if you re-create an existing bucket that you already own in the North - // Virginia region, Amazon S3 returns 200 OK and resets the bucket access - // control lists (ACLs). Code: 409 Conflict (in all regions except the North - // Virginia region) SOAP Fault Code Prefix: Client + // Virginia Region, Amazon S3 returns 200 OK and resets the bucket access + // control lists (ACLs). Code: 409 Conflict (in all Regions except the North + // Virginia Region) SOAP Fault Code Prefix: Client // // * Code: BucketNotEmpty Description: The bucket you tried to delete is // not empty. HTTP Status Code: 409 Conflict SOAP Fault Code Prefix: Client @@ -14733,13 +15247,12 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { return s } -// A container that specifies information about existing object replication. -// You can choose whether to enable or disable the replication of existing objects. +// Optional configuration to replicate existing source bucket objects. For more +// information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) +// in the Amazon S3 Developer Guide. type ExistingObjectReplication struct { _ struct{} `type:"structure"` - // Specifies whether existing object replication is enabled. - // // Status is a required field Status *string `type:"string" required:"true" enum:"ExistingObjectReplicationStatus"` } @@ -14859,6 +15372,20 @@ func (s *GetBucketAccelerateConfigurationInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketAccelerateConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` @@ -14930,6 +15457,20 @@ func (s *GetBucketAclInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketAclInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketAclInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketAclOutput struct { _ struct{} `type:"structure"` @@ -15024,6 +15565,20 @@ func (s *GetBucketAnalyticsConfigurationInput) SetId(v string) *GetBucketAnalyti return s } +func (s *GetBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketAnalyticsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure" payload:"AnalyticsConfiguration"` @@ -15095,6 +15650,20 @@ func (s *GetBucketCorsInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketCorsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketCorsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketCorsOutput struct { _ struct{} `type:"structure"` @@ -15168,6 +15737,20 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketEncryptionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketEncryptionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketEncryptionOutput struct { _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` @@ -15253,6 +15836,20 @@ func (s *GetBucketInventoryConfigurationInput) SetId(v string) *GetBucketInvento return s } +func (s *GetBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketInventoryConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure" payload:"InventoryConfiguration"` @@ -15279,7 +15876,7 @@ func (s *GetBucketInventoryConfigurationOutput) SetInventoryConfiguration(v *Inv type GetBucketLifecycleConfigurationInput struct { _ struct{} `locationName:"GetBucketLifecycleConfigurationRequest" type:"structure"` - // The name of the bucket for which to the the lifecycle information. + // The name of the bucket for which to get the lifecycle information. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -15324,6 +15921,20 @@ func (s *GetBucketLifecycleConfigurationInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketLifecycleConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketLifecycleConfigurationOutput struct { _ struct{} `type:"structure"` @@ -15350,7 +15961,7 @@ func (s *GetBucketLifecycleConfigurationOutput) SetRules(v []*LifecycleRule) *Ge type GetBucketLifecycleInput struct { _ struct{} `locationName:"GetBucketLifecycleRequest" type:"structure"` - // The name of the bucket for which to the the lifecycle information. + // The name of the bucket for which to get the lifecycle information. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -15395,6 +16006,20 @@ func (s *GetBucketLifecycleInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketLifecycleInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketLifecycleInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketLifecycleOutput struct { _ struct{} `type:"structure"` @@ -15466,11 +16091,25 @@ func (s *GetBucketLocationInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketLocationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketLocationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketLocationOutput struct { _ struct{} `type:"structure"` - // Specifies the region where the bucket resides. For a list of all the Amazon - // S3 supported location constraints by region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). + // Specifies the Region where the bucket resides. For a list of all the Amazon + // S3 supported location constraints by Region, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } @@ -15538,6 +16177,20 @@ func (s *GetBucketLoggingInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketLoggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketLoggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketLoggingOutput struct { _ struct{} `type:"structure"` @@ -15626,6 +16279,20 @@ func (s *GetBucketMetricsConfigurationInput) SetId(v string) *GetBucketMetricsCo return s } +func (s *GetBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketMetricsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure" payload:"MetricsConfiguration"` @@ -15697,6 +16364,20 @@ func (s *GetBucketNotificationConfigurationRequest) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketNotificationConfigurationRequest) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketNotificationConfigurationRequest) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketPolicyInput struct { _ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"` @@ -15745,6 +16426,20 @@ func (s *GetBucketPolicyInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketPolicyInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketPolicyInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketPolicyOutput struct { _ struct{} `type:"structure" payload:"Policy"` @@ -15816,6 +16511,20 @@ func (s *GetBucketPolicyStatusInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketPolicyStatusInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketPolicyStatusInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketPolicyStatusOutput struct { _ struct{} `type:"structure" payload:"PolicyStatus"` @@ -15887,6 +16596,20 @@ func (s *GetBucketReplicationInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketReplicationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketReplicationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketReplicationOutput struct { _ struct{} `type:"structure" payload:"ReplicationConfiguration"` @@ -15959,6 +16682,20 @@ func (s *GetBucketRequestPaymentInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketRequestPaymentInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketRequestPaymentOutput struct { _ struct{} `type:"structure"` @@ -16030,6 +16767,20 @@ func (s *GetBucketTaggingInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketTaggingOutput struct { _ struct{} `type:"structure"` @@ -16103,6 +16854,20 @@ func (s *GetBucketVersioningInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketVersioningInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketVersioningInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketVersioningOutput struct { _ struct{} `type:"structure"` @@ -16185,6 +16950,20 @@ func (s *GetBucketWebsiteInput) getBucket() (v string) { return *s.Bucket } +func (s *GetBucketWebsiteInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetBucketWebsiteInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetBucketWebsiteOutput struct { _ struct{} `type:"structure"` @@ -16239,7 +17018,14 @@ func (s *GetBucketWebsiteOutput) SetRoutingRules(v []*RoutingRule) *GetBucketWeb type GetObjectAclInput struct { _ struct{} `locationName:"GetObjectAclRequest" type:"structure"` - // The bucket name of the object for which to get the ACL information. + // The bucket name that contains the object for which to get the ACL information. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -16249,10 +17035,11 @@ type GetObjectAclInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -16322,6 +17109,20 @@ func (s *GetObjectAclInput) SetVersionId(v string) *GetObjectAclInput { return s } +func (s *GetObjectAclInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectAclInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectAclOutput struct { _ struct{} `type:"structure"` @@ -16369,6 +17170,13 @@ type GetObjectInput struct { // The bucket name containing the object. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -16399,13 +17207,14 @@ type GetObjectInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35. + // the HTTP Range header, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35. Range *string `location:"header" locationName:"Range" type:"string"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. @@ -16426,19 +17235,20 @@ type GetObjectInput struct { // Sets the Expires header of the response. ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // VersionId used to reference a specific version of the object. @@ -16605,10 +17415,32 @@ func (s *GetObjectInput) SetVersionId(v string) *GetObjectInput { return s } +func (s *GetObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectLegalHoldInput struct { _ struct{} `locationName:"GetObjectLegalHoldRequest" type:"structure"` - // The bucket containing the object whose Legal Hold status you want to retrieve. + // The bucket name containing the object whose Legal Hold status you want to + // retrieve. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -16618,10 +17450,11 @@ type GetObjectLegalHoldInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object whose Legal Hold status you want to retrieve. @@ -16691,6 +17524,20 @@ func (s *GetObjectLegalHoldInput) SetVersionId(v string) *GetObjectLegalHoldInpu return s } +func (s *GetObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectLegalHoldInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectLegalHoldOutput struct { _ struct{} `type:"structure" payload:"LegalHold"` @@ -16762,6 +17609,20 @@ func (s *GetObjectLockConfigurationInput) getBucket() (v string) { return *s.Bucket } +func (s *GetObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectLockConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectLockConfigurationOutput struct { _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` @@ -16788,7 +17649,7 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` - // Indicates that a range of bytes was specifed. + // Indicates that a range of bytes was specified. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Object data. @@ -16822,11 +17683,11 @@ type GetObjectOutput struct { DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An ETag is an opaque identifier assigned by a web server to a specific version - // of a resource found at a URL + // of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key value pairs + // includes this header. It includes the expiry-date and rule-id key-value pairs // providing object expiration information. The value of the rule-id is URL // encoded. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` @@ -16838,6 +17699,10 @@ type GetObjectOutput struct { LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. + // + // By default unmarshaled keys are written as a map keys in following canonicalized format: + // the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase. + // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // This is set to the number of metadata entries not returned in x-amz-meta @@ -16877,16 +17742,17 @@ type GetObjectOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this @@ -17104,7 +17970,15 @@ func (s *GetObjectOutput) SetWebsiteRedirectLocation(v string) *GetObjectOutput type GetObjectRetentionInput struct { _ struct{} `locationName:"GetObjectRetentionRequest" type:"structure"` - // The bucket containing the object whose retention settings you want to retrieve. + // The bucket name containing the object whose retention settings you want to + // retrieve. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -17114,10 +17988,11 @@ type GetObjectRetentionInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. @@ -17187,6 +18062,20 @@ func (s *GetObjectRetentionInput) SetVersionId(v string) *GetObjectRetentionInpu return s } +func (s *GetObjectRetentionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectRetentionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectRetentionOutput struct { _ struct{} `type:"structure" payload:"Retention"` @@ -17215,6 +18104,13 @@ type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -17284,6 +18180,20 @@ func (s *GetObjectTaggingInput) SetVersionId(v string) *GetObjectTaggingInput { return s } +func (s *GetObjectTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -17332,10 +18242,11 @@ type GetObjectTorrentInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -17396,6 +18307,20 @@ func (s *GetObjectTorrentInput) SetRequestPayer(v string) *GetObjectTorrentInput return s } +func (s *GetObjectTorrentInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetObjectTorrentInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetObjectTorrentOutput struct { _ struct{} `type:"structure" payload:"Body"` @@ -17478,6 +18403,20 @@ func (s *GetPublicAccessBlockInput) getBucket() (v string) { return *s.Bucket } +func (s *GetPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *GetPublicAccessBlockInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type GetPublicAccessBlockOutput struct { _ struct{} `type:"structure" payload:"PublicAccessBlockConfiguration"` @@ -17712,6 +18651,20 @@ func (s *HeadBucketInput) getBucket() (v string) { return *s.Bucket } +func (s *HeadBucketInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *HeadBucketInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type HeadBucketOutput struct { _ struct{} `type:"structure"` } @@ -17762,28 +18715,30 @@ type HeadObjectInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35. + // the HTTP Range header, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35. Range *string `location:"header" locationName:"Range" type:"string"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // VersionId used to reference a specific version of the object. @@ -17914,10 +18869,24 @@ func (s *HeadObjectInput) SetVersionId(v string) *HeadObjectInput { return s } +func (s *HeadObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *HeadObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type HeadObjectOutput struct { _ struct{} `type:"structure"` - // Indicates that a range of bytes was specifed. + // Indicates that a range of bytes was specified. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Specifies caching behavior along the request/reply chain. @@ -17945,11 +18914,11 @@ type HeadObjectOutput struct { DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An ETag is an opaque identifier assigned by a web server to a specific version - // of a resource found at a URL + // of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key value pairs + // includes this header. It includes the expiry-date and rule-id key-value pairs // providing object expiration information. The value of the rule-id is URL // encoded. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` @@ -17961,6 +18930,10 @@ type HeadObjectOutput struct { LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. + // + // By default unmarshaled keys are written as a map keys in following canonicalized format: + // the first letter and any letter following a hyphen will be capitalized, and the rest as lowercase. + // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // This is set to the number of metadata entries not returned in x-amz-meta @@ -17991,24 +18964,24 @@ type HeadObjectOutput struct { // Amazon S3 can return this header if your request involves a bucket that is // either a source or destination in a replication rule. // - // In replication you have a source bucket on which you configure replication + // In replication, you have a source bucket on which you configure replication // and destination bucket where Amazon S3 stores object replicas. When you request // an object (GetObject) or object metadata (HeadObject) from these buckets, // Amazon S3 will return the x-amz-replication-status header in the response // as follows: // - // * If requesting object from the source bucket — Amazon S3 will return - // the x-amz-replication-status header if object in your request is eligible - // for replication. For example, suppose in your replication configuration - // you specify object prefix "TaxDocs" requesting Amazon S3 to replicate - // objects with key prefix "TaxDocs". Then any objects you upload with this - // key name prefix, for example "TaxDocs/document1.pdf", is eligible for - // replication. For any object request with this key name prefix Amazon S3 - // will return the x-amz-replication-status header with value PENDING, COMPLETED - // or FAILED indicating object replication status. + // * If requesting an object from the source bucket — Amazon S3 will return + // the x-amz-replication-status header if the object in your request is eligible + // for replication. For example, suppose that in your replication configuration, + // you specify object prefix TaxDocs requesting Amazon S3 to replicate objects + // with key prefix TaxDocs. Any objects you upload with this key name prefix, + // for example TaxDocs/document1.pdf, are eligible for replication. For any + // object request with this key name prefix, Amazon S3 will return the x-amz-replication-status + // header with value PENDING, COMPLETED or FAILED indicating object replication + // status. // - // * If requesting object from the destination bucket — Amazon S3 will - // return the x-amz-replication-status header with value REPLICA if object + // * If requesting an object from the destination bucket — Amazon S3 will + // return the x-amz-replication-status header with value REPLICA if the object // in your request is a replica that Amazon S3 created. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). @@ -18040,18 +19013,19 @@ type HeadObjectOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // If the object is stored using server-side encryption either with an AWS KMS // customer master key (CMK) or an Amazon S3-managed encryption key, the response - // includes this header with the value of the Server-side encryption algorithm - // used when storing this object in S3 (e.g., AES256, aws:kms). + // includes this header with the value of the server-side encryption algorithm + // used when storing this object in Amazon S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this @@ -18252,9 +19226,10 @@ type IndexDocument struct { _ struct{} `type:"structure"` // A suffix that is appended to a request that is for a directory on the website - // endpoint (e.g. if the suffix is index.html and you make a request to samplebucket/images/ - // the data that is returned will be for the object with the key name images/index.html) - // The suffix must not be empty and must not include a slash character. + // endpoint (for example,if the suffix is index.html and you make a request + // to samplebucket/images/ the data that is returned will be for the object + // with the key name images/index.html) The suffix must not be empty and must + // not include a slash character. // // Suffix is a required field Suffix *string `type:"string" required:"true"` @@ -18289,7 +19264,7 @@ func (s *IndexDocument) SetSuffix(v string) *IndexDocument { return s } -// Container element that identifies who initiated the ultipart upload. +// Container element that identifies who initiated the multipart upload. type Initiator struct { _ struct{} `type:"structure"` @@ -18560,10 +19535,10 @@ func (s *InventoryDestination) SetS3BucketDestination(v *InventoryS3BucketDestin type InventoryEncryption struct { _ struct{} `type:"structure"` - // Specifies the use of SSE-KMS to encrypt delivered Inventory reports. + // Specifies the use of SSE-KMS to encrypt delivered inventory reports. SSEKMS *SSEKMS `locationName:"SSE-KMS" type:"structure"` - // Specifies the use of SSE-S3 to encrypt delivered Inventory reports. + // Specifies the use of SSE-S3 to encrypt delivered inventory reports. SSES3 *SSES3 `locationName:"SSE-S3" type:"structure"` } @@ -18652,7 +19627,7 @@ type InventoryS3BucketDestination struct { // The ID of the account that owns the destination bucket. AccountId *string `type:"string"` - // The Amazon resource name (ARN) of the bucket where inventory results will + // The Amazon Resource Name (ARN) of the bucket where inventory results will // be published. // // Bucket is a required field @@ -18830,7 +19805,7 @@ func (s *JSONOutput) SetRecordDelimiter(v string) *JSONOutput { type KeyFilter struct { _ struct{} `type:"structure"` - // A list of containers for the key value pair that defines the criteria for + // A list of containers for the key-value pair that defines the criteria for // the filter rule. FilterRules []*FilterRule `locationName:"FilterRule" type:"list" flattened:"true"` } @@ -19054,10 +20029,10 @@ type LifecycleRule struct { NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` // Specifies the transition rule for the lifecycle rule that describes when - // noncurrent objects transition to the a specific storage class. If your bucket + // noncurrent objects transition to a specific storage class. If your bucket // is versioning-enabled (or versioning is suspended), you can set this action - // to request that Amazon S3 transition noncurrent object versions to the a - // specifc storage class at a set period in the object's lifetime. + // to request that Amazon S3 transition noncurrent object versions to a specific + // storage class at a set period in the object's lifetime. NoncurrentVersionTransitions []*NoncurrentVersionTransition `locationName:"NoncurrentVersionTransition" type:"list" flattened:"true"` // Prefix identifying one or more objects to which the rule applies. This is @@ -19337,6 +20312,20 @@ func (s *ListBucketAnalyticsConfigurationsInput) SetContinuationToken(v string) return s } +func (s *ListBucketAnalyticsConfigurationsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListBucketAnalyticsConfigurationsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListBucketAnalyticsConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -19452,6 +20441,20 @@ func (s *ListBucketInventoryConfigurationsInput) SetContinuationToken(v string) return s } +func (s *ListBucketInventoryConfigurationsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListBucketInventoryConfigurationsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListBucketInventoryConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -19567,6 +20570,20 @@ func (s *ListBucketMetricsConfigurationsInput) SetContinuationToken(v string) *L return s } +func (s *ListBucketMetricsConfigurationsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListBucketMetricsConfigurationsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListBucketMetricsConfigurationsOutput struct { _ struct{} `type:"structure"` @@ -19674,6 +20691,13 @@ type ListMultipartUploadsInput struct { // Name of the bucket to which the multipart upload was initiated. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -19800,6 +20824,20 @@ func (s *ListMultipartUploadsInput) SetUploadIdMarker(v string) *ListMultipartUp return s } +func (s *ListMultipartUploadsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListMultipartUploadsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListMultipartUploadsOutput struct { _ struct{} `type:"structure"` @@ -19949,7 +20987,14 @@ func (s *ListMultipartUploadsOutput) SetUploads(v []*MultipartUpload) *ListMulti type ListObjectVersionsInput struct { _ struct{} `locationName:"ListObjectVersionsRequest" type:"structure"` - // The name of the bucket that contains the objects. + // The bucket name that contains the objects. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -20065,6 +21110,20 @@ func (s *ListObjectVersionsInput) SetVersionIdMarker(v string) *ListObjectVersio return s } +func (s *ListObjectVersionsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListObjectVersionsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListObjectVersionsOutput struct { _ struct{} `type:"structure"` @@ -20075,7 +21134,7 @@ type ListObjectVersionsOutput struct { // Container for an object that is a delete marker. DeleteMarkers []*DeleteMarkerEntry `locationName:"DeleteMarker" type:"list" flattened:"true"` - // The delimeter grouping the included keys. A delimiter is a character that + // The delimiter grouping the included keys. A delimiter is a character that // you specify to group keys. All keys that contain the same string between // the prefix and the first occurrence of the delimiter are grouped under a // single result element in CommonPrefixes. These groups are counted as one @@ -20092,20 +21151,20 @@ type ListObjectVersionsOutput struct { // KeyMarker, NextKeyMarker, Prefix, Key, and Delimiter. EncodingType *string `type:"string" enum:"EncodingType"` - // A flag that indicates whether or not Amazon S3 returned all of the results - // that satisfied the search criteria. If your results were truncated, you can - // make a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker + // A flag that indicates whether Amazon S3 returned all of the results that + // satisfied the search criteria. If your results were truncated, you can make + // a follow-up paginated request using the NextKeyMarker and NextVersionIdMarker // response parameters as a starting place in another request to return the // rest of the results. IsTruncated *bool `type:"boolean"` - // Marks the last Key returned in a truncated response. + // Marks the last key returned in a truncated response. KeyMarker *string `type:"string"` // Specifies the maximum number of objects to return. MaxKeys *int64 `type:"integer"` - // Bucket owner's name. + // Bucket name. Name *string `type:"string"` // When the number of responses exceeds the value of MaxKeys, NextKeyMarker @@ -20122,7 +21181,7 @@ type ListObjectVersionsOutput struct { // Selects objects that start with the value supplied by this parameter. Prefix *string `type:"string"` - // Marks the last version of the Key returned in a truncated response. + // Marks the last version of the key returned in a truncated response. VersionIdMarker *string `type:"string"` // Container for version information. @@ -20327,6 +21386,20 @@ func (s *ListObjectsInput) SetRequestPayer(v string) *ListObjectsInput { return s } +func (s *ListObjectsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListObjectsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListObjectsOutput struct { _ struct{} `type:"structure"` @@ -20360,8 +21433,8 @@ type ListObjectsOutput struct { // Encoding type used by Amazon S3 to encode object keys in the response. EncodingType *string `type:"string" enum:"EncodingType"` - // A flag that indicates whether or not Amazon S3 returned all of the results - // that satisfied the search criteria. + // A flag that indicates whether Amazon S3 returned all of the results that + // satisfied the search criteria. IsTruncated *bool `type:"boolean"` // Indicates where in the bucket listing begins. Marker is included in the response @@ -20371,7 +21444,7 @@ type ListObjectsOutput struct { // The maximum number of keys returned in the response body. MaxKeys *int64 `type:"integer"` - // Name of the bucket. + // Bucket name. Name *string `type:"string"` // When response is truncated (the IsTruncated element value in the response @@ -20460,7 +21533,14 @@ func (s *ListObjectsOutput) SetPrefix(v string) *ListObjectsOutput { type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` - // Name of the bucket to list. + // Bucket name to list. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -20478,7 +21558,7 @@ type ListObjectsV2Input struct { // The owner field is not present in listV2 by default, if you want to return // owner field with each key in the result then set the fetch owner field to - // true + // true. FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"` // Sets the maximum number of keys returned in the response. The response might @@ -20585,6 +21665,20 @@ func (s *ListObjectsV2Input) SetStartAfter(v string) *ListObjectsV2Input { return s } +func (s *ListObjectsV2Input) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListObjectsV2Input) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListObjectsV2Output struct { _ struct{} `type:"structure"` @@ -20641,10 +21735,17 @@ type ListObjectsV2Output struct { // contain fewer keys but will never contain more. MaxKeys *int64 `type:"integer"` - // Name of the bucket. + // Bucket name. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. Name *string `type:"string"` - // NextContinuationToken is sent when isTruncated is true which means there + // NextContinuationToken is sent when isTruncated is true, which means there // are more keys in the bucket that can be listed. The next list requests to // Amazon S3 can be continued with this NextContinuationToken. NextContinuationToken // is obfuscated and is not a real key @@ -20742,7 +21843,14 @@ func (s *ListObjectsV2Output) SetStartAfter(v string) *ListObjectsV2Output { type ListPartsInput struct { _ struct{} `locationName:"ListPartsRequest" type:"structure"` - // Name of the bucket to which the parts are being uploaded.-> + // Name of the bucket to which the parts are being uploaded. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -20759,10 +21867,11 @@ type ListPartsInput struct { // part numbers will be listed. PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -20849,6 +21958,20 @@ func (s *ListPartsInput) SetUploadId(v string) *ListPartsInput { return s } +func (s *ListPartsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *ListPartsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type ListPartsOutput struct { _ struct{} `type:"structure"` @@ -20873,8 +21996,8 @@ type ListPartsOutput struct { // Container element that identifies who initiated the multipart upload. If // the initiator is an AWS account, this element provides the same information - // as the Owner element. If the initiator is an IAM User, then this element - // provides the user ARN and display name. + // as the Owner element. If the initiator is an IAM User, this element provides + // the user ARN and display name. Initiator *Initiator `type:"structure"` // Indicates whether the returned list of parts is truncated. A true value indicates @@ -21020,7 +22143,8 @@ func (s *ListPartsOutput) SetUploadId(v string) *ListPartsOutput { return s } -// Describes an S3 location that will receive the results of the restore request. +// Describes an Amazon S3 location that will receive the results of the restore +// request. type Location struct { _ struct{} `type:"structure"` @@ -21157,7 +22281,7 @@ type LoggingEnabled struct { // Specifies the bucket where you want Amazon S3 to store server access logs. // You can have your logs delivered to any bucket that you own, including the // same bucket that is being logged. You can also configure multiple buckets - // to deliver their logs to the same target bucket. In this case you should + // to deliver their logs to the same target bucket. In this case, you should // choose a different TargetPrefix for each source bucket so that the delivered // log files can be distinguished by key. // @@ -21262,6 +22386,62 @@ func (s *MetadataEntry) SetValue(v string) *MetadataEntry { return s } +// A container specifying replication metrics-related settings enabling metrics +// and Amazon S3 events for S3 Replication Time Control (S3 RTC). Must be specified +// together with a ReplicationTime block. +type Metrics struct { + _ struct{} `type:"structure"` + + // A container specifying the time threshold for emitting the s3:Replication:OperationMissedThreshold + // event. + // + // EventThreshold is a required field + EventThreshold *ReplicationTimeValue `type:"structure" required:"true"` + + // Specifies whether the replication metrics are enabled. + // + // Status is a required field + Status *string `type:"string" required:"true" enum:"MetricsStatus"` +} + +// String returns the string representation +func (s Metrics) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Metrics) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Metrics) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Metrics"} + if s.EventThreshold == nil { + invalidParams.Add(request.NewErrParamRequired("EventThreshold")) + } + if s.Status == nil { + invalidParams.Add(request.NewErrParamRequired("Status")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEventThreshold sets the EventThreshold field's value. +func (s *Metrics) SetEventThreshold(v *ReplicationTimeValue) *Metrics { + s.EventThreshold = v + return s +} + +// SetStatus sets the Status field's value. +func (s *Metrics) SetStatus(v string) *Metrics { + s.Status = &v + return s +} + // A conjunction (logical AND) of predicates, which is used in evaluating a // metrics filter. The operator must have at least two predicates, and an object // must match all of the predicates in order for the filter to apply. @@ -21557,8 +22737,8 @@ type NoncurrentVersionTransition struct { // Specifies the number of days an object is noncurrent before Amazon S3 can // perform the associated action. For information about the noncurrent days - // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) + // calculations, see How Amazon S3 Calculates How Long an Object Has Been Noncurrent + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) // in the Amazon Simple Storage Service Developer Guide. NoncurrentDays *int64 `type:"integer"` @@ -21685,7 +22865,7 @@ type NotificationConfigurationDeprecated struct { // when Amazon S3 detects specified events. QueueConfiguration *QueueConfigurationDeprecated `type:"structure"` - // This data type is deperecated. A container for specifying the configuration + // This data type is deprecated. A container for specifying the configuration // for publication of messages to an Amazon Simple Notification Service (Amazon // SNS) topic when Amazon S3 detects specified events. TopicConfiguration *TopicConfigurationDeprecated `type:"structure"` @@ -21986,7 +23166,7 @@ func (s *ObjectLockRule) SetDefaultRetention(v *DefaultRetention) *ObjectLockRul type ObjectVersion struct { _ struct{} `type:"structure"` - // The entity tag is an MD5 hash of that version of the object + // The entity tag is an MD5 hash of that version of the object. ETag *string `type:"string"` // Specifies whether the object is (true) or is not (false) the latest version @@ -21999,7 +23179,7 @@ type ObjectVersion struct { // Date and time the object was last modified. LastModified *time.Time `type:"timestamp"` - // Specifies the Owner of the object. + // Specifies the owner of the object. Owner *Owner `type:"structure"` // Size in bytes of the object. @@ -22142,14 +23322,14 @@ func (s *OutputSerialization) SetJSON(v *JSONOutput) *OutputSerialization { return s } -// Container for the owner's display name and ID +// Container for the owner's display name and ID. type Owner struct { _ struct{} `type:"structure"` - // Container for the display name of the owner + // Container for the display name of the owner. DisplayName *string `type:"string"` - // Container for the ID of the owner + // Container for the ID of the owner. ID *string `type:"string"` } @@ -22350,10 +23530,20 @@ func (s *ProgressEvent) UnmarshalEvent( return nil } +func (s *ProgressEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err +} + // The PublicAccessBlock configuration that you want to apply to this Amazon // S3 bucket. You can enable the configuration options in any combination. For // more information about when Amazon S3 considers a bucket or object public, -// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev//access-control-block-public-access.html#access-control-block-public-access-policy-status) +// see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) // in the Amazon Simple Storage Service Developer Guide. type PublicAccessBlockConfiguration struct { _ struct{} `type:"structure"` @@ -22494,6 +23684,20 @@ func (s *PutBucketAccelerateConfigurationInput) getBucket() (v string) { return *s.Bucket } +func (s *PutBucketAccelerateConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketAccelerateConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketAccelerateConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -22625,6 +23829,20 @@ func (s *PutBucketAclInput) SetGrantWriteACP(v string) *PutBucketAclInput { return s } +func (s *PutBucketAclInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketAclInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketAclOutput struct { _ struct{} `type:"structure"` } @@ -22720,6 +23938,20 @@ func (s *PutBucketAnalyticsConfigurationInput) SetId(v string) *PutBucketAnalyti return s } +func (s *PutBucketAnalyticsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketAnalyticsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketAnalyticsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -22804,6 +24036,20 @@ func (s *PutBucketCorsInput) SetCORSConfiguration(v *CORSConfiguration) *PutBuck return s } +func (s *PutBucketCorsInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketCorsInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketCorsOutput struct { _ struct{} `type:"structure"` } @@ -22889,6 +24135,20 @@ func (s *PutBucketEncryptionInput) SetServerSideEncryptionConfiguration(v *Serve return s } +func (s *PutBucketEncryptionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketEncryptionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketEncryptionOutput struct { _ struct{} `type:"structure"` } @@ -22984,6 +24244,20 @@ func (s *PutBucketInventoryConfigurationInput) SetInventoryConfiguration(v *Inve return s } +func (s *PutBucketInventoryConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketInventoryConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketInventoryConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -23060,6 +24334,20 @@ func (s *PutBucketLifecycleConfigurationInput) SetLifecycleConfiguration(v *Buck return s } +func (s *PutBucketLifecycleConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketLifecycleConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketLifecycleConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -23134,6 +24422,20 @@ func (s *PutBucketLifecycleInput) SetLifecycleConfiguration(v *LifecycleConfigur return s } +func (s *PutBucketLifecycleInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketLifecycleInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketLifecycleOutput struct { _ struct{} `type:"structure"` } @@ -23215,6 +24517,20 @@ func (s *PutBucketLoggingInput) SetBucketLoggingStatus(v *BucketLoggingStatus) * return s } +func (s *PutBucketLoggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketLoggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketLoggingOutput struct { _ struct{} `type:"structure"` } @@ -23310,6 +24626,20 @@ func (s *PutBucketMetricsConfigurationInput) SetMetricsConfiguration(v *MetricsC return s } +func (s *PutBucketMetricsConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketMetricsConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketMetricsConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -23392,6 +24722,20 @@ func (s *PutBucketNotificationConfigurationInput) SetNotificationConfiguration(v return s } +func (s *PutBucketNotificationConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketNotificationConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketNotificationConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -23468,6 +24812,20 @@ func (s *PutBucketNotificationInput) SetNotificationConfiguration(v *Notificatio return s } +func (s *PutBucketNotificationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketNotificationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketNotificationOutput struct { _ struct{} `type:"structure"` } @@ -23554,6 +24912,20 @@ func (s *PutBucketPolicyInput) SetPolicy(v string) *PutBucketPolicyInput { return s } +func (s *PutBucketPolicyInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketPolicyInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketPolicyOutput struct { _ struct{} `type:"structure"` } @@ -23644,6 +25016,20 @@ func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInpu return s } +func (s *PutBucketReplicationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketReplicationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketReplicationOutput struct { _ struct{} `type:"structure"` } @@ -23725,6 +25111,20 @@ func (s *PutBucketRequestPaymentInput) SetRequestPaymentConfiguration(v *Request return s } +func (s *PutBucketRequestPaymentInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketRequestPaymentInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketRequestPaymentOutput struct { _ struct{} `type:"structure"` } @@ -23806,6 +25206,20 @@ func (s *PutBucketTaggingInput) SetTagging(v *Tagging) *PutBucketTaggingInput { return s } +func (s *PutBucketTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketTaggingOutput struct { _ struct{} `type:"structure"` } @@ -23892,6 +25306,20 @@ func (s *PutBucketVersioningInput) SetVersioningConfiguration(v *VersioningConfi return s } +func (s *PutBucketVersioningInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketVersioningInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketVersioningOutput struct { _ struct{} `type:"structure"` } @@ -23973,6 +25401,20 @@ func (s *PutBucketWebsiteInput) SetWebsiteConfiguration(v *WebsiteConfiguration) return s } +func (s *PutBucketWebsiteInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutBucketWebsiteInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutBucketWebsiteOutput struct { _ struct{} `type:"structure"` } @@ -23991,13 +25433,21 @@ type PutObjectAclInput struct { _ struct{} `locationName:"PutObjectAclRequest" type:"structure" payload:"AccessControlPolicy"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // Contains the elements that set the ACL permissions for an object per grantee. AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The name of the bucket to which the ACL is being added. + // The bucket name that contains the object to which you want to attach the + // ACL. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -24023,10 +25473,11 @@ type PutObjectAclInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -24143,6 +25594,20 @@ func (s *PutObjectAclInput) SetVersionId(v string) *PutObjectAclInput { return s } +func (s *PutObjectAclInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectAclInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectAclOutput struct { _ struct{} `type:"structure"` @@ -24177,7 +25642,14 @@ type PutObjectInput struct { // Object data. Body io.ReadSeeker `type:"blob"` - // Name of the bucket to which the PUT operation was initiated. + // Bucket name to which the PUT operation was initiated. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -24251,25 +25723,27 @@ type PutObjectInput struct { // The date and time when you want this object's Object Lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the AWS KMS Encryption Context to use for object encryption. The @@ -24277,18 +25751,20 @@ type PutObjectInput struct { // encryption context key-value pairs. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If the x-amz-server-side-encryption is present and has the value of aws:kms, + // If x-amz-server-side-encryption is present and has the value of aws:kms, // this header specifies the ID of the AWS Key Management Service (AWS KMS) - // customer master key (CMK) that was used for the object. + // symmetrical customer managed customer master key (CMK) that was used for + // the object. // // If the value of x-amz-server-side-encryption is aws:kms, this header specifies - // the ID of the AWS KMS CMK that will be used for the object. If you specify - // x-amz-server-side-encryption:aws:kms, but do not provide x-amz-server-side-encryption-aws-kms-key-id, - // Amazon S3 uses the AWS managed CMK in AWS to protect the data. + // the ID of the symmetric customer managed AWS KMS CMK that will be used for + // the object. If you specify x-amz-server-side-encryption:aws:kms, but do not + // providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the AWS + // managed CMK in AWS to protect the data. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // If you don't specify, Standard is the default storage class. Amazon S3 supports @@ -24302,7 +25778,7 @@ type PutObjectInput struct { // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see . + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -24546,10 +26022,32 @@ func (s *PutObjectInput) SetWebsiteRedirectLocation(v string) *PutObjectInput { return s } +func (s *PutObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectLegalHoldInput struct { _ struct{} `locationName:"PutObjectLegalHoldRequest" type:"structure" payload:"LegalHold"` - // The bucket containing the object that you want to place a Legal Hold on. + // The bucket name containing the object that you want to place a Legal Hold + // on. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -24563,10 +26061,11 @@ type PutObjectLegalHoldInput struct { // specified object. LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object that you want to place a Legal Hold on. @@ -24642,6 +26141,20 @@ func (s *PutObjectLegalHoldInput) SetVersionId(v string) *PutObjectLegalHoldInpu return s } +func (s *PutObjectLegalHoldInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectLegalHoldInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectLegalHoldOutput struct { _ struct{} `type:"structure"` @@ -24677,10 +26190,11 @@ type PutObjectLockConfigurationInput struct { // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. @@ -24744,6 +26258,20 @@ func (s *PutObjectLockConfigurationInput) SetToken(v string) *PutObjectLockConfi return s } +func (s *PutObjectLockConfigurationInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectLockConfigurationInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectLockConfigurationOutput struct { _ struct{} `type:"structure"` @@ -24790,7 +26318,7 @@ type PutObjectOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` @@ -24799,9 +26327,10 @@ type PutObjectOutput struct { // the encryption context key-value pairs. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If the x-amz-server-side-encryption is present and has the value of aws:kms, - // this header specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If x-amz-server-side-encryption is present and has the value of aws:kms, + // this header specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // If you specified server-side encryption either with an AWS KMS customer master @@ -24881,9 +26410,16 @@ func (s *PutObjectOutput) SetVersionId(v string) *PutObjectOutput { type PutObjectRetentionInput struct { _ struct{} `locationName:"PutObjectRetentionRequest" type:"structure" payload:"Retention"` - // The bucket that contains the object you want to apply this Object Retention + // The bucket name that contains the object you want to apply this Object Retention // configuration to. // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -24896,10 +26432,11 @@ type PutObjectRetentionInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -24985,6 +26522,20 @@ func (s *PutObjectRetentionInput) SetVersionId(v string) *PutObjectRetentionInpu return s } +func (s *PutObjectRetentionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectRetentionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectRetentionOutput struct { _ struct{} `type:"structure"` @@ -25012,7 +26563,14 @@ func (s *PutObjectRetentionOutput) SetRequestCharged(v string) *PutObjectRetenti type PutObjectTaggingInput struct { _ struct{} `locationName:"PutObjectTaggingRequest" type:"structure" payload:"Tagging"` - // The bucket containing the object. + // The bucket name containing the object. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -25102,6 +26660,20 @@ func (s *PutObjectTaggingInput) SetVersionId(v string) *PutObjectTaggingInput { return s } +func (s *PutObjectTaggingInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutObjectTaggingInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutObjectTaggingOutput struct { _ struct{} `type:"structure"` @@ -25192,6 +26764,20 @@ func (s *PutPublicAccessBlockInput) SetPublicAccessBlockConfiguration(v *PublicA return s } +func (s *PutPublicAccessBlockInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *PutPublicAccessBlockInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type PutPublicAccessBlockOutput struct { _ struct{} `type:"structure"` } @@ -25211,7 +26797,7 @@ func (s PutPublicAccessBlockOutput) GoString() string { type QueueConfiguration struct { _ struct{} `type:"structure"` - // A collection of bucket events for which to send notiications + // A collection of bucket events for which to send notifications // // Events is a required field Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` @@ -25282,10 +26868,10 @@ func (s *QueueConfiguration) SetQueueArn(v string) *QueueConfiguration { return s } -// This data type is deprecated. Please use QueueConfiguration for the same -// purposes. This dat type specifies the configuration for publishing messages -// to an Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects -// specified events. +// This data type is deprecated. Use QueueConfiguration for the same purposes. +// This data type specifies the configuration for publishing messages to an +// Amazon Simple Queue Service (Amazon SQS) queue when Amazon S3 detects specified +// events. type QueueConfigurationDeprecated struct { _ struct{} `type:"structure"` @@ -25294,7 +26880,7 @@ type QueueConfigurationDeprecated struct { // Deprecated: Event has been deprecated Event *string `deprecated:"true" type:"string" enum:"Event"` - // A collection of bucket events for which to send notiications + // A collection of bucket events for which to send notifications Events []*string `locationName:"Event" type:"list" flattened:"true"` // An optional unique identifier for configurations in a notification configuration. @@ -25380,6 +26966,13 @@ func (s *RecordsEvent) UnmarshalEvent( return nil } +func (s *RecordsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + msg.Headers.Set(":content-type", eventstream.StringValue("application/octet-stream")) + msg.Payload = s.Payload + return msg, err +} + // Specifies how requests are redirected. In the event of an error, you can // specify a different error code to return. type Redirect struct { @@ -25579,19 +27172,21 @@ type ReplicationRule struct { // only Disabled. For an example configuration, see Basic Rule // Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config). // - // If you don't specify the Filter element, Amazon S3 assumes the replication + // If you don't specify the Filter element, Amazon S3 assumes that the replication // configuration is the earlier version, V1. In the earlier version, Amazon // S3 handled replication of delete markers differently. For more information, // see Backward Compatibility (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations). DeleteMarkerReplication *DeleteMarkerReplication `type:"structure"` - // A container for information about the replication destination. + // A container for information about the replication destination and its configurations + // including enabling the S3 Replication Time Control (S3 RTC). // // Destination is a required field Destination *Destination `type:"structure" required:"true"` - // A container that specifies information about existing object replication. - // You can choose whether to enable or disable the replication of existing objects. + // Optional configuration to replicate existing source bucket objects. For more + // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) + // in the Amazon S3 Developer Guide. ExistingObjectReplication *ExistingObjectReplication `type:"structure"` // A filter that identifies the subset of objects to which the replication rule @@ -25601,9 +27196,9 @@ type ReplicationRule struct { // A unique identifier for the rule. The maximum value is 255 characters. ID *string `type:"string"` - // An object keyname prefix that identifies the object or objects to which the - // rule applies. The maximum prefix length is 1,024 characters. To include all - // objects in a bucket, specify an empty string. + // An object key name prefix that identifies the object or objects to which + // the rule applies. The maximum prefix length is 1,024 characters. To include + // all objects in a bucket, specify an empty string. // // Deprecated: Prefix has been deprecated Prefix *string `deprecated:"true" type:"string"` @@ -25613,14 +27208,14 @@ type ReplicationRule struct { // when filtering. If two or more rules identify the same object based on a // specified filter, the rule with higher priority takes precedence. For example: // - // * Same object quality prefix based filter criteria If prefixes you specified + // * Same object quality prefix-based filter criteria if prefixes you specified // in multiple rules overlap // - // * Same object qualify tag based filter criteria specified in multiple + // * Same object qualify tag-based filter criteria specified in multiple // rules // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) - // in the Amazon S3 Developer Guide. + // in the Amazon Simple Storage Service Developer Guide. Priority *int64 `type:"integer"` // A container that describes additional filters for identifying the source @@ -25750,8 +27345,8 @@ func (s *ReplicationRule) SetStatus(v string) *ReplicationRule { type ReplicationRuleAndOperator struct { _ struct{} `type:"structure"` - // An object keyname prefix that identifies the subset of objects to which the - // rule applies. + // An object key name prefix that identifies the subset of objects to which + // the rule applies. Prefix *string `type:"string"` // An array of tags containing key and value pairs. @@ -25816,8 +27411,8 @@ type ReplicationRuleFilter struct { // in an And tag. And *ReplicationRuleAndOperator `type:"structure"` - // An object keyname prefix that identifies the subset of objects to which the - // rule applies. + // An object key name prefix that identifies the subset of objects to which + // the rule applies. Prefix *string `type:"string"` // A container for specifying a tag key and value. @@ -25874,6 +27469,90 @@ func (s *ReplicationRuleFilter) SetTag(v *Tag) *ReplicationRuleFilter { return s } +// A container specifying S3 Replication Time Control (S3 RTC) related information, +// including whether S3 RTC is enabled and the time when all objects and operations +// on objects must be replicated. Must be specified together with a Metrics +// block. +type ReplicationTime struct { + _ struct{} `type:"structure"` + + // Specifies whether the replication time is enabled. + // + // Status is a required field + Status *string `type:"string" required:"true" enum:"ReplicationTimeStatus"` + + // A container specifying the time by which replication should be complete for + // all objects and operations on objects. + // + // Time is a required field + Time *ReplicationTimeValue `type:"structure" required:"true"` +} + +// String returns the string representation +func (s ReplicationTime) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReplicationTime) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplicationTime) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplicationTime"} + if s.Status == nil { + invalidParams.Add(request.NewErrParamRequired("Status")) + } + if s.Time == nil { + invalidParams.Add(request.NewErrParamRequired("Time")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStatus sets the Status field's value. +func (s *ReplicationTime) SetStatus(v string) *ReplicationTime { + s.Status = &v + return s +} + +// SetTime sets the Time field's value. +func (s *ReplicationTime) SetTime(v *ReplicationTimeValue) *ReplicationTime { + s.Time = v + return s +} + +// A container specifying the time value for S3 Replication Time Control (S3 +// RTC) and replication metrics EventThreshold. +type ReplicationTimeValue struct { + _ struct{} `type:"structure"` + + // Contains an integer specifying time in minutes. + // + // Valid values: 15 minutes. + Minutes *int64 `type:"integer"` +} + +// String returns the string representation +func (s ReplicationTimeValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReplicationTimeValue) GoString() string { + return s.String() +} + +// SetMinutes sets the Minutes field's value. +func (s *ReplicationTimeValue) SetMinutes(v int64) *ReplicationTimeValue { + s.Minutes = &v + return s +} + // Container for Payer. type RequestPaymentConfiguration struct { _ struct{} `type:"structure"` @@ -25913,7 +27592,7 @@ func (s *RequestPaymentConfiguration) SetPayer(v string) *RequestPaymentConfigur return s } -// Container for specifiying if periodic QueryProgress messages should be sent. +// Container for specifying if periodic QueryProgress messages should be sent. type RequestProgress struct { _ struct{} `type:"structure"` @@ -25941,7 +27620,14 @@ func (s *RequestProgress) SetEnabled(v bool) *RequestProgress { type RestoreObjectInput struct { _ struct{} `locationName:"RestoreObjectRequest" type:"structure" payload:"RestoreRequest"` - // The bucket name. + // The bucket name or containing the object to restore. + // + // When using this API with an access point, you must direct requests to the + // access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this operation using an access point through the AWS SDKs, you + // provide the access point ARN in place of the bucket name. For more information + // about access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -25951,10 +27637,11 @@ type RestoreObjectInput struct { // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -26038,6 +27725,20 @@ func (s *RestoreObjectInput) SetVersionId(v string) *RestoreObjectInput { return s } +func (s *RestoreObjectInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *RestoreObjectInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type RestoreObjectOutput struct { _ struct{} `type:"structure"` @@ -26355,12 +28056,12 @@ func (s *Rule) SetTransition(v *Transition) *Rule { return s } -// Specifies the use of SSE-KMS to encrypt delivered Inventory reports. +// Specifies the use of SSE-KMS to encrypt delivered inventory reports. type SSEKMS struct { _ struct{} `locationName:"SSE-KMS" type:"structure"` - // Specifies the ID of the AWS Key Management Service (KMS) customer master - // key (CMK) to use for encrypting Inventory reports. + // Specifies the ID of the AWS Key Management Service (AWS KMS) symmetric customer + // managed customer master key (CMK) to use for encrypting inventory reports. // // KeyId is a required field KeyId *string `type:"string" required:"true" sensitive:"true"` @@ -26395,7 +28096,7 @@ func (s *SSEKMS) SetKeyId(v string) *SSEKMS { return s } -// Specifies the use of SSE-S3 to encrypt delivered Inventory reports. +// Specifies the use of SSE-S3 to encrypt delivered inventory reports. type SSES3 struct { _ struct{} `locationName:"SSE-S3" type:"structure"` } @@ -26410,13 +28111,17 @@ func (s SSES3) GoString() string { return s.String() } +// Specifies the byte range of the object to get the records from. A record +// is processed when its first byte is contained by the range. This parameter +// is optional, but when specified, it must not be empty. See RFC 2616, Section +// 14.35.1 about how to specify the start and end of the range. type ScanRange struct { _ struct{} `type:"structure"` // Specifies the end of the byte range. This parameter is optional. Valid values: // non-negative integers. The default value is one less than the size of the // object being queried. If only the End parameter is supplied, it is interpreted - // to mean scan the last N bytes of the file. For example; 50 + // to mean scan the last N bytes of the file. For example, 50 // means scan the last 50 bytes. End *int64 `type:"long"` @@ -26449,75 +28154,8 @@ func (s *ScanRange) SetStart(v int64) *ScanRange { return s } -// SelectObjectContentEventStream provides handling of EventStreams for -// the SelectObjectContent API. -// -// Use this type to receive SelectObjectContentEventStream events. The events -// can be read from the Events channel member. -// -// The events that can be received are: -// -// * ContinuationEvent -// * EndEvent -// * ProgressEvent -// * RecordsEvent -// * StatsEvent -type SelectObjectContentEventStream struct { - // Reader is the EventStream reader for the SelectObjectContentEventStream - // events. This value is automatically set by the SDK when the API call is made - // Use this member when unit testing your code with the SDK to mock out the - // EventStream Reader. - // - // Must not be nil. - Reader SelectObjectContentEventStreamReader - - // StreamCloser is the io.Closer for the EventStream connection. For HTTP - // EventStream this is the response Body. The stream will be closed when - // the Close method of the EventStream is called. - StreamCloser io.Closer -} - -// Close closes the EventStream. This will also cause the Events channel to be -// closed. You can use the closing of the Events channel to terminate your -// application's read from the API's EventStream. -// -// Will close the underlying EventStream reader. For EventStream over HTTP -// connection this will also close the HTTP connection. -// -// Close must be called when done using the EventStream API. Not calling Close -// may result in resource leaks. -func (es *SelectObjectContentEventStream) Close() (err error) { - es.Reader.Close() - es.StreamCloser.Close() - - return es.Err() -} - -// Err returns any error that occurred while reading EventStream Events from -// the service API's response. Returns nil if there were no errors. -func (es *SelectObjectContentEventStream) Err() error { - if err := es.Reader.Err(); err != nil { - return err - } - return nil -} - -// Events returns a channel to read EventStream Events from the -// SelectObjectContent API. -// -// These events are: -// -// * ContinuationEvent -// * EndEvent -// * ProgressEvent -// * RecordsEvent -// * StatsEvent -func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent { - return es.Reader.Events() -} - // SelectObjectContentEventStreamEvent groups together all EventStream -// events read from the SelectObjectContent API. +// events writes for SelectObjectContentEventStream. // // These events are: // @@ -26528,11 +28166,12 @@ func (es *SelectObjectContentEventStream) Events() <-chan SelectObjectContentEve // * StatsEvent type SelectObjectContentEventStreamEvent interface { eventSelectObjectContentEventStream() + eventstreamapi.Marshaler + eventstreamapi.Unmarshaler } -// SelectObjectContentEventStreamReader provides the interface for reading EventStream -// Events from the SelectObjectContent API. The -// default implementation for this interface will be SelectObjectContentEventStream. +// SelectObjectContentEventStreamReader provides the interface for reading to the stream. The +// default implementation for this interface will be SelectObjectContentEventStreamData. // // The reader's Close method must allow multiple concurrent calls. // @@ -26547,8 +28186,7 @@ type SelectObjectContentEventStreamReader interface { // Returns a channel of events as they are read from the event stream. Events() <-chan SelectObjectContentEventStreamEvent - // Close will close the underlying event stream reader. For event stream over - // HTTP this will also close the HTTP connection. + // Close will stop the reader reading events from the stream. Close() error // Returns any error that has occurred while reading from the event stream. @@ -26558,57 +28196,44 @@ type SelectObjectContentEventStreamReader interface { type readSelectObjectContentEventStream struct { eventReader *eventstreamapi.EventReader stream chan SelectObjectContentEventStreamEvent - errVal atomic.Value + err *eventstreamapi.OnceError done chan struct{} closeOnce sync.Once } -func newReadSelectObjectContentEventStream( - reader io.ReadCloser, - unmarshalers request.HandlerList, - logger aws.Logger, - logLevel aws.LogLevelType, -) *readSelectObjectContentEventStream { +func newReadSelectObjectContentEventStream(eventReader *eventstreamapi.EventReader) *readSelectObjectContentEventStream { r := &readSelectObjectContentEventStream{ - stream: make(chan SelectObjectContentEventStreamEvent), - done: make(chan struct{}), + eventReader: eventReader, + stream: make(chan SelectObjectContentEventStreamEvent), + done: make(chan struct{}), + err: eventstreamapi.NewOnceError(), } - - r.eventReader = eventstreamapi.NewEventReader( - reader, - protocol.HandlerPayloadUnmarshal{ - Unmarshalers: unmarshalers, - }, - r.unmarshalerForEventType, - ) - r.eventReader.UseLogger(logger, logLevel) + go r.readEventStream() return r } -// Close will close the underlying event stream reader. For EventStream over -// HTTP this will also close the HTTP connection. +// Close will close the underlying event stream reader. func (r *readSelectObjectContentEventStream) Close() error { r.closeOnce.Do(r.safeClose) - return r.Err() } +func (r *readSelectObjectContentEventStream) ErrorSet() <-chan struct{} { + return r.err.ErrorSet() +} + +func (r *readSelectObjectContentEventStream) Closed() <-chan struct{} { + return r.done +} + func (r *readSelectObjectContentEventStream) safeClose() { close(r.done) - err := r.eventReader.Close() - if err != nil { - r.errVal.Store(err) - } } func (r *readSelectObjectContentEventStream) Err() error { - if v := r.errVal.Load(); v != nil { - return v.(error) - } - - return nil + return r.err.Err() } func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContentEventStreamEvent { @@ -26616,6 +28241,7 @@ func (r *readSelectObjectContentEventStream) Events() <-chan SelectObjectContent } func (r *readSelectObjectContentEventStream) readEventStream() { + defer r.Close() defer close(r.stream) for { @@ -26630,7 +28256,7 @@ func (r *readSelectObjectContentEventStream) readEventStream() { return default: } - r.errVal.Store(err) + r.err.SetError(err) return } @@ -26642,22 +28268,20 @@ func (r *readSelectObjectContentEventStream) readEventStream() { } } -func (r *readSelectObjectContentEventStream) unmarshalerForEventType( - eventType string, -) (eventstreamapi.Unmarshaler, error) { +type unmarshalerForSelectObjectContentEventStreamEvent struct { + metadata protocol.ResponseMetadata +} + +func (u unmarshalerForSelectObjectContentEventStreamEvent) UnmarshalerForEventName(eventType string) (eventstreamapi.Unmarshaler, error) { switch eventType { case "Cont": return &ContinuationEvent{}, nil - case "End": return &EndEvent{}, nil - case "Progress": return &ProgressEvent{}, nil - case "Records": return &RecordsEvent{}, nil - case "Stats": return &StatsEvent{}, nil default: @@ -26689,7 +28313,7 @@ type SelectObjectContentInput struct { // Expression is a required field Expression *string `type:"string" required:"true"` - // The type of the provided expression (for example., SQL). + // The type of the provided expression (for example, SQL). // // ExpressionType is a required field ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"` @@ -26867,11 +28491,24 @@ func (s *SelectObjectContentInput) SetScanRange(v *ScanRange) *SelectObjectConte return s } +func (s *SelectObjectContentInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *SelectObjectContentInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type SelectObjectContentOutput struct { _ struct{} `type:"structure" payload:"Payload"` - // Use EventStream to use the API's stream. - EventStream *SelectObjectContentEventStream `type:"structure"` + EventStream *SelectObjectContentEventStream } // String returns the string representation @@ -26884,29 +28521,17 @@ func (s SelectObjectContentOutput) GoString() string { return s.String() } -// SetEventStream sets the EventStream field's value. func (s *SelectObjectContentOutput) SetEventStream(v *SelectObjectContentEventStream) *SelectObjectContentOutput { s.EventStream = v return s } +func (s *SelectObjectContentOutput) GetEventStream() *SelectObjectContentEventStream { + return s.EventStream +} -func (s *SelectObjectContentOutput) runEventStreamLoop(r *request.Request) { - if r.Error != nil { - return - } - reader := newReadSelectObjectContentEventStream( - r.HTTPResponse.Body, - r.Handlers.UnmarshalStream, - r.Config.Logger, - r.Config.LogLevel.Value(), - ) - go reader.readEventStream() - - eventStream := &SelectObjectContentEventStream{ - StreamCloser: r.HTTPResponse.Body, - Reader: reader, - } - s.EventStream = eventStream +// GetStream returns the type to interact with the event stream. +func (s *SelectObjectContentOutput) GetStream() *SelectObjectContentEventStream { + return s.EventStream } // Describes the parameters for Select job types. @@ -26918,7 +28543,7 @@ type SelectParameters struct { // Expression is a required field Expression *string `type:"string" required:"true"` - // The type of the provided expression (e.g., SQL). + // The type of the provided expression (for example, SQL). // // ExpressionType is a required field ExpressionType *string `type:"string" required:"true" enum:"ExpressionType"` @@ -27303,6 +28928,16 @@ func (s *StatsEvent) UnmarshalEvent( return nil } +func (s *StatsEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg eventstream.Message, err error) { + msg.Headers.Set(eventstreamapi.MessageTypeHeader, eventstream.StringValue(eventstreamapi.EventMessageType)) + var buf bytes.Buffer + if err = pm.MarshalPayload(&buf, s); err != nil { + return eventstream.Message{}, err + } + msg.Payload = buf.Bytes() + return msg, err +} + // Specifies data related to access patterns to be collected and made available // to analyze the tradeoffs between different storage classes for an Amazon // S3 bucket. @@ -27464,7 +29099,7 @@ func (s *Tag) SetValue(v string) *Tag { type Tagging struct { _ struct{} `type:"structure"` - // A collection for a a set of tags + // A collection for a set of tags // // TagSet is a required field TagSet []*Tag `locationNameList:"Tag" type:"list" required:"true"` @@ -27638,7 +29273,7 @@ func (s *TopicConfiguration) SetTopicArn(v string) *TopicConfiguration { // A container for specifying the configuration for publication of messages // to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 -// detects specified events. This data type is deperecated. Please use TopicConfiguration +// detects specified events. This data type is deprecated. Use TopicConfiguration // instead. type TopicConfigurationDeprecated struct { _ struct{} `type:"structure"` @@ -27768,11 +29403,12 @@ type UploadPartCopyInput struct { // The range of bytes to copy from the source object. The range value must use // the form bytes=first-last, where the first and last are the zero-based byte // offsets to copy. For example, bytes=0-9 indicates that you want to copy the - // first ten bytes of the source. You can copy a range only if the source object + // first 10 bytes of the source. You can copy a range only if the source object // is greater than 5 MB. CopySourceRange *string `location:"header" locationName:"x-amz-copy-source-range" type:"string"` - // Specifies the algorithm to use when decrypting the source object (e.g., AES256). + // Specifies the algorithm to use when decrypting the source object (for example, + // AES256). CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt @@ -27781,8 +29417,8 @@ type UploadPartCopyInput struct { CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` // Object key for which the multipart upload was initiated. @@ -27796,26 +29432,28 @@ type UploadPartCopyInput struct { // PartNumber is a required field PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. This must be the same encryption key specified in the initiate multipart // upload request. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being copied. @@ -27988,6 +29626,20 @@ func (s *UploadPartCopyInput) SetUploadId(v string) *UploadPartCopyInput { return s } +func (s *UploadPartCopyInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *UploadPartCopyInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type UploadPartCopyOutput struct { _ struct{} `type:"structure" payload:"CopyPartResult"` @@ -28008,16 +29660,17 @@ type UploadPartCopyOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) that was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) that was used for the + // object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -28089,7 +29742,7 @@ type UploadPartInput struct { ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` // The base64-encoded 128-bit MD5 digest of the part data. This parameter is - // auto-populated when using the command from the CLI. This parameted is required + // auto-populated when using the command from the CLI. This parameter is required // if object lock parameters are specified. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` @@ -28104,26 +29757,28 @@ type UploadPartInput struct { // PartNumber is a required field PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` - // Confirms that the requester knows that she or he will be charged for the - // request. Bucket owners need not specify this parameter in their requests. - // Documentation on downloading objects from requester pays buckets can be found - // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. For information + // about downloading objects from requester pays buckets, see Downloading Objects + // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) + // in the Amazon S3 Developer Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (e.g., AES256). + // Specifies the algorithm to use to when encrypting the object (for example, + // AES256). SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting // data. This value is used to store the object and then it is discarded; Amazon - // does not store the encryption key. The key must be appropriate for use with - // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm + // S3 does not store the encryption key. The key must be appropriate for use + // with the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm // header. This must be the same encryption key specified in the initiate multipart // upload request. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure the encryption - // key was transmitted without error. + // Amazon S3 uses this header for a message integrity check to ensure that the + // encryption key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being uploaded. @@ -28250,6 +29905,20 @@ func (s *UploadPartInput) SetUploadId(v string) *UploadPartInput { return s } +func (s *UploadPartInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *UploadPartInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + type UploadPartOutput struct { _ struct{} `type:"structure"` @@ -28266,16 +29935,16 @@ type UploadPartOutput struct { SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round trip message integrity + // the response will include this header to provide round-trip message integrity // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the AWS Key Management Service (KMS) customer - // master key (CMK) was used for the object. + // If present, specifies the ID of the AWS Key Management Service (AWS KMS) + // symmetric customer managed customer master key (CMK) was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The Server-side encryption algorithm used when storing this object in S3 - // (e.g., AES256, aws:kms). + // The server-side encryption algorithm used when storing this object in Amazon + // S3 (for example, AES256, aws:kms). ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -28590,11 +30259,29 @@ const ( // EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated" + // EventS3ObjectRestore is a Event enum value + EventS3ObjectRestore = "s3:ObjectRestore:*" + // EventS3ObjectRestorePost is a Event enum value EventS3ObjectRestorePost = "s3:ObjectRestore:Post" // EventS3ObjectRestoreCompleted is a Event enum value EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed" + + // EventS3Replication is a Event enum value + EventS3Replication = "s3:Replication:*" + + // EventS3ReplicationOperationFailedReplication is a Event enum value + EventS3ReplicationOperationFailedReplication = "s3:Replication:OperationFailedReplication" + + // EventS3ReplicationOperationNotTracked is a Event enum value + EventS3ReplicationOperationNotTracked = "s3:Replication:OperationNotTracked" + + // EventS3ReplicationOperationMissedThreshold is a Event enum value + EventS3ReplicationOperationMissedThreshold = "s3:Replication:OperationMissedThreshold" + + // EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value + EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold" ) const ( @@ -28731,6 +30418,14 @@ const ( MetadataDirectiveReplace = "REPLACE" ) +const ( + // MetricsStatusEnabled is a MetricsStatus enum value + MetricsStatusEnabled = "Enabled" + + // MetricsStatusDisabled is a MetricsStatus enum value + MetricsStatusDisabled = "Disabled" +) + const ( // ObjectCannedACLPrivate is a ObjectCannedACL enum value ObjectCannedACLPrivate = "private" @@ -28879,6 +30574,14 @@ const ( ReplicationStatusReplica = "REPLICA" ) +const ( + // ReplicationTimeStatusEnabled is a ReplicationTimeStatus enum value + ReplicationTimeStatusEnabled = "Enabled" + + // ReplicationTimeStatusDisabled is a ReplicationTimeStatus enum value + ReplicationTimeStatusDisabled = "Disabled" +) + // If present, indicates that the requester was successfully charged for the // request. const ( @@ -28886,10 +30589,11 @@ const ( RequestChargedRequester = "requester" ) -// Confirms that the requester knows that she or he will be charged for the -// request. Bucket owners need not specify this parameter in their requests. -// Documentation on downloading objects from requester pays buckets can be found -// at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html +// Confirms that the requester knows that they will be charged for the request. +// Bucket owners need not specify this parameter in their requests. For information +// about downloading objects from requester pays buckets, see Downloading Objects +// in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) +// in the Amazon S3 Developer Guide. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go index 23d386b16c..036d0b2e01 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go @@ -4,6 +4,7 @@ import ( "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/internal/s3err" + "github.com/aws/aws-sdk-go/service/s3/internal/arn" ) func init() { @@ -13,7 +14,7 @@ func init() { func defaultInitClientFn(c *client.Client) { // Support building custom endpoints based on config - c.Handlers.Build.PushFront(updateEndpointForS3Config) + c.Handlers.Build.PushFront(endpointHandler) // Require SSL when using SSE keys c.Handlers.Validate.PushBack(validateSSERequiresSSL) @@ -27,7 +28,7 @@ func defaultInitClientFn(c *client.Client) { } func defaultInitRequestFn(r *request.Request) { - // Add reuest handlers for specific platforms. + // Add request handlers for specific platforms. // e.g. 100-continue support for PUT requests using Go 1.6 platformRequestHandlers(r) @@ -73,3 +74,8 @@ type sseCustomerKeyGetter interface { type copySourceSSECustomerKeyGetter interface { getCopySourceSSECustomerKey() string } + +type endpointARNGetter interface { + getEndpointARN() (arn.Resource, error) + hasEndpointARN() bool +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go new file mode 100644 index 0000000000..c4048fbfb6 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go @@ -0,0 +1,233 @@ +package s3 + +import ( + "net/url" + "strings" + + "github.com/aws/aws-sdk-go/aws" + awsarn "github.com/aws/aws-sdk-go/aws/arn" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/endpoints" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/service/s3/internal/arn" +) + +// Used by shapes with members decorated as endpoint ARN. +func parseEndpointARN(v string) (arn.Resource, error) { + return arn.ParseResource(v, accessPointResourceParser) +} + +func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) { + resParts := arn.SplitResource(a.Resource) + switch resParts[0] { + case "accesspoint": + return arn.ParseAccessPointResource(a, resParts[1:]) + default: + return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"} + } +} + +func endpointHandler(req *request.Request) { + endpoint, ok := req.Params.(endpointARNGetter) + if !ok || !endpoint.hasEndpointARN() { + updateBucketEndpointFromParams(req) + return + } + + resource, err := endpoint.getEndpointARN() + if err != nil { + req.Error = newInvalidARNError(nil, err) + return + } + + resReq := resourceRequest{ + Resource: resource, + Request: req, + } + + if resReq.IsCrossPartition() { + req.Error = newClientPartitionMismatchError(resource, + req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) + return + } + + if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() { + req.Error = newClientRegionMismatchError(resource, + req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) + return + } + + if resReq.HasCustomEndpoint() { + req.Error = newInvalidARNWithCustomEndpointError(resource, nil) + return + } + + switch tv := resource.(type) { + case arn.AccessPointARN: + err = updateRequestAccessPointEndpoint(req, tv) + if err != nil { + req.Error = err + } + default: + req.Error = newInvalidARNError(resource, nil) + } +} + +type resourceRequest struct { + Resource arn.Resource + Request *request.Request +} + +func (r resourceRequest) ARN() awsarn.ARN { + return r.Resource.GetARN() +} + +func (r resourceRequest) AllowCrossRegion() bool { + return aws.BoolValue(r.Request.Config.S3UseARNRegion) +} + +func (r resourceRequest) UseFIPS() bool { + return isFIPS(aws.StringValue(r.Request.Config.Region)) +} + +func (r resourceRequest) IsCrossPartition() bool { + return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition +} + +func (r resourceRequest) IsCrossRegion() bool { + return isCrossRegion(r.Request, r.Resource.GetARN().Region) +} + +func (r resourceRequest) HasCustomEndpoint() bool { + return len(aws.StringValue(r.Request.Config.Endpoint)) > 0 +} + +func isFIPS(clientRegion string) bool { + return strings.HasPrefix(clientRegion, "fips-") || strings.HasSuffix(clientRegion, "-fips") +} +func isCrossRegion(req *request.Request, otherRegion string) bool { + return req.ClientInfo.SigningRegion != otherRegion +} + +func updateBucketEndpointFromParams(r *request.Request) { + bucket, ok := bucketNameFromReqParams(r.Params) + if !ok { + // Ignore operation requests if the bucket name was not provided + // if this is an input validation error the validation handler + // will report it. + return + } + updateEndpointForS3Config(r, bucket) +} + +func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error { + // Accelerate not supported + if aws.BoolValue(req.Config.S3UseAccelerate) { + return newClientConfiguredForAccelerateError(accessPoint, + req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil) + } + + // Ignore the disable host prefix for access points since custom endpoints + // are not supported. + req.Config.DisableEndpointHostPrefix = aws.Bool(false) + + if err := accessPointEndpointBuilder(accessPoint).Build(req); err != nil { + return err + } + + removeBucketFromPath(req.HTTPRequest.URL) + + return nil +} + +func removeBucketFromPath(u *url.URL) { + u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1) + if u.Path == "" { + u.Path = "/" + } +} + +type accessPointEndpointBuilder arn.AccessPointARN + +const ( + accessPointPrefixLabel = "accesspoint" + accountIDPrefixLabel = "accountID" + accesPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}." +) + +func (a accessPointEndpointBuilder) Build(req *request.Request) error { + resolveRegion := arn.AccessPointARN(a).Region + cfgRegion := aws.StringValue(req.Config.Region) + + if isFIPS(cfgRegion) { + if aws.BoolValue(req.Config.S3UseARNRegion) && isCrossRegion(req, resolveRegion) { + // FIPS with cross region is not supported, the SDK must fail + // because there is no well defined method for SDK to construct a + // correct FIPS endpoint. + return newClientConfiguredForCrossRegionFIPSError(arn.AccessPointARN(a), + req.ClientInfo.PartitionID, cfgRegion, nil) + } + resolveRegion = cfgRegion + } + + endpoint, err := resolveRegionalEndpoint(req, resolveRegion) + if err != nil { + return newFailedToResolveEndpointError(arn.AccessPointARN(a), + req.ClientInfo.PartitionID, cfgRegion, err) + } + + if err = updateRequestEndpoint(req, endpoint.URL); err != nil { + return err + } + + const serviceEndpointLabel = "s3-accesspoint" + + // dualstack provided by endpoint resolver + cfgHost := req.HTTPRequest.URL.Host + if strings.HasPrefix(cfgHost, "s3") { + req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:] + } + + protocol.HostPrefixBuilder{ + Prefix: accesPointPrefixTemplate, + LabelsFn: a.hostPrefixLabelValues, + }.Build(req) + + req.ClientInfo.SigningName = endpoint.SigningName + req.ClientInfo.SigningRegion = endpoint.SigningRegion + + err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host) + if err != nil { + return newInvalidARNError(arn.AccessPointARN(a), err) + } + + return nil +} + +func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string { + return map[string]string{ + accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName, + accountIDPrefixLabel: arn.AccessPointARN(a).AccountID, + } +} + +func resolveRegionalEndpoint(r *request.Request, region string) (endpoints.ResolvedEndpoint, error) { + return r.Config.EndpointResolver.EndpointFor(EndpointsID, region, func(opts *endpoints.Options) { + opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL) + opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack) + opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint + }) +} + +func updateRequestEndpoint(r *request.Request, endpoint string) (err error) { + endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL)) + + r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath) + if err != nil { + return awserr.New(request.ErrCodeSerialization, + "failed to parse endpoint URL", err) + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go new file mode 100644 index 0000000000..9df03e78d3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go @@ -0,0 +1,151 @@ +package s3 + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/s3/internal/arn" +) + +const ( + invalidARNErrorErrCode = "InvalidARNError" + configurationErrorErrCode = "ConfigurationError" +) + +type invalidARNError struct { + message string + resource arn.Resource + origErr error +} + +func (e invalidARNError) Error() string { + var extra string + if e.resource != nil { + extra = "ARN: " + e.resource.String() + } + return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr) +} + +func (e invalidARNError) Code() string { + return invalidARNErrorErrCode +} + +func (e invalidARNError) Message() string { + return e.message +} + +func (e invalidARNError) OrigErr() error { + return e.origErr +} + +func newInvalidARNError(resource arn.Resource, err error) invalidARNError { + return invalidARNError{ + message: "invalid ARN", + origErr: err, + resource: resource, + } +} + +func newInvalidARNWithCustomEndpointError(resource arn.Resource, err error) invalidARNError { + return invalidARNError{ + message: "resource ARN not supported with custom client endpoints", + origErr: err, + resource: resource, + } +} + +// ARN not supported for the target partition +func newInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) invalidARNError { + return invalidARNError{ + message: "resource ARN not supported for the target ARN partition", + origErr: err, + resource: resource, + } +} + +type configurationError struct { + message string + resource arn.Resource + clientPartitionID string + clientRegion string + origErr error +} + +func (e configurationError) Error() string { + extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s", + e.resource, e.clientPartitionID, e.clientRegion) + + return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr) +} + +func (e configurationError) Code() string { + return configurationErrorErrCode +} + +func (e configurationError) Message() string { + return e.message +} + +func (e configurationError) OrigErr() error { + return e.origErr +} + +func newClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "client partition does not match provided ARN partition", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + +func newClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "client region does not match provided ARN region", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + +func newFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "endpoint resolver failed to find an endpoint for the provided ARN region", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + +func newClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "client configured for fips but cross-region resource ARN provided", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + +func newClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "client configured for S3 Accelerate but is supported with resource ARN", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + +func newClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError { + return configurationError{ + message: "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go index 4db9070249..49aeff16f2 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go @@ -15,9 +15,9 @@ const ( // "BucketAlreadyOwnedByYou". // // The bucket you tried to create already exists, and you own it. Amazon S3 - // returns this error in all AWS Regions except in the North Virginia region. + // returns this error in all AWS Regions except in the North Virginia Region. // For legacy compatibility, if you re-create an existing bucket that you already - // own in the North Virginia region, Amazon S3 returns 200 OK and resets the + // own in the North Virginia Region, Amazon S3 returns 200 OK and resets the // bucket access control lists (ACLs). ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou" @@ -42,13 +42,13 @@ const ( // ErrCodeObjectAlreadyInActiveTierError for service response error code // "ObjectAlreadyInActiveTierError". // - // This operation is not allowed against this storage tier + // This operation is not allowed against this storage tier. ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError" // ErrCodeObjectNotInActiveTierError for service response error code // "ObjectNotInActiveTierError". // // The source object of the COPY operation is not in the active tier and is - // only stored in Amazon Glacier. + // only stored in Amazon S3 Glacier. ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go index a7fbc2de2f..81cdec1ae7 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go @@ -30,10 +30,10 @@ var accelerateOpBlacklist = operationBlacklist{ opListBuckets, opCreateBucket, opDeleteBucket, } -// Request handler to automatically add the bucket name to the endpoint domain +// Automatically add the bucket name to the endpoint domain // if possible. This style of bucket is valid for all bucket names which are // DNS compatible and do not contain "." -func updateEndpointForS3Config(r *request.Request) { +func updateEndpointForS3Config(r *request.Request, bucketName string) { forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle) accelerate := aws.BoolValue(r.Config.S3UseAccelerate) @@ -43,45 +43,29 @@ func updateEndpointForS3Config(r *request.Request) { r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.") } } - updateEndpointForAccelerate(r) + updateEndpointForAccelerate(r, bucketName) } else if !forceHostStyle && r.Operation.Name != opGetBucketLocation { - updateEndpointForHostStyle(r) + updateEndpointForHostStyle(r, bucketName) } } -func updateEndpointForHostStyle(r *request.Request) { - bucket, ok := bucketNameFromReqParams(r.Params) - if !ok { - // Ignore operation requests if the bucketname was not provided - // if this is an input validation error the validation handler - // will report it. - return - } - - if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) { +func updateEndpointForHostStyle(r *request.Request, bucketName string) { + if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) { // bucket name must be valid to put into the host return } - moveBucketToHost(r.HTTPRequest.URL, bucket) + moveBucketToHost(r.HTTPRequest.URL, bucketName) } var ( accelElem = []byte("s3-accelerate.dualstack.") ) -func updateEndpointForAccelerate(r *request.Request) { - bucket, ok := bucketNameFromReqParams(r.Params) - if !ok { - // Ignore operation requests if the bucketname was not provided - // if this is an input validation error the validation handler - // will report it. - return - } - - if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) { +func updateEndpointForAccelerate(r *request.Request, bucketName string) { + if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) { r.Error = awserr.New("InvalidParameterException", - fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucket), + fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName), nil) return } @@ -106,7 +90,7 @@ func updateEndpointForAccelerate(r *request.Request) { r.HTTPRequest.URL.Host = strings.Join(parts, ".") - moveBucketToHost(r.HTTPRequest.URL, bucket) + moveBucketToHost(r.HTTPRequest.URL, bucketName) } // Attempts to retrieve the bucket name from the request input parameters. @@ -148,8 +132,5 @@ func dnsCompatibleBucketName(bucket string) bool { // moveBucketToHost moves the bucket name from the URI path to URL host. func moveBucketToHost(u *url.URL, bucket string) { u.Host = bucket + "." + u.Host - u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1) - if u.Path == "" { - u.Path = "/" - } + removeBucketFromPath(u) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/BUILD.bazel new file mode 100644 index 0000000000..d82151133a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/BUILD.bazel @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "accesspoint_arn.go", + "arn.go", + ], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn", + importpath = "github.com/aws/aws-sdk-go/service/s3/internal/arn", + visibility = ["//vendor/github.com/aws/aws-sdk-go/service/s3:__subpackages__"], + deps = ["//vendor/github.com/aws/aws-sdk-go/aws/arn:go_default_library"], +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go new file mode 100644 index 0000000000..2f93f96fd5 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/accesspoint_arn.go @@ -0,0 +1,45 @@ +package arn + +import ( + "strings" + + "github.com/aws/aws-sdk-go/aws/arn" +) + +// AccessPointARN provides representation +type AccessPointARN struct { + arn.ARN + AccessPointName string +} + +// GetARN returns the base ARN for the Access Point resource +func (a AccessPointARN) GetARN() arn.ARN { + return a.ARN +} + +// ParseAccessPointResource attempts to parse the ARN's resource as an +// AccessPoint resource. +func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) { + if len(a.Region) == 0 { + return AccessPointARN{}, InvalidARNError{a, "region not set"} + } + if len(a.AccountID) == 0 { + return AccessPointARN{}, InvalidARNError{a, "account-id not set"} + } + if len(resParts) == 0 { + return AccessPointARN{}, InvalidARNError{a, "resource-id not set"} + } + if len(resParts) > 1 { + return AccessPointARN{}, InvalidARNError{a, "sub resource not supported"} + } + + resID := resParts[0] + if len(strings.TrimSpace(resID)) == 0 { + return AccessPointARN{}, InvalidARNError{a, "resource-id not set"} + } + + return AccessPointARN{ + ARN: a, + AccessPointName: resID, + }, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go new file mode 100644 index 0000000000..a942d887f7 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/internal/arn/arn.go @@ -0,0 +1,71 @@ +package arn + +import ( + "strings" + + "github.com/aws/aws-sdk-go/aws/arn" +) + +// Resource provides the interfaces abstracting ARNs of specific resource +// types. +type Resource interface { + GetARN() arn.ARN + String() string +} + +// ResourceParser provides the function for parsing an ARN's resource +// component into a typed resource. +type ResourceParser func(arn.ARN) (Resource, error) + +// ParseResource parses an AWS ARN into a typed resource for the S3 API. +func ParseResource(s string, resParser ResourceParser) (resARN Resource, err error) { + a, err := arn.Parse(s) + if err != nil { + return nil, err + } + + if len(a.Partition) == 0 { + return nil, InvalidARNError{a, "partition not set"} + } + if a.Service != "s3" { + return nil, InvalidARNError{a, "service is not S3"} + } + if len(a.Resource) == 0 { + return nil, InvalidARNError{a, "resource not set"} + } + + return resParser(a) +} + +// SplitResource splits the resource components by the ARN resource delimiters. +func SplitResource(v string) []string { + var parts []string + var offset int + + for offset <= len(v) { + idx := strings.IndexAny(v[offset:], "/:") + if idx < 0 { + parts = append(parts, v[offset:]) + break + } + parts = append(parts, v[offset:idx+offset]) + offset += idx + 1 + } + + return parts +} + +// IsARN returns whether the given string is an ARN +func IsARN(s string) bool { + return arn.IsARN(s) +} + +// InvalidARNError provides the error for an invalid ARN error. +type InvalidARNError struct { + ARN arn.ARN + Reason string +} + +func (e InvalidARNError) Error() string { + return "invalid Amazon S3 ARN, " + e.Reason + ", " + e.ARN.String() +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go index ba77bb8127..b4c07b4d47 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "s3" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "S3" // ServiceID is a unique identifer of a specific service. + ServiceID = "S3" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the S3 client with a session. @@ -78,6 +78,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler) svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler) + svc.Handlers.BuildStream.PushBackNamed(restxml.BuildHandler) svc.Handlers.UnmarshalStream.PushBackNamed(restxml.UnmarshalHandler) // Run custom client initialization if present diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 9c5ed45453..7f60d4aa18 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -78,6 +78,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) // in the IAM User Guide. // +// Session Duration +// // By default, the temporary security credentials created by AssumeRole last // for one hour. However, you can use the optional DurationSeconds parameter // to specify the duration of your session. You can provide a value from 900 @@ -91,6 +93,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // +// Permissions +// // The temporary security credentials created by AssumeRole can be used to make // API calls to any AWS service with the following exception: You cannot call // the AWS STS GetFederationToken or GetSessionToken API operations. @@ -99,7 +103,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline -// and managed session policies shouldn't exceed 2048 characters. Passing policies +// and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent @@ -131,6 +135,24 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) // in the IAM User Guide. // +// Tags +// +// (Optional) You can pass tag key-value pairs to your session. These tags are +// called session tags. For more information about session tags, see Passing +// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// An administrator must grant you the permissions necessary to pass session +// tags. The administrator can also create granular permissions to allow you +// to pass only specific session tags. For more information, see Tutorial: Using +// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) +// in the IAM User Guide. +// +// You can set the session tags as transitive. Transitive tags persist during +// role chaining. For more information, see Chaining Roles with Session Tags +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) +// in the IAM User Guide. +// // Using MFA with AssumeRole // // (Optional) You can include multi-factor authentication (MFA) information @@ -165,9 +187,18 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // message describes the specific error. // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the policy document was too large. The error -// message describes how big the policy document is, in packed form, as a percentage -// of what the API allows. +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An AWS conversion compresses the +// session policy document, session policy ARNs, and session tags into a packed +// binary format that has a separate limit. The error message indicates by percentage +// how close the policies and tags are to the upper size limit. For more information, +// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // * ErrCodeRegionDisabledException "RegionDisabledException" // STS is not activated in the requested region for the account that is being @@ -256,6 +287,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // an access key ID, a secret access key, and a security token. Applications // can use these temporary security credentials to sign calls to AWS services. // +// Session Duration +// // By default, the temporary security credentials created by AssumeRoleWithSAML // last for one hour. However, you can use the optional DurationSeconds parameter // to specify the duration of your session. Your role session lasts for the @@ -271,6 +304,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // +// Permissions +// // The temporary security credentials created by AssumeRoleWithSAML can be used // to make API calls to any AWS service with the following exception: you cannot // call the STS GetFederationToken or GetSessionToken API operations. @@ -279,7 +314,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline -// and managed session policies shouldn't exceed 2048 characters. Passing policies +// and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent @@ -289,12 +324,6 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Before your application can call AssumeRoleWithSAML, you must configure your -// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, -// you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider. You must -// also create an IAM role that specifies this SAML provider in its trust policy. -// // Calling AssumeRoleWithSAML does not require the use of AWS security credentials. // The identity of the caller is validated by using keys in the metadata document // that is uploaded for the SAML provider entity for your identity provider. @@ -302,8 +331,50 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail // logs. The entry includes the value in the NameID element of the SAML assertion. // We recommend that you use a NameIDType that is not associated with any personally -// identifiable information (PII). For example, you could instead use the Persistent -// Identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). +// identifiable information (PII). For example, you could instead use the persistent +// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). +// +// Tags +// +// (Optional) You can configure your IdP to pass attributes into your SAML assertion +// as session tags. Each session tag consists of a key name and an associated +// value. For more information about session tags, see Passing Session Tags +// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You can pass up to 50 session tags. The plain text session tag keys can’t +// exceed 128 characters and the values can’t exceed 256 characters. For these +// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// An AWS conversion compresses the passed session policies and session tags +// into a packed binary format that has a separate limit. Your request can fail +// for this limit even if your plain text meets the other requirements. The +// PackedPolicySize response element indicates by percentage how close the policies +// and tags for your request are to the upper size limit. +// +// You can pass a session tag with the same key as a tag that is attached to +// the role. When you do, session tags override the role's tags with the same +// key. +// +// An administrator must grant you the permissions necessary to pass session +// tags. The administrator can also create granular permissions to allow you +// to pass only specific session tags. For more information, see Tutorial: Using +// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) +// in the IAM User Guide. +// +// You can set the session tags as transitive. Transitive tags persist during +// role chaining. For more information, see Chaining Roles with Session Tags +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) +// in the IAM User Guide. +// +// SAML Configuration +// +// Before your application can call AssumeRoleWithSAML, you must configure your +// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, +// you must use AWS Identity and Access Management (IAM) to create a SAML provider +// entity in your AWS account that represents your identity provider. You must +// also create an IAM role that specifies this SAML provider in its trust policy. // // For more information, see the following resources: // @@ -332,9 +403,18 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // message describes the specific error. // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the policy document was too large. The error -// message describes how big the policy document is, in packed form, as a percentage -// of what the API allows. +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An AWS conversion compresses the +// session policy document, session policy ARNs, and session tags into a packed +// binary format that has a separate limit. The error message indicates by percentage +// how close the policies and tags are to the upper size limit. For more information, +// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // * ErrCodeIDPRejectedClaimException "IDPRejectedClaim" // The identity provider (IdP) reported that authentication failed. This might @@ -456,6 +536,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // key ID, a secret access key, and a security token. Applications can use these // temporary security credentials to sign calls to AWS service API operations. // +// Session Duration +// // By default, the temporary security credentials created by AssumeRoleWithWebIdentity // last for one hour. However, you can use the optional DurationSeconds parameter // to specify the duration of your session. You can provide a value from 900 @@ -469,6 +551,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // +// Permissions +// // The temporary security credentials created by AssumeRoleWithWebIdentity can // be used to make API calls to any AWS service with the following exception: // you cannot call the STS GetFederationToken or GetSessionToken API operations. @@ -477,7 +561,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline -// and managed session policies shouldn't exceed 2048 characters. Passing policies +// and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent @@ -487,6 +571,42 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // +// Tags +// +// (Optional) You can configure your IdP to pass attributes into your web identity +// token as session tags. Each session tag consists of a key name and an associated +// value. For more information about session tags, see Passing Session Tags +// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You can pass up to 50 session tags. The plain text session tag keys can’t +// exceed 128 characters and the values can’t exceed 256 characters. For these +// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) +// in the IAM User Guide. +// +// An AWS conversion compresses the passed session policies and session tags +// into a packed binary format that has a separate limit. Your request can fail +// for this limit even if your plain text meets the other requirements. The +// PackedPolicySize response element indicates by percentage how close the policies +// and tags for your request are to the upper size limit. +// +// You can pass a session tag with the same key as a tag that is attached to +// the role. When you do, the session tag overrides the role tag with the same +// key. +// +// An administrator must grant you the permissions necessary to pass session +// tags. The administrator can also create granular permissions to allow you +// to pass only specific session tags. For more information, see Tutorial: Using +// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) +// in the IAM User Guide. +// +// You can set the session tags as transitive. Transitive tags persist during +// role chaining. For more information, see Chaining Roles with Session Tags +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) +// in the IAM User Guide. +// +// Identities +// // Before your application can call AssumeRoleWithWebIdentity, you must have // an identity token from a supported identity provider and create a role that // the application can assume. The role that your application assumes must trust @@ -514,8 +634,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and // AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). // These toolkits contain sample apps that show how to invoke the identity -// providers, and then how to use the information from these providers to -// get and use temporary security credentials. +// providers. The toolkits then show how to use the information from these +// providers to get and use temporary security credentials. // // * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). // This article discusses web identity federation and shows an example of @@ -535,9 +655,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // message describes the specific error. // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the policy document was too large. The error -// message describes how big the policy document is, in packed form, as a percentage -// of what the API allows. +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An AWS conversion compresses the +// session policy document, session policy ARNs, and session tags into a packed +// binary format that has a separate limit. The error message indicates by percentage +// how close the policies and tags are to the upper size limit. For more information, +// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // * ErrCodeIDPRejectedClaimException "IDPRejectedClaim" // The identity provider (IdP) reported that authentication failed. This might @@ -547,11 +676,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // can also mean that the claim has expired or has been explicitly revoked. // // * ErrCodeIDPCommunicationErrorException "IDPCommunicationError" -// The request could not be fulfilled because the non-AWS identity provider -// (IDP) that was asked to verify the incoming identity token could not be reached. -// This is often a transient error caused by network conditions. Retry the request +// The request could not be fulfilled because the identity provider (IDP) that +// was asked to verify the incoming identity token could not be reached. This +// is often a transient error caused by network conditions. Retry the request // a limited number of times so that you don't exceed the request rate. If the -// error persists, the non-AWS identity provider might be down or not responding. +// error persists, the identity provider might be down or not responding. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" // The web identity token that was passed could not be validated by AWS. Get @@ -676,9 +805,9 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // // Returned Error Codes: // * ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException" -// This error is returned if the message passed to DecodeAuthorizationMessage -// was invalid. This can happen if the token contains invalid characters, such -// as linebreaks. +// The error returned if the message passed to DecodeAuthorizationMessage was +// invalid. This can happen if the token contains invalid characters, such as +// linebreaks. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) { @@ -763,7 +892,8 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques // pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail -// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html). +// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// in the IAM User Guide. // // This operation does not indicate the state of the access key. The key might // be active, inactive, or deleted. Active keys might not have permissions to @@ -850,7 +980,8 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ // sts:GetCallerIdentity action, you can still perform this operation. Permissions // are not required because the same information is returned when an IAM user // or role is denied access. To view an example response, see I Am Not Authorized -// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa). +// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa) +// in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -942,7 +1073,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // or an OpenID Connect-compatible identity provider. In this case, we recommend // that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. // For more information, see Federation Through a Web-based Identity Provider -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) +// in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an // AWS account root user, but we do not recommend it. Instead, we recommend @@ -952,41 +1084,67 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // +// Session duration +// // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default -// is 43,200 seconds (12 hours). Temporary credentials that are obtained by -// using AWS account root user credentials have a maximum duration of 3,600 -// seconds (1 hour). -// -// The temporary security credentials created by GetFederationToken can be used -// to make API calls to any AWS service with the following exceptions: -// -// * You cannot use these credentials to call any IAM API operations. -// -// * You cannot call any STS API operations except GetCallerIdentity. +// session duration is 43,200 seconds (12 hours). Temporary credentials that +// are obtained by using AWS account root user credentials have a maximum duration +// of 3,600 seconds (1 hour). // // Permissions // +// You can use the temporary credentials created by GetFederationToken in any +// AWS service except the following: +// +// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// +// * You cannot call any STS operations except GetCallerIdentity. +// // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline -// and managed session policies shouldn't exceed 2048 characters. +// and managed session policies can't exceed 2,048 characters. // // Though the session policy parameters are optional, if you do not pass a policy, -// then the resulting federated user session has no permissions. The only exception -// is when the credentials are used to access a resource that has a resource-based -// policy that specifically references the federated user session in the Principal -// element of the policy. When you pass session policies, the session permissions -// are the intersection of the IAM user policies and the session policies that -// you pass. This gives you a way to further restrict the permissions for a -// federated user. You cannot use session policies to grant more permissions -// than those that are defined in the permissions policy of the IAM user. For -// more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// then the resulting federated user session has no permissions. When you pass +// session policies, the session permissions are the intersection of the IAM +// user policies and the session policies that you pass. This gives you a way +// to further restrict the permissions for a federated user. You cannot use +// session policies to grant more permissions than those that are defined in +// the permissions policy of the IAM user. For more information, see Session +// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. For information about using GetFederationToken to // create temporary security credentials, see GetFederationToken—Federation // Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). // +// You can use the credentials to access a resource that has a resource-based +// policy. If that policy specifically references the federated user session +// in the Principal element of the policy, the session has the permissions allowed +// by the policy. These permissions are granted in addition to the permissions +// granted by the session policies. +// +// Tags +// +// (Optional) You can pass tag key-value pairs to your session. These are called +// session tags. For more information about session tags, see Passing Session +// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// An administrator must grant you the permissions necessary to pass session +// tags. The administrator can also create granular permissions to allow you +// to pass only specific session tags. For more information, see Tutorial: Using +// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) +// in the IAM User Guide. +// +// Tag key–value pairs are not case sensitive, but case is preserved. This +// means that you cannot have separate Department and department tag keys. Assume +// that the user that you are federating has the Department=Marketing tag and +// you pass the department=engineering session tag. Department and department +// are not saved as separate tags, and the session tag passed in the request +// takes precedence over the user tag. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1000,9 +1158,18 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // message describes the specific error. // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" -// The request was rejected because the policy document was too large. The error -// message describes how big the policy document is, in packed form, as a percentage -// of what the API allows. +// The request was rejected because the total packed size of the session policies +// and session tags combined was too large. An AWS conversion compresses the +// session policy document, session policy ARNs, and session tags into a packed +// binary format that has a separate limit. The error message indicates by percentage +// how close the policies and tags are to the upper size limit. For more information, +// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You could receive this error even though you meet other defined session policy +// and session tag limits. For more information, see IAM and STS Entity Character +// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. // // * ErrCodeRegionDisabledException "RegionDisabledException" // STS is not activated in the requested region for the account that is being @@ -1091,6 +1258,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // +// Session Duration +// // The GetSessionToken operation must be called by using the long-term AWS security // credentials of the AWS account root user or an IAM user. Credentials that // are created by IAM users are valid for the duration that you specify. This @@ -1099,6 +1268,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // based on account credentials can range from 900 seconds (15 minutes) up to // 3,600 seconds (1 hour), with a default of 1 hour. // +// Permissions +// // The temporary security credentials created by GetSessionToken can be used // to make API calls to any AWS service with the following exceptions: // @@ -1213,16 +1384,16 @@ type AssumeRoleInput struct { // in the IAM User Guide. // // The plain text that you use for both inline and managed session policies - // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // can't exceed 2,048 characters. The JSON policy characters can be any ASCII // character from the space character to the end of the valid character list // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1231,15 +1402,15 @@ type AssumeRoleInput struct { // // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session - // policies shouldn't exceed 2048 characters. For more information about ARNs, + // policies can't exceed 2,048 characters. For more information about ARNs, // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -1284,6 +1455,41 @@ type AssumeRoleInput struct { // also include underscores or any of the following characters: =,.@- SerialNumber *string `min:"9" type:"string"` + // A list of session tags that you want to pass. Each session tag consists of + // a key name and an associated value. For more information about session tags, + // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // in the IAM User Guide. + // + // This parameter is optional. You can pass up to 50 session tags. The plain + // text session tag keys can’t exceed 128 characters, and the values can’t + // exceed 256 characters. For these and additional limits, see IAM and STS Character + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) + // in the IAM User Guide. + // + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. + // + // You can pass a session tag with the same key as a tag that is already attached + // to the role. When you do, session tags override a role tag with the same + // key. + // + // Tag key–value pairs are not case sensitive, but case is preserved. This + // means that you cannot have separate Department and department tag keys. Assume + // that the role has the Department=Marketing tag and you pass the department=engineering + // session tag. Department and department are not saved as separate tags, and + // the session tag passed in the request takes precedence over the role tag. + // + // Additionally, if you used temporary credentials to perform this operation, + // the new session inherits any transitive session tags from the calling session. + // If you pass a session tag with the same key as an inherited tag, the operation + // fails. To view the inherited tags for a session, see the AWS CloudTrail logs. + // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs) + // in the IAM User Guide. + Tags []*Tag `type:"list"` + // The value provided by the MFA device, if the trust policy of the role being // assumed requires MFA (that is, if the policy includes a condition that tests // for MFA). If the role being assumed requires MFA and if the TokenCode value @@ -1292,6 +1498,19 @@ type AssumeRoleInput struct { // The format for this parameter, as described by its regex pattern, is a sequence // of six numeric digits. TokenCode *string `min:"6" type:"string"` + + // A list of keys for session tags that you want to set as transitive. If you + // set a tag key as transitive, the corresponding key and value passes to subsequent + // sessions in a role chain. For more information, see Chaining Roles with Session + // Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) + // in the IAM User Guide. + // + // This parameter is optional. When you set session tags as transitive, the + // session policy and session tags packed binary limit is not affected. + // + // If you choose not to specify a transitive tag key, then no tags are passed + // from this session to any subsequent sessions. + TransitiveTagKeys []*string `type:"list"` } // String returns the string representation @@ -1344,6 +1563,16 @@ func (s *AssumeRoleInput) Validate() error { } } } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -1393,12 +1622,24 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput { return s } +// SetTags sets the Tags field's value. +func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput { + s.Tags = v + return s +} + // SetTokenCode sets the TokenCode field's value. func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput { s.TokenCode = &v return s } +// SetTransitiveTagKeys sets the TransitiveTagKeys field's value. +func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput { + s.TransitiveTagKeys = v + return s +} + // Contains the response to a successful AssumeRole request, including temporary // AWS credentials that can be used to make AWS requests. type AssumeRoleOutput struct { @@ -1418,9 +1659,10 @@ type AssumeRoleOutput struct { // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` - // A percentage value that indicates the size of the policy in packed form. - // The service rejects any policy with a packed size greater than 100 percent, - // which means the policy exceeded the allowed space. + // A percentage value that indicates the packed size of the session policies + // and session tags combined passed in the request. The request fails if the + // packed size is greater than 100 percent, which means the policies and tags + // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` } @@ -1491,16 +1733,16 @@ type AssumeRoleWithSAMLInput struct { // in the IAM User Guide. // // The plain text that you use for both inline and managed session policies - // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // can't exceed 2,048 characters. The JSON policy characters can be any ASCII // character from the space character to the end of the valid character list // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1509,15 +1751,15 @@ type AssumeRoleWithSAMLInput struct { // // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session - // policies shouldn't exceed 2048 characters. For more information about ARNs, + // policies can't exceed 2,048 characters. For more information about ARNs, // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -1673,9 +1915,10 @@ type AssumeRoleWithSAMLOutput struct { // ) ) NameQualifier *string `type:"string"` - // A percentage value that indicates the size of the policy in packed form. - // The service rejects any policy with a packed size greater than 100 percent, - // which means the policy exceeded the allowed space. + // A percentage value that indicates the packed size of the session policies + // and session tags combined passed in the request. The request fails if the + // packed size is greater than 100 percent, which means the policies and tags + // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` // The value of the NameID element in the Subject element of the SAML assertion. @@ -1786,16 +2029,16 @@ type AssumeRoleWithWebIdentityInput struct { // in the IAM User Guide. // // The plain text that you use for both inline and managed session policies - // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // can't exceed 2,048 characters. The JSON policy characters can be any ASCII // character from the space character to the end of the valid character list // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1804,15 +2047,15 @@ type AssumeRoleWithWebIdentityInput struct { // // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session - // policies shouldn't exceed 2048 characters. For more information about ARNs, + // policies can't exceed 2,048 characters. For more information about ARNs, // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -1983,9 +2226,10 @@ type AssumeRoleWithWebIdentityOutput struct { // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` - // A percentage value that indicates the size of the policy in packed form. - // The service rejects any policy with a packed size greater than 100 percent, - // which means the policy exceeded the allowed space. + // A percentage value that indicates the packed size of the session policies + // and session tags combined passed in the request. The request fails if the + // packed size is greater than 100 percent, which means the policies and tags + // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` // The issuing authority of the web identity token presented. For OpenID Connect @@ -2057,7 +2301,7 @@ type AssumedRoleUser struct { // The ARN of the temporary security credentials that are returned from the // AssumeRole action. For more information about ARNs and how to use them in // policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) - // in Using IAM. + // in the IAM User Guide. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -2225,7 +2469,7 @@ type FederatedUser struct { // The ARN that specifies the federated user that is associated with the credentials. // For more information about ARNs and how to use them in policies, see IAM // Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) - // in Using IAM. + // in the IAM User Guide. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -2265,7 +2509,7 @@ type GetAccessKeyInfoInput struct { // The identifier of an access key. // // This parameter allows (through its regex pattern) a string of characters - // that can consist of any upper- or lowercased letter or digit. + // that can consist of any upper- or lowercase letter or digit. // // AccessKeyId is a required field AccessKeyId *string `min:"16" type:"string" required:"true"` @@ -2418,10 +2662,7 @@ type GetFederationTokenInput struct { // use as managed session policies. // // This parameter is optional. However, if you do not pass any session policies, - // then the resulting federated user session has no permissions. The only exception - // is when the credentials are used to access a resource that has a resource-based - // policy that specifically references the federated user session in the Principal - // element of the policy. + // then the resulting federated user session has no permissions. // // When you pass session policies, the session permissions are the intersection // of the IAM user policies and the session policies that you pass. This gives @@ -2431,17 +2672,23 @@ type GetFederationTokenInput struct { // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // + // The resulting credentials can be used to access a resource that has a resource-based + // policy. If that policy specifically references the federated user session + // in the Principal element of the policy, the session has the permissions allowed + // by the policy. These permissions are granted in addition to the permissions + // that are granted by the session policies. + // // The plain text that you use for both inline and managed session policies - // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // can't exceed 2,048 characters. The JSON policy characters can be any ASCII // character from the space character to the end of the valid character list // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2452,16 +2699,13 @@ type GetFederationTokenInput struct { // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline - // and managed session policies shouldn't exceed 2048 characters. You can provide + // and managed session policies can't exceed 2,048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // This parameter is optional. However, if you do not pass any session policies, - // then the resulting federated user session has no permissions. The only exception - // is when the credentials are used to access a resource that has a resource-based - // policy that specifically references the federated user session in the Principal - // element of the policy. + // then the resulting federated user session has no permissions. // // When you pass session policies, the session permissions are the intersection // of the IAM user policies and the session policies that you pass. This gives @@ -2471,12 +2715,46 @@ type GetFederationTokenInput struct { // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The characters in this parameter count towards the 2048 character session - // policy guideline. However, an AWS conversion compresses the session policies - // into a packed binary format that has a separate limit. This is the enforced - // limit. The PackedPolicySize response element indicates by percentage how - // close the policy is to the upper size limit. + // The resulting credentials can be used to access a resource that has a resource-based + // policy. If that policy specifically references the federated user session + // in the Principal element of the policy, the session has the permissions allowed + // by the policy. These permissions are granted in addition to the permissions + // that are granted by the session policies. + // + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` + + // A list of session tags. Each session tag consists of a key name and an associated + // value. For more information about session tags, see Passing Session Tags + // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // in the IAM User Guide. + // + // This parameter is optional. You can pass up to 50 session tags. The plain + // text session tag keys can’t exceed 128 characters and the values can’t + // exceed 256 characters. For these and additional limits, see IAM and STS Character + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) + // in the IAM User Guide. + // + // An AWS conversion compresses the passed session policies and session tags + // into a packed binary format that has a separate limit. Your request can fail + // for this limit even if your plain text meets the other requirements. The + // PackedPolicySize response element indicates by percentage how close the policies + // and tags for your request are to the upper size limit. + // + // You can pass a session tag with the same key as a tag that is already attached + // to the user you are federating. When you do, session tags override a user + // tag with the same key. + // + // Tag key–value pairs are not case sensitive, but case is preserved. This + // means that you cannot have separate Department and department tag keys. Assume + // that the role has the Department=Marketing tag and you pass the department=engineering + // session tag. Department and department are not saved as separate tags, and + // the session tag passed in the request takes precedence over the role tag. + Tags []*Tag `type:"list"` } // String returns the string representation @@ -2514,6 +2792,16 @@ func (s *GetFederationTokenInput) Validate() error { } } } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -2545,6 +2833,12 @@ func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetF return s } +// SetTags sets the Tags field's value. +func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput { + s.Tags = v + return s +} + // Contains the response to a successful GetFederationToken request, including // temporary AWS credentials that can be used to make AWS requests. type GetFederationTokenOutput struct { @@ -2563,9 +2857,10 @@ type GetFederationTokenOutput struct { // an Amazon S3 bucket policy. FederatedUser *FederatedUser `type:"structure"` - // A percentage value indicating the size of the policy in packed form. The - // service rejects policies for which the packed size is greater than 100 percent - // of the allowed value. + // A percentage value that indicates the packed size of the session policies + // and session tags combined passed in the request. The request fails if the + // packed size is greater than 100 percent, which means the policies and tags + // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` } @@ -2748,3 +3043,73 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { s.Arn = &v return s } + +// You can pass custom key-value pair attributes when you assume a role or federate +// a user. These are called session tags. You can then use the session tags +// to control access to resources. For more information, see Tagging AWS STS +// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +type Tag struct { + _ struct{} `type:"structure"` + + // The key for a session tag. + // + // You can pass up to 50 session tags. The plain text session tag keys can’t + // exceed 128 characters. For these and additional limits, see IAM and STS Character + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) + // in the IAM User Guide. + // + // Key is a required field + Key *string `min:"1" type:"string" required:"true"` + + // The value for a session tag. + // + // You can pass up to 50 session tags. The plain text session tag values can’t + // exceed 256 characters. For these and additional limits, see IAM and STS Character + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) + // in the IAM User Guide. + // + // Value is a required field + Value *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key == nil { + invalidParams.Add(request.NewErrParamRequired("Key")) + } + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + if s.Value == nil { + invalidParams.Add(request.NewErrParamRequired("Value")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index a3e378edad..a233f542ef 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go @@ -14,11 +14,11 @@ const ( // ErrCodeIDPCommunicationErrorException for service response error code // "IDPCommunicationError". // - // The request could not be fulfilled because the non-AWS identity provider - // (IDP) that was asked to verify the incoming identity token could not be reached. - // This is often a transient error caused by network conditions. Retry the request + // The request could not be fulfilled because the identity provider (IDP) that + // was asked to verify the incoming identity token could not be reached. This + // is often a transient error caused by network conditions. Retry the request // a limited number of times so that you don't exceed the request rate. If the - // error persists, the non-AWS identity provider might be down or not responding. + // error persists, the identity provider might be down or not responding. ErrCodeIDPCommunicationErrorException = "IDPCommunicationError" // ErrCodeIDPRejectedClaimException for service response error code @@ -34,9 +34,9 @@ const ( // ErrCodeInvalidAuthorizationMessageException for service response error code // "InvalidAuthorizationMessageException". // - // This error is returned if the message passed to DecodeAuthorizationMessage - // was invalid. This can happen if the token contains invalid characters, such - // as linebreaks. + // The error returned if the message passed to DecodeAuthorizationMessage was + // invalid. This can happen if the token contains invalid characters, such as + // linebreaks. ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException" // ErrCodeInvalidIdentityTokenException for service response error code @@ -56,9 +56,18 @@ const ( // ErrCodePackedPolicyTooLargeException for service response error code // "PackedPolicyTooLarge". // - // The request was rejected because the policy document was too large. The error - // message describes how big the policy document is, in packed form, as a percentage - // of what the API allows. + // The request was rejected because the total packed size of the session policies + // and session tags combined was too large. An AWS conversion compresses the + // session policy document, session policy ARNs, and session tags into a packed + // binary format that has a separate limit. The error message indicates by percentage + // how close the policies and tags are to the upper size limit. For more information, + // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // in the IAM User Guide. + // + // You could receive this error even though you meet other defined session policy + // and session tag limits. For more information, see IAM and STS Entity Character + // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // in the IAM User Guide. ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge" // ErrCodeRegionDisabledException for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go index 586faed193..d34a685533 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) const ( ServiceName = "sts" // Name of service. EndpointsID = ServiceName // ID to lookup a service endpoint with. - ServiceID = "STS" // ServiceID is a unique identifer of a specific service. + ServiceID = "STS" // ServiceID is a unique identifier of a specific service. ) // New creates a new instance of the STS client with a session. diff --git a/vendor/github.com/pkg/errors/.travis.yml b/vendor/github.com/pkg/errors/.travis.yml index d4b92663ba..9159de03e0 100644 --- a/vendor/github.com/pkg/errors/.travis.yml +++ b/vendor/github.com/pkg/errors/.travis.yml @@ -1,15 +1,10 @@ language: go go_import_path: github.com/pkg/errors go: - - 1.4.x - - 1.5.x - - 1.6.x - - 1.7.x - - 1.8.x - - 1.9.x - - 1.10.x - 1.11.x + - 1.12.x + - 1.13.x - tip script: - - go test -v ./... + - make check diff --git a/vendor/github.com/pkg/errors/BUILD.bazel b/vendor/github.com/pkg/errors/BUILD.bazel index d27354255b..e032fef321 100644 --- a/vendor/github.com/pkg/errors/BUILD.bazel +++ b/vendor/github.com/pkg/errors/BUILD.bazel @@ -4,6 +4,7 @@ go_library( name = "go_default_library", srcs = [ "errors.go", + "go113.go", "stack.go", ], importmap = "k8s.io/kops/vendor/github.com/pkg/errors", diff --git a/vendor/github.com/pkg/errors/Makefile b/vendor/github.com/pkg/errors/Makefile new file mode 100644 index 0000000000..ce9d7cded6 --- /dev/null +++ b/vendor/github.com/pkg/errors/Makefile @@ -0,0 +1,44 @@ +PKGS := github.com/pkg/errors +SRCDIRS := $(shell go list -f '{{.Dir}}' $(PKGS)) +GO := go + +check: test vet gofmt misspell unconvert staticcheck ineffassign unparam + +test: + $(GO) test $(PKGS) + +vet: | test + $(GO) vet $(PKGS) + +staticcheck: + $(GO) get honnef.co/go/tools/cmd/staticcheck + staticcheck -checks all $(PKGS) + +misspell: + $(GO) get github.com/client9/misspell/cmd/misspell + misspell \ + -locale GB \ + -error \ + *.md *.go + +unconvert: + $(GO) get github.com/mdempsky/unconvert + unconvert -v $(PKGS) + +ineffassign: + $(GO) get github.com/gordonklaus/ineffassign + find $(SRCDIRS) -name '*.go' | xargs ineffassign + +pedantic: check errcheck + +unparam: + $(GO) get mvdan.cc/unparam + unparam ./... + +errcheck: + $(GO) get github.com/kisielk/errcheck + errcheck $(PKGS) + +gofmt: + @echo Checking code is gofmted + @test -z "$(shell gofmt -s -l -d -e $(SRCDIRS) | tee /dev/stderr)" diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md index 6483ba2afb..54dfdcb12e 100644 --- a/vendor/github.com/pkg/errors/README.md +++ b/vendor/github.com/pkg/errors/README.md @@ -41,11 +41,18 @@ default: [Read the package documentation for more information](https://godoc.org/github.com/pkg/errors). +## Roadmap + +With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows: + +- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible) +- 1.0. Final release. + ## Contributing -We welcome pull requests, bug fixes and issue reports. With that said, the bar for adding new symbols to this package is intentionally set high. +Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports. -Before proposing a change, please discuss your change by raising an issue. +Before sending a PR, please discuss your change by raising an issue. ## License diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go index 7421f326ff..161aea2582 100644 --- a/vendor/github.com/pkg/errors/errors.go +++ b/vendor/github.com/pkg/errors/errors.go @@ -82,7 +82,7 @@ // // if err, ok := err.(stackTracer); ok { // for _, f := range err.StackTrace() { -// fmt.Printf("%+s:%d", f) +// fmt.Printf("%+s:%d\n", f, f) // } // } // @@ -159,6 +159,9 @@ type withStack struct { func (w *withStack) Cause() error { return w.error } +// Unwrap provides compatibility for Go 1.13 error chains. +func (w *withStack) Unwrap() error { return w.error } + func (w *withStack) Format(s fmt.State, verb rune) { switch verb { case 'v': @@ -241,6 +244,9 @@ type withMessage struct { func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() } func (w *withMessage) Cause() error { return w.cause } +// Unwrap provides compatibility for Go 1.13 error chains. +func (w *withMessage) Unwrap() error { return w.cause } + func (w *withMessage) Format(s fmt.State, verb rune) { switch verb { case 'v': diff --git a/vendor/github.com/pkg/errors/go113.go b/vendor/github.com/pkg/errors/go113.go new file mode 100644 index 0000000000..be0d10d0c7 --- /dev/null +++ b/vendor/github.com/pkg/errors/go113.go @@ -0,0 +1,38 @@ +// +build go1.13 + +package errors + +import ( + stderrors "errors" +) + +// Is reports whether any error in err's chain matches target. +// +// The chain consists of err itself followed by the sequence of errors obtained by +// repeatedly calling Unwrap. +// +// An error is considered to match a target if it is equal to that target or if +// it implements a method Is(error) bool such that Is(target) returns true. +func Is(err, target error) bool { return stderrors.Is(err, target) } + +// As finds the first error in err's chain that matches target, and if so, sets +// target to that error value and returns true. +// +// The chain consists of err itself followed by the sequence of errors obtained by +// repeatedly calling Unwrap. +// +// An error matches target if the error's concrete value is assignable to the value +// pointed to by target, or if the error has a method As(interface{}) bool such that +// As(target) returns true. In the latter case, the As method is responsible for +// setting target. +// +// As will panic if target is not a non-nil pointer to either a type that implements +// error, or to any interface type. As returns false if err is nil. +func As(err error, target interface{}) bool { return stderrors.As(err, target) } + +// Unwrap returns the result of calling the Unwrap method on err, if err's +// type contains an Unwrap method returning error. +// Otherwise, Unwrap returns nil. +func Unwrap(err error) error { + return stderrors.Unwrap(err) +} diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go index 2874a048cf..779a8348fb 100644 --- a/vendor/github.com/pkg/errors/stack.go +++ b/vendor/github.com/pkg/errors/stack.go @@ -5,10 +5,13 @@ import ( "io" "path" "runtime" + "strconv" "strings" ) // Frame represents a program counter inside a stack frame. +// For historical reasons if Frame is interpreted as a uintptr +// its value represents the program counter + 1. type Frame uintptr // pc returns the program counter for this frame; @@ -37,6 +40,15 @@ func (f Frame) line() int { return line } +// name returns the name of this function, if known. +func (f Frame) name() string { + fn := runtime.FuncForPC(f.pc()) + if fn == nil { + return "unknown" + } + return fn.Name() +} + // Format formats the frame according to the fmt.Formatter interface. // // %s source file @@ -54,22 +66,16 @@ func (f Frame) Format(s fmt.State, verb rune) { case 's': switch { case s.Flag('+'): - pc := f.pc() - fn := runtime.FuncForPC(pc) - if fn == nil { - io.WriteString(s, "unknown") - } else { - file, _ := fn.FileLine(pc) - fmt.Fprintf(s, "%s\n\t%s", fn.Name(), file) - } + io.WriteString(s, f.name()) + io.WriteString(s, "\n\t") + io.WriteString(s, f.file()) default: io.WriteString(s, path.Base(f.file())) } case 'd': - fmt.Fprintf(s, "%d", f.line()) + io.WriteString(s, strconv.Itoa(f.line())) case 'n': - name := runtime.FuncForPC(f.pc()).Name() - io.WriteString(s, funcname(name)) + io.WriteString(s, funcname(f.name())) case 'v': f.Format(s, 's') io.WriteString(s, ":") @@ -77,6 +83,16 @@ func (f Frame) Format(s fmt.State, verb rune) { } } +// MarshalText formats a stacktrace Frame as a text string. The output is the +// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs. +func (f Frame) MarshalText() ([]byte, error) { + name := f.name() + if name == "unknown" { + return []byte(name), nil + } + return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil +} + // StackTrace is stack of Frames from innermost (newest) to outermost (oldest). type StackTrace []Frame @@ -94,18 +110,32 @@ func (st StackTrace) Format(s fmt.State, verb rune) { switch { case s.Flag('+'): for _, f := range st { - fmt.Fprintf(s, "\n%+v", f) + io.WriteString(s, "\n") + f.Format(s, verb) } case s.Flag('#'): fmt.Fprintf(s, "%#v", []Frame(st)) default: - fmt.Fprintf(s, "%v", []Frame(st)) + st.formatSlice(s, verb) } case 's': - fmt.Fprintf(s, "%s", []Frame(st)) + st.formatSlice(s, verb) } } +// formatSlice will format this StackTrace into the given buffer as a slice of +// Frame, only valid when called with '%s' or '%v'. +func (st StackTrace) formatSlice(s fmt.State, verb rune) { + io.WriteString(s, "[") + for i, f := range st { + if i > 0 { + io.WriteString(s, " ") + } + f.Format(s, verb) + } + io.WriteString(s, "]") +} + // stack represents a stack of program counters. type stack []uintptr diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 8e0059db66..d948e96eec 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -93,7 +93,7 @@ type Transport struct { // send in the initial settings frame. It is how many bytes // of response headers are allowed. Unlike the http2 spec, zero here // means to use a default limit (currently 10MB). If you actually - // want to advertise an ulimited value to the peer, Transport + // want to advertise an unlimited value to the peer, Transport // interprets the highest possible value here (0xffffffff or 1<<32-1) // to mean no limit. MaxHeaderListSize uint32 diff --git a/vendor/modules.txt b/vendor/modules.txt index 6307ef1431..298a0d15ac 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,7 +38,7 @@ github.com/PuerkitoBio/urlesc github.com/aokoli/goutils # github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da github.com/armon/go-metrics -# github.com/aws/aws-sdk-go v1.25.38 +# github.com/aws/aws-sdk-go v1.29.21 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn github.com/aws/aws-sdk-go/aws/awserr @@ -58,6 +58,7 @@ github.com/aws/aws-sdk-go/aws/endpoints github.com/aws/aws-sdk-go/aws/request github.com/aws/aws-sdk-go/aws/session github.com/aws/aws-sdk-go/aws/signer/v4 +github.com/aws/aws-sdk-go/internal/context github.com/aws/aws-sdk-go/internal/ini github.com/aws/aws-sdk-go/internal/s3err github.com/aws/aws-sdk-go/internal/sdkio @@ -65,6 +66,8 @@ github.com/aws/aws-sdk-go/internal/sdkmath github.com/aws/aws-sdk-go/internal/sdkrand github.com/aws/aws-sdk-go/internal/sdkuri github.com/aws/aws-sdk-go/internal/shareddefaults +github.com/aws/aws-sdk-go/internal/strings +github.com/aws/aws-sdk-go/internal/sync/singleflight github.com/aws/aws-sdk-go/private/protocol github.com/aws/aws-sdk-go/private/protocol/ec2query github.com/aws/aws-sdk-go/private/protocol/eventstream @@ -92,6 +95,7 @@ github.com/aws/aws-sdk-go/service/pricing github.com/aws/aws-sdk-go/service/route53 github.com/aws/aws-sdk-go/service/route53/route53iface github.com/aws/aws-sdk-go/service/s3 +github.com/aws/aws-sdk-go/service/s3/internal/arn github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/bazelbuild/bazel-gazelle v0.19.1 @@ -368,7 +372,7 @@ github.com/pborman/uuid github.com/pelletier/go-toml # github.com/peterbourgon/diskv v2.0.1+incompatible github.com/peterbourgon/diskv -# github.com/pkg/errors v0.8.1 +# github.com/pkg/errors v0.9.1 github.com/pkg/errors # github.com/pkg/sftp v0.0.0-20160930220758-4d0e916071f6 github.com/pkg/sftp @@ -492,7 +496,7 @@ golang.org/x/crypto/salsa20/salsa golang.org/x/crypto/scrypt golang.org/x/crypto/ssh golang.org/x/crypto/ssh/terminal -# golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 +# golang.org/x/net v0.0.0-20200202094626-16171245cfb2 golang.org/x/net/bpf golang.org/x/net/context golang.org/x/net/context/ctxhttp