From 98bed37ffaedf0b302fef1d1358d157df71b475e Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Thu, 15 Jul 2021 10:26:07 -0400 Subject: [PATCH] Upgrade aws-sdk-go --- go.mod | 4 +- go.sum | 8 +- tests/e2e/go.sum | 8 +- .../aws/aws-sdk-go/aws/ec2metadata/service.go | 4 +- .../aws/aws-sdk-go/aws/endpoints/decode.go | 14 - .../aws/aws-sdk-go/aws/endpoints/defaults.go | 456 ++- .../aws/aws-sdk-go/aws/endpoints/endpoints.go | 55 +- .../aws/aws-sdk-go/aws/endpoints/v3model.go | 44 +- .../aws/aws-sdk-go/aws/request/request.go | 17 +- .../aws/aws-sdk-go/aws/session/credentials.go | 14 +- .../aws/aws-sdk-go/aws/session/doc.go | 2 +- .../aws/aws-sdk-go/aws/session/env_config.go | 27 +- .../aws/aws-sdk-go/aws/session/session.go | 53 +- .../aws-sdk-go/aws/session/shared_config.go | 35 +- .../aws-sdk-go/aws/signer/v4/header_rules.go | 16 +- .../aws/aws-sdk-go/aws/signer/v4/v4.go | 11 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/internal/ini/doc.go | 33 +- .../aws/aws-sdk-go/internal/ini/ini_parser.go | 51 +- .../aws/aws-sdk-go/internal/ini/visitor.go | 5 +- .../aws-sdk-go/internal/s3shared/arn/arn.go | 4 + .../internal/s3shared/endpoint_errors.go | 13 + .../internal/s3shared/resource_request.go | 2 + .../aws-sdk-go/private/protocol/rest/build.go | 2 +- .../aws-sdk-go/private/protocol/timestamp.go | 57 +- .../private/protocol/xml/xmlutil/build.go | 2 + .../protocol/xml/xmlutil/xml_to_struct.go | 22 +- .../aws/aws-sdk-go/service/autoscaling/api.go | 1392 ++++++++- .../autoscaling/autoscalingiface/interface.go | 4 + .../aws/aws-sdk-go/service/autoscaling/doc.go | 10 +- .../aws-sdk-go/service/cloudformation/api.go | 2645 +++++++++++++++- .../service/cloudformation/errors.go | 8 +- .../aws/aws-sdk-go/service/ec2/api.go | 2746 +++++++++++++++-- .../service/ec2/ec2iface/interface.go | 31 + .../aws/aws-sdk-go/service/elbv2/api.go | 37 +- .../aws/aws-sdk-go/service/elbv2/errors.go | 6 +- .../aws/aws-sdk-go/service/eventbridge/api.go | 373 ++- .../aws/aws-sdk-go/service/iam/api.go | 1794 ++++++----- .../aws/aws-sdk-go/service/iam/doc.go | 12 +- .../aws/aws-sdk-go/service/iam/errors.go | 7 +- .../service/iam/iamiface/interface.go | 3 + .../aws/aws-sdk-go/service/kms/api.go | 1614 ++++++++-- .../aws/aws-sdk-go/service/s3/api.go | 254 +- .../aws/aws-sdk-go/service/s3/endpoint.go | 5 +- .../aws/aws-sdk-go/service/sqs/api.go | 350 +-- .../aws/aws-sdk-go/service/sqs/doc.go | 21 +- .../aws/aws-sdk-go/service/sts/api.go | 630 ++-- .../aws/aws-sdk-go/service/sts/doc.go | 10 +- .../aws/aws-sdk-go/service/sts/errors.go | 18 +- vendor/golang.org/x/net/http2/ascii.go | 4 + vendor/golang.org/x/net/http2/server.go | 12 +- vendor/golang.org/x/net/http2/transport.go | 97 +- vendor/modules.txt | 4 +- 53 files changed, 10492 insertions(+), 2556 deletions(-) diff --git a/go.mod b/go.mod index 5161397978..e1a22d45f4 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/aliyun/alibaba-cloud-sdk-go v1.61.1059 github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-ec2-instance-selector/v2 v2.0.2 - github.com/aws/aws-sdk-go v1.38.29 + github.com/aws/aws-sdk-go v1.40.0 github.com/blang/semver/v4 v4.0.0 github.com/denverdino/aliyungo v0.0.0-20210425065611-55bee4942cba github.com/digitalocean/godo v1.60.0 @@ -76,7 +76,7 @@ require ( github.com/weaveworks/mesh v0.0.0-20191105120815-58dbcc3e8e63 github.com/zclconf/go-cty v1.8.2 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a - golang.org/x/net v0.0.0-20210525063256-abc453219eb5 + golang.org/x/net v0.0.0-20210614182718-04defd469f4e golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 google.golang.org/api v0.45.0 diff --git a/go.sum b/go.sum index 6d7a62b45b..4d6bb65384 100644 --- a/go.sum +++ b/go.sum @@ -175,8 +175,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.30/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= -github.com/aws/aws-sdk-go v1.38.29 h1:Go3a0Bw3V12he3XuefJsZ1CICn1wjmn6lp+FjICQR2w= -github.com/aws/aws-sdk-go v1.38.29/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.40.0 h1:nTCSQAeahNt15SOYxuDwJ8XvMhOU3Uqe7eJUPv7+Vsk= +github.com/aws/aws-sdk-go v1.40.0/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -1330,8 +1330,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index 25fc379bb0..dba7cdcb08 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -243,8 +243,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.30/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= -github.com/aws/aws-sdk-go v1.38.29 h1:Go3a0Bw3V12he3XuefJsZ1CICn1wjmn6lp+FjICQR2w= -github.com/aws/aws-sdk-go v1.38.29/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.40.0 h1:nTCSQAeahNt15SOYxuDwJ8XvMhOU3Uqe7eJUPv7+Vsk= +github.com/aws/aws-sdk-go v1.40.0/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/bazelbuild/buildtools v0.0.0-20190917191645-69366ca98f89/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= github.com/bazelbuild/rules_go v0.22.1/go.mod h1:MC23Dc/wkXEyk3Wpq6lCqz0ZAYOZDw2DR5y3N1q2i7M= @@ -1656,8 +1656,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index 8f35b3464b..df63bade10 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -13,7 +13,6 @@ package ec2metadata import ( "bytes" - "errors" "io" "net/http" "net/url" @@ -234,7 +233,8 @@ func unmarshalError(r *request.Request) { // Response body format is not consistent between metadata endpoints. // Grab the error message as a string and include that as the source error - r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())), + r.Error = awserr.NewRequestFailure( + awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil), r.HTTPResponse.StatusCode, r.RequestID) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go index 654fb1ad52..b98ea86981 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go @@ -81,7 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol // Customization for i := 0; i < len(ps); i++ { p := &ps[i] - custAddEC2Metadata(p) custAddS3DualStack(p) custRegionalS3(p) custRmIotDataService(p) @@ -140,19 +139,6 @@ func custAddDualstack(p *partition, svcName string) { p.Services[svcName] = s } -func custAddEC2Metadata(p *partition) { - p.Services["ec2metadata"] = service{ - IsRegionalized: boxedFalse, - PartitionEndpoint: "aws-global", - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - } -} - func custRmIotDataService(p *partition) { delete(p.Services, "data.iot") } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 257812d9ee..4693c43f18 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -302,6 +302,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -637,7 +638,43 @@ var awsPartition = partition{ "api.fleethub.iot": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "api.fleethub.iot-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "api.fleethub.iot-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "api.fleethub.iot-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "api.mediatailor": service{ @@ -824,6 +861,16 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "apprunner": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "appstream2": service{ Defaults: endpoint{ Protocols: []string{"https"}, @@ -839,6 +886,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "fips": endpoint{ Hostname: "appstream2-fips.us-west-2.amazonaws.com", CredentialScope: credentialScope{ @@ -855,6 +903,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -959,6 +1008,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -1592,11 +1642,12 @@ var awsPartition = partition{ Region: "us-west-2", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "cognito-idp": service{ @@ -1637,11 +1688,12 @@ var awsPartition = partition{ Region: "us-west-2", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "cognito-sync": service{ @@ -2344,17 +2396,6 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -2840,8 +2881,11 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -2940,6 +2984,26 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "finspace": service{ + + Endpoints: endpoints{ + "ca-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "finspace-api": service{ + + Endpoints: endpoints{ + "ca-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "firehose": service{ Endpoints: endpoints{ @@ -2999,6 +3063,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -3141,9 +3206,27 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "forecast-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "forecast-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "forecast-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "forecastquery": service{ @@ -3156,9 +3239,27 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "forecastquery-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "forecastquery-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "forecastquery-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "fsx": service{ @@ -3372,6 +3473,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "af-south-1": endpoint{}, + "ap-northeast-2": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, @@ -3470,6 +3572,8 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "honeycode": service{ @@ -3731,6 +3835,18 @@ var awsPartition = partition{ "iotwireless": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{ + Hostname: "api.iotwireless.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + "ap-southeast-2": endpoint{ + Hostname: "api.iotwireless.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, "eu-west-1": endpoint{ Hostname: "api.iotwireless.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -3743,6 +3859,12 @@ var awsPartition = partition{ Region: "us-east-1", }, }, + "us-west-2": endpoint{ + Hostname: "api.iotwireless.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "kafka": service{ @@ -3892,6 +4014,7 @@ var awsPartition = partition{ "lakeformation": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -4047,6 +4170,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -4724,6 +4848,12 @@ var awsPartition = partition{ Region: "eu-west-2", }, }, + "eu-west-3": endpoint{ + Hostname: "oidc.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, "us-east-1": endpoint{ Hostname: "oidc.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -4804,6 +4934,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -5022,6 +5153,7 @@ var awsPartition = partition{ "ap-northeast-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -5049,9 +5181,28 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "eu-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "qldb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "qldb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "qldb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "ram": service{ @@ -5368,6 +5519,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -6069,6 +6221,61 @@ var awsPartition = partition{ }, }, }, + "servicecatalog-appregistry": service{ + + Endpoints: endpoints{ + "af-south-1": endpoint{}, + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "fips-ca-central-1": endpoint{ + Hostname: "servicecatalog-appregistry-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-us-east-1": endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "servicecatalog-appregistry-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "servicediscovery": service{ Endpoints: endpoints{ @@ -6137,9 +6344,28 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "eu-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "session.qldb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "session.qldb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "session.qldb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "shield": service{ @@ -6554,6 +6780,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -6864,6 +7091,7 @@ var awsPartition = partition{ "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -6992,6 +7220,12 @@ var awsPartition = partition{ Region: "ap-northeast-2", }, }, + "ap-northeast-3": endpoint{ + Hostname: "waf-regional.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, "ap-south-1": endpoint{ Hostname: "waf-regional.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ @@ -7076,6 +7310,12 @@ var awsPartition = partition{ Region: "ap-northeast-2", }, }, + "fips-ap-northeast-3": endpoint{ + Hostname: "waf-regional-fips.ap-northeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-3", + }, + }, "fips-ap-south-1": endpoint{ Hostname: "waf-regional-fips.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ @@ -7611,17 +7851,6 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -8068,6 +8297,13 @@ var awscnPartition = partition{ }, }, }, + "servicecatalog": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "servicediscovery": service{ Endpoints: endpoints{ @@ -8205,6 +8441,49 @@ var awscnPartition = partition{ }, }, }, + "transcribestreaming": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, + "transfer": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, + "waf-regional": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{ + Hostname: "waf-regional.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + "cn-northwest-1": endpoint{ + Hostname: "waf-regional.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + "fips-cn-north-1": endpoint{ + Hostname: "waf-regional-fips.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + "fips-cn-northwest-1": endpoint{ + Hostname: "waf-regional-fips.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "workspaces": service{ Endpoints: endpoints{ @@ -8812,17 +9091,6 @@ var awsusgovPartition = partition{ }, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -9387,6 +9655,25 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "mq": service{ + + Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "mq-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "mq-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "neptune": service{ Endpoints: endpoints{ @@ -9768,6 +10055,25 @@ var awsusgovPartition = partition{ }, }, }, + "servicecatalog-appregistry": service{ + + Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "servicecatalog-appregistry.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "servicecatalog-appregistry.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "servicequotas": service{ Defaults: endpoint{ Protocols: []string{"https"}, @@ -10257,17 +10563,6 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ @@ -10280,6 +10575,18 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, + "elasticfilesystem": service{ + + Endpoints: endpoints{ + "fips-us-iso-east-1": endpoint{ + Hostname: "elasticfilesystem-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + "us-iso-east-1": endpoint{}, + }, + }, "elasticloadbalancing": service{ Endpoints: endpoints{ @@ -10395,6 +10702,12 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, + "ram": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "rds": service{ Endpoints: endpoints{ @@ -10656,17 +10969,6 @@ var awsisobPartition = partition{ "us-isob-east-1": endpoint{}, }, }, - "ec2metadata": service{ - PartitionEndpoint: "aws-global", - IsRegionalized: boxedFalse, - - Endpoints: endpoints{ - "aws-global": endpoint{ - Hostname: "169.254.169.254/latest", - Protocols: []string{"http"}, - }, - }, - }, "ecs": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go index ca956e5f12..8e8636f5f8 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go @@ -48,6 +48,9 @@ type Options struct { // This option is ignored if StrictMatching is enabled. ResolveUnknownService bool + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + EC2MetadataEndpointMode EC2IMDSEndpointModeState + // STS Regional Endpoint flag helps with resolving the STS endpoint STSRegionalEndpoint STSRegionalEndpoint @@ -55,6 +58,33 @@ type Options struct { S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint } +// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode. +type EC2IMDSEndpointModeState uint + +// Enumeration values for EC2IMDSEndpointModeState +const ( + EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota + EC2IMDSEndpointModeStateIPv4 + EC2IMDSEndpointModeStateIPv6 +) + +// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset +func (e *EC2IMDSEndpointModeState) SetFromString(v string) error { + v = strings.TrimSpace(v) + + switch { + case len(v) == 0: + *e = EC2IMDSEndpointModeStateUnset + case strings.EqualFold(v, "IPv6"): + *e = EC2IMDSEndpointModeStateIPv6 + case strings.EqualFold(v, "IPv4"): + *e = EC2IMDSEndpointModeStateIPv4 + default: + return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4") + } + return nil +} + // STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint // options. type STSRegionalEndpoint int @@ -247,7 +277,7 @@ func RegionsForService(ps []Partition, partitionID, serviceID string) (map[strin if p.ID() != partitionID { continue } - if _, ok := p.p.Services[serviceID]; !ok { + if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) { break } @@ -333,6 +363,7 @@ func (p Partition) Regions() map[string]Region { // enumerating over the services in a partition. func (p Partition) Services() map[string]Service { ss := make(map[string]Service, len(p.p.Services)) + for id := range p.p.Services { ss[id] = Service{ id: id, @@ -340,6 +371,15 @@ func (p Partition) Services() map[string]Service { } } + // Since we have removed the customization that injected this into the model + // we still need to pretend that this is a modeled service. + if _, ok := ss[Ec2metadataServiceID]; !ok { + ss[Ec2metadataServiceID] = Service{ + id: Ec2metadataServiceID, + p: p.p, + } + } + return ss } @@ -400,7 +440,18 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve // an URL that can be resolved to a instance of a service. func (s Service) Regions() map[string]Region { rs := map[string]Region{} - for id := range s.p.Services[s.id].Endpoints { + + service, ok := s.p.Services[s.id] + + // Since ec2metadata customization has been removed we need to check + // if it was defined in non-standard endpoints.json file. If it's not + // then we can return the empty map as there is no regional-endpoints for IMDS. + // Otherwise, we iterate need to iterate the non-standard model. + if s.id == Ec2metadataServiceID && !ok { + return rs + } + + for id := range service.Endpoints { if r, ok := s.p.Regions[id]; ok { rs[id] = Region{ id: id, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go index 773613722f..c6c6a03387 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go @@ -7,6 +7,11 @@ import ( "strings" ) +const ( + ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest" + ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest" +) + var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`) type partitions []partition @@ -102,6 +107,12 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( opt.Set(opts...) s, hasService := p.Services[service] + + if service == Ec2metadataServiceID && !hasService { + endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode) + return endpoint, nil + } + if len(service) == 0 || !(hasService || opt.ResolveUnknownService) { // Only return error if the resolver will not fallback to creating // endpoint based on service endpoint ID passed in. @@ -129,6 +140,31 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) ( return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt) } +func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint { + switch mode { + case EC2IMDSEndpointModeStateIPv6: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv6, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", + } + case EC2IMDSEndpointModeStateIPv4: + fallthrough + default: + return ResolvedEndpoint{ + URL: ec2MetadataEndpointIPv4, + PartitionID: partitionID, + SigningRegion: "aws-global", + SigningName: service, + SigningNameDerived: true, + SigningMethod: "v4", + } + } +} + func serviceList(ss services) []string { list := make([]string, 0, len(ss)) for k := range ss { @@ -178,14 +214,14 @@ type service struct { } func (s *service) endpointForRegion(region string) (endpoint, bool) { - if s.IsRegionalized == boxedFalse { - return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint - } - if e, ok := s.Endpoints[region]; ok { return e, true } + if s.IsRegionalized == boxedFalse { + return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint + } + // Unable to find any matching endpoint, return // blank that will be used for generic endpoint creation. return endpoint{}, false diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index d597c6ead5..fb0a68fce3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -129,12 +129,27 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers, httpReq, _ := http.NewRequest(method, "", nil) var err error - httpReq.URL, err = url.Parse(clientInfo.Endpoint + operation.HTTPPath) + httpReq.URL, err = url.Parse(clientInfo.Endpoint) if err != nil { httpReq.URL = &url.URL{} err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err) } + if len(operation.HTTPPath) != 0 { + opHTTPPath := operation.HTTPPath + var opQueryString string + if idx := strings.Index(opHTTPPath, "?"); idx >= 0 { + opQueryString = opHTTPPath[idx+1:] + opHTTPPath = opHTTPPath[:idx] + } + + if strings.HasSuffix(httpReq.URL.Path, "/") && strings.HasPrefix(opHTTPPath, "/") { + opHTTPPath = opHTTPPath[1:] + } + httpReq.URL.Path += opHTTPPath + httpReq.URL.RawQuery = opQueryString + } + r := &Request{ Config: cfg, ClientInfo: clientInfo, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index 3ddd4e5128..3efdac29ff 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -101,13 +101,6 @@ func resolveCredsFromProfile(cfg *aws.Config, sharedCfg.Creds, ) - case sharedCfg.hasSSOConfiguration(): - creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers) - - case len(sharedCfg.CredentialProcess) != 0: - // Get credentials from CredentialProcess - creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) - case len(sharedCfg.CredentialSource) != 0: creds, err = resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts, @@ -123,6 +116,13 @@ func resolveCredsFromProfile(cfg *aws.Config, sharedCfg.RoleSessionName, ) + case sharedCfg.hasSSOConfiguration(): + creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers) + + case len(sharedCfg.CredentialProcess) != 0: + // Get credentials from CredentialProcess + creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) + default: // Fallback to default credentials provider, include mock errors for // the credential chain so user can identify why credentials failed to diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go index 9419b518d5..43b56863e4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go @@ -283,7 +283,7 @@ component must be enclosed in square brackets. The custom EC2 IMDS endpoint can also be specified via the Session options. sess, err := session.NewSessionWithOptions(session.Options{ - EC2IMDSEndpoint: "http://[::1]", + EC2MetadataEndpoint: "http://[::1]", }) */ package session diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index 3cd5d4b5ae..fffe2f350c 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -161,10 +161,15 @@ type envConfig struct { // AWS_S3_USE_ARN_REGION=true S3UseARNRegion bool - // Specifies the alternative endpoint to use for EC2 IMDS. + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState } var ( @@ -231,6 +236,9 @@ var ( ec2IMDSEndpointEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT", } + ec2IMDSEndpointModeEnvKey = []string{ + "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -364,6 +372,9 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { } setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey) + if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { + return envConfig{}, err + } return cfg, nil } @@ -376,3 +387,17 @@ func setFromEnvVal(dst *string, keys []string) { } } } + +func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + if err := mode.SetFromString(value); err != nil { + return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err) + } + return nil + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 038ae222ff..4b2e057e93 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -283,8 +283,8 @@ type Options struct { Handlers request.Handlers // Allows specifying a custom endpoint to be used by the EC2 IMDS client - // when making requests to the EC2 IMDS API. The must endpoint value must - // include protocol prefix. + // when making requests to the EC2 IMDS API. The endpoint value should + // include the URI scheme. If the scheme is not present it will be defaulted to http. // // If unset, will the EC2 IMDS client will use its default endpoint. // @@ -298,6 +298,11 @@ type Options struct { // // AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1] EC2IMDSEndpoint string + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState } // NewSessionWithOptions returns a new Session created from SDK defaults, config files, @@ -375,19 +380,23 @@ func Must(sess *Session, err error) *Session { // Wraps the endpoint resolver with a resolver that will return a custom // endpoint for EC2 IMDS. -func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string) endpoints.Resolver { +func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver { return endpoints.ResolverFunc( func(service, region string, opts ...func(*endpoints.Options)) ( endpoints.ResolvedEndpoint, error, ) { - if service == ec2MetadataServiceID { + if service == ec2MetadataServiceID && len(endpoint) > 0 { return endpoints.ResolvedEndpoint{ URL: endpoint, SigningName: ec2MetadataServiceID, SigningRegion: region, }, nil + } else if service == ec2MetadataServiceID { + opts = append(opts, func(o *endpoints.Options) { + o.EC2MetadataEndpointMode = mode + }) } - return resolver.EndpointFor(service, region) + return resolver.EndpointFor(service, region, opts...) }) } @@ -404,8 +413,8 @@ func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session { cfg.EndpointResolver = endpoints.DefaultResolver() } - if len(envCfg.EC2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint) + if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode) } cfg.Credentials = defaults.CredChain(cfg, handlers) @@ -737,12 +746,32 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, endpoints.LegacyS3UsEast1Endpoint, }) - ec2IMDSEndpoint := sessOpts.EC2IMDSEndpoint - if len(ec2IMDSEndpoint) == 0 { - ec2IMDSEndpoint = envCfg.EC2IMDSEndpoint + var ec2IMDSEndpoint string + for _, v := range []string{ + sessOpts.EC2IMDSEndpoint, + envCfg.EC2IMDSEndpoint, + sharedCfg.EC2IMDSEndpoint, + } { + if len(v) != 0 { + ec2IMDSEndpoint = v + break + } } - if len(ec2IMDSEndpoint) != 0 { - cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint) + + var endpointMode endpoints.EC2IMDSEndpointModeState + for _, v := range []endpoints.EC2IMDSEndpointModeState{ + sessOpts.EC2IMDSEndpointMode, + envCfg.EC2IMDSEndpointMode, + sharedCfg.EC2IMDSEndpointMode, + } { + if v != endpoints.EC2IMDSEndpointModeStateUnset { + endpointMode = v + break + } + } + + if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset { + cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } // Configure credentials if not already set by the user when creating the diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index c3f38b6ec0..6830ece70f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -66,6 +66,12 @@ const ( // S3 ARN Region Usage s3UseARNRegionKey = "s3_use_arn_region" + + // EC2 IMDS Endpoint Mode + ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode" + + // EC2 IMDS Endpoint + ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" ) // sharedConfig represents the configuration fields of the SDK config files. @@ -145,6 +151,16 @@ type sharedConfig struct { // // s3_use_arn_region=true S3UseARNRegion bool + + // Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6) + // + // ec2_metadata_service_endpoint_mode=IPv6 + EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + + // Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode. + // + // ec2_metadata_service_endpoint=http://fd00:ec2::254 + EC2IMDSEndpoint string } type sharedConfigFile struct { @@ -334,6 +350,12 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.SSORegion, section, ssoRegionKey) updateString(&cfg.SSORoleName, section, ssoRoleNameKey) updateString(&cfg.SSOStartURL, section, ssoStartURL) + + if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil { + return fmt.Errorf("failed to load %s from shared config, %s, %v", + ec2MetadataServiceEndpointModeKey, file.Filename, err) + } + updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) } updateString(&cfg.CredentialProcess, section, credentialProcessKey) @@ -364,6 +386,14 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e return nil } +func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error { + if !section.Has(key) { + return nil + } + value := section.String(key) + return endpointMode.SetFromString(value) +} + func (cfg *sharedConfig) validateCredentialsConfig(profile string) error { if err := cfg.validateCredentialsRequireARN(profile); err != nil { return err @@ -401,7 +431,6 @@ func (cfg *sharedConfig) validateCredentialType() error { len(cfg.CredentialSource) != 0, len(cfg.CredentialProcess) != 0, len(cfg.WebIdentityTokenFile) != 0, - cfg.hasSSOConfiguration(), ) { return ErrSharedConfigSourceCollision } @@ -459,6 +488,10 @@ func (cfg *sharedConfig) clearCredentialOptions() { cfg.CredentialProcess = "" cfg.WebIdentityTokenFile = "" cfg.Creds = credentials.Value{} + cfg.SSOAccountID = "" + cfg.SSORegion = "" + cfg.SSORoleName = "" + cfg.SSOStartURL = "" } func (cfg *sharedConfig) clearAssumeRoleOptions() { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go index 07ea799fbd..9937538317 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go @@ -34,23 +34,23 @@ func (m mapRule) IsValid(value string) bool { return ok } -// whitelist is a generic rule for whitelisting -type whitelist struct { +// allowList is a generic rule for allow listing +type allowList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (w whitelist) IsValid(value string) bool { +// IsValid for allow list checks if the value is within the allow list +func (w allowList) IsValid(value string) bool { return w.rule.IsValid(value) } -// blacklist is a generic rule for blacklisting -type blacklist struct { +// excludeList is a generic rule for exclude listing +type excludeList struct { rule } -// IsValid for whitelist checks if the value is within the whitelist -func (b blacklist) IsValid(value string) bool { +// IsValid for exclude list checks if the value is within the exclude list +func (b excludeList) IsValid(value string) bool { return !b.rule.IsValid(value) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 1737c2686d..c1949859ad 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -90,7 +90,7 @@ const ( ) var ignoredHeaders = rules{ - blacklist{ + excludeList{ mapRule{ authorizationHeader: struct{}{}, "User-Agent": struct{}{}, @@ -99,9 +99,9 @@ var ignoredHeaders = rules{ }, } -// requiredSignedHeaders is a whitelist for build canonical headers. +// requiredSignedHeaders is a allow list for build canonical headers. var requiredSignedHeaders = rules{ - whitelist{ + allowList{ mapRule{ "Cache-Control": struct{}{}, "Content-Disposition": struct{}{}, @@ -145,12 +145,13 @@ var requiredSignedHeaders = rules{ }, }, patterns{"X-Amz-Meta-"}, + patterns{"X-Amz-Object-Lock-"}, } -// allowedHoisting is a whitelist for build query headers. The boolean value +// allowedHoisting is a allow list for build query headers. The boolean value // represents whether or not it is a pattern. var allowedQueryHoisting = inclusiveRules{ - blacklist{requiredSignedHeaders}, + excludeList{requiredSignedHeaders}, patterns{"X-Amz-"}, } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 229c12a4d0..67d08198eb 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.38.29" +const SDKVersion = "1.40.0" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go index 25ce0fe134..1e55bbd07b 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go @@ -13,17 +13,30 @@ // } // // Below is the BNF that describes this parser -// Grammar: -// stmt -> value stmt' -// stmt' -> epsilon | op stmt -// value -> number | string | boolean | quoted_string +// Grammar: +// stmt -> section | stmt' +// stmt' -> epsilon | expr +// expr -> value (stmt)* | equal_expr (stmt)* +// equal_expr -> value ( ':' | '=' ) equal_expr' +// equal_expr' -> number | string | quoted_string +// quoted_string -> " quoted_string' +// quoted_string' -> string quoted_string_end +// quoted_string_end -> " // -// section -> [ section' -// section' -> value section_close -// section_close -> ] +// section -> [ section' +// section' -> section_value section_close +// section_value -> number | string_subset | boolean | quoted_string_subset +// quoted_string_subset -> " quoted_string_subset' +// quoted_string_subset' -> string_subset quoted_string_end +// quoted_string_subset -> " +// section_close -> ] // -// SkipState will skip (NL WS)+ +// value -> number | string_subset | boolean +// string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ? +// string_subset -> ? Code-points excepted by grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ? // -// comment -> # comment' | ; comment' -// comment' -> epsilon | value +// SkipState will skip (NL WS)+ +// +// comment -> # comment' | ; comment' +// comment' -> epsilon | value package ini diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index 55fa73ebcf..0ba319491c 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go @@ -5,9 +5,12 @@ import ( "io" ) +// ParseState represents the current state of the parser. +type ParseState uint + // State enums for the parse table const ( - InvalidState = iota + InvalidState ParseState = iota // stmt -> value stmt' StatementState // stmt' -> MarkComplete | op stmt @@ -36,8 +39,8 @@ const ( ) // parseTable is a state machine to dictate the grammar above. -var parseTable = map[ASTKind]map[TokenType]int{ - ASTKindStart: map[TokenType]int{ +var parseTable = map[ASTKind]map[TokenType]ParseState{ + ASTKindStart: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -45,7 +48,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: TerminalState, }, - ASTKindCommentStatement: map[TokenType]int{ + ASTKindCommentStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -53,7 +56,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExpr: map[TokenType]int{ + ASTKindExpr: { TokenOp: StatementPrimeState, TokenLit: ValueState, TokenSep: OpenScopeState, @@ -62,13 +65,15 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindEqualExpr: map[TokenType]int{ - TokenLit: ValueState, - TokenWS: SkipTokenState, - TokenNL: SkipState, - TokenNone: SkipState, + ASTKindEqualExpr: { + TokenLit: ValueState, + TokenSep: ValueState, + TokenOp: ValueState, + TokenWS: SkipTokenState, + TokenNL: SkipState, + TokenNone: SkipState, }, - ASTKindStatement: map[TokenType]int{ + ASTKindStatement: { TokenLit: SectionState, TokenSep: CloseScopeState, TokenWS: SkipTokenState, @@ -76,9 +81,9 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindExprStatement: map[TokenType]int{ + ASTKindExprStatement: { TokenLit: ValueState, - TokenSep: OpenScopeState, + TokenSep: ValueState, TokenOp: ValueState, TokenWS: ValueState, TokenNL: MarkCompleteState, @@ -86,14 +91,14 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenNone: TerminalState, TokenComma: SkipState, }, - ASTKindSectionStatement: map[TokenType]int{ + ASTKindSectionStatement: { TokenLit: SectionState, TokenOp: SectionState, TokenSep: CloseScopeState, TokenWS: SectionState, TokenNL: SkipTokenState, }, - ASTKindCompletedSectionStatement: map[TokenType]int{ + ASTKindCompletedSectionStatement: { TokenWS: SkipTokenState, TokenNL: SkipTokenState, TokenLit: StatementState, @@ -101,7 +106,7 @@ var parseTable = map[ASTKind]map[TokenType]int{ TokenComment: CommentState, TokenNone: MarkCompleteState, }, - ASTKindSkipStatement: map[TokenType]int{ + ASTKindSkipStatement: { TokenLit: StatementState, TokenSep: OpenScopeState, TokenWS: SkipTokenState, @@ -205,18 +210,6 @@ loop: case ValueState: // ValueState requires the previous state to either be an equal expression // or an expression statement. - // - // This grammar occurs when the RHS is a number, word, or quoted string. - // equal_expr -> lit op equal_expr' - // equal_expr' -> number | string | quoted_string - // quoted_string -> " quoted_string' - // quoted_string' -> string quoted_string_end - // quoted_string_end -> " - // - // otherwise - // expr_stmt -> equal_expr (expr_stmt')* - // expr_stmt' -> ws S | op S | MarkComplete - // S -> equal_expr' expr_stmt' switch k.Kind { case ASTKindEqualExpr: // assigning a value to some key @@ -243,7 +236,7 @@ loop: } children[len(children)-1] = rhs - k.SetChildren(children) + root.SetChildren(children) stack.Push(k) } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 94841c3244..081cf43342 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -50,7 +50,10 @@ func (v *DefaultVisitor) VisitExpr(expr AST) error { rhs := children[1] - if rhs.Root.Type() != TokenLit { + // The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values. + // If the token is not either a literal or one of the token types that identifies those four additional + // tokens then error. + if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) { return NewParseError("unexpected token type") } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go index 3079e4ab0e..216c4baabf 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/arn.go @@ -48,6 +48,10 @@ func ParseResource(s string, resParser ResourceParser) (resARN Resource, err err return nil, InvalidARNError{ARN: a, Reason: "service is not supported"} } + if strings.HasPrefix(a.Region, "fips-") || strings.HasSuffix(a.Region, "-fips") { + return nil, InvalidARNError{ARN: a, Reason: "FIPS region not allowed in ARN"} + } + if len(a.Resource) == 0 { return nil, InvalidARNError{ARN: a, Reason: "resource not set"} } diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go index e756b2f873..4290ff6760 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go @@ -71,6 +71,8 @@ func NewInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error } // NewInvalidARNWithFIPSError ARN not supported for FIPS region +// +// Deprecated: FIPS will not appear in the ARN region component. func NewInvalidARNWithFIPSError(resource arn.Resource, err error) InvalidARNError { return InvalidARNError{ message: "resource ARN not supported for FIPS region", @@ -155,6 +157,17 @@ func NewClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, c } } +// NewFIPSConfigurationError denotes a configuration error when a client or request is configured for FIPS +func NewFIPSConfigurationError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError { + return ConfigurationError{ + message: "use of ARN is not supported when client or request is configured for FIPS", + origErr: err, + resource: resource, + clientPartitionID: clientPartitionID, + clientRegion: clientRegion, + } +} + // NewClientConfiguredForAccelerateError denotes client config error for unsupported S3 accelerate func NewClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError { return ConfigurationError{ diff --git a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go index 9f70a64ecf..2091ba6ba3 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go @@ -31,6 +31,8 @@ func (r ResourceRequest) UseFIPS() bool { } // ResourceConfiguredForFIPS returns true if resource ARNs region is FIPS +// +// Deprecated: FIPS pseudo-regions will not be in the ARN func (r ResourceRequest) ResourceConfiguredForFIPS() bool { return IsFIPS(r.ARN().Region) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index 1301b149d3..fb35fee5fe 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go @@ -98,7 +98,7 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo // Support the ability to customize values to be marshaled as a // blob even though they were modeled as a string. Required for S3 - // API operations like SSECustomerKey is modeled as stirng but + // API operations like SSECustomerKey is modeled as string but // required to be base64 encoded in request. if field.Tag.Get("marshal-as") == "blob" { m = m.Convert(byteSliceType) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go index 98f4caed91..d486a4c2a0 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go @@ -1,6 +1,8 @@ package protocol import ( + "bytes" + "fmt" "math" "strconv" "time" @@ -19,7 +21,9 @@ const ( // Output time is intended to not contain decimals const ( // RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT - RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDay = "Mon, _2 Jan 2006 15:04:05 GMT" + rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT" // This format is used for output time without seconds precision RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" @@ -67,10 +71,20 @@ func FormatTime(name string, t time.Time) string { // the time if it was able to be parsed, and fails otherwise. func ParseTime(formatName, value string) (time.Time, error) { switch formatName { - case RFC822TimeFormatName: - return time.Parse(RFC822TimeFormat, value) - case ISO8601TimeFormatName: - return time.Parse(ISO8601TimeFormat, value) + case RFC822TimeFormatName: // Smithy HTTPDate format + return tryParse(value, + RFC822TimeFormat, + rfc822TimeFormatSingleDigitDay, + rfc822TimeFormatSingleDigitDayTwoDigitYear, + time.RFC850, + time.ANSIC, + ) + case ISO8601TimeFormatName: // Smithy DateTime format + return tryParse(value, + ISO8601TimeFormat, + time.RFC3339Nano, + time.RFC3339, + ) case UnixTimeFormatName: v, err := strconv.ParseFloat(value, 64) _, dec := math.Modf(v) @@ -83,3 +97,36 @@ func ParseTime(formatName, value string) (time.Time, error) { panic("unknown timestamp format name, " + formatName) } } + +func tryParse(v string, formats ...string) (time.Time, error) { + var errs parseErrors + for _, f := range formats { + t, err := time.Parse(f, v) + if err != nil { + errs = append(errs, parseError{ + Format: f, + Err: err, + }) + continue + } + return t, nil + } + + return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs) +} + +type parseErrors []parseError + +func (es parseErrors) Error() string { + var s bytes.Buffer + for _, e := range es { + fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err) + } + + return "parse errors:" + s.String() +} + +type parseError struct { + Format string + Err error +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go index 09ad951595..2fbb93ae76 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go @@ -308,6 +308,8 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl if tag.Get("xmlAttribute") != "" { // put into current node's attribute list attr := xml.Attr{Name: xname, Value: str} current.Attr = append(current.Attr, attr) + } else if len(xname.Local) == 0 { + current.Text = str } else { // regular text node current.AddChild(&XMLNode{Name: xname, Text: str}) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go index 42f71648ee..c85b79fddd 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go @@ -18,6 +18,14 @@ type XMLNode struct { parent *XMLNode } +// textEncoder is a string type alias that implemnts the TextMarshaler interface. +// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped. +type textEncoder string + +func (t textEncoder) MarshalText() ([]byte, error) { + return []byte(t), nil +} + // NewXMLElement returns a pointer to a new XMLNode initialized to default values. func NewXMLElement(name xml.Name) *XMLNode { return &XMLNode{ @@ -130,11 +138,16 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { attrs = sortedAttrs } - e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs}) + startElement := xml.StartElement{Name: node.Name, Attr: attrs} if node.Text != "" { - e.EncodeToken(xml.CharData([]byte(node.Text))) - } else if sorted { + e.EncodeElement(textEncoder(node.Text), startElement) + return e.Flush() + } + + e.EncodeToken(startElement) + + if sorted { sortedNames := []string{} for k := range node.Children { sortedNames = append(sortedNames, k) @@ -154,6 +167,7 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { } } - e.EncodeToken(xml.EndElement{Name: node.Name}) + e.EncodeToken(startElement.End()) + return e.Flush() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go index 33dcca64fe..10a4a166f0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go @@ -530,9 +530,9 @@ func (c *AutoScaling) CancelInstanceRefreshRequest(input *CancelInstanceRefreshI // roll back any replacements that have already been completed, but it prevents // new replacements from being started. // -// For more information, see Replacing Auto Scaling instances based on an instance -// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) -// in the Amazon EC2 Auto Scaling User Guide. +// This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto +// Scaling group after you make configuration changes. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1655,6 +1655,9 @@ func (c *AutoScaling) DeleteWarmPoolRequest(input *DeleteWarmPoolInput) (req *re // // Deletes the warm pool for the specified Auto Scaling group. // +// For more information, see Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) +// in the Amazon EC2 Auto Scaling User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1746,11 +1749,12 @@ func (c *AutoScaling) DescribeAccountLimitsRequest(input *DescribeAccountLimitsI // DescribeAccountLimits API operation for Auto Scaling. // -// Describes the current Amazon EC2 Auto Scaling resource quotas for your AWS -// account. +// Describes the current Amazon EC2 Auto Scaling resource quotas for your account. // -// For information about requesting an increase, see Amazon EC2 Auto Scaling -// service quotas (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) +// When you establish an account, the account has initial quotas on the maximum +// number of Auto Scaling groups and launch configurations that you can create +// in a given Region. For more information, see Amazon EC2 Auto Scaling service +// quotas (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-account-limits.html) // in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1831,9 +1835,8 @@ func (c *AutoScaling) DescribeAdjustmentTypesRequest(input *DescribeAdjustmentTy // DescribeAdjustmentTypes API operation for Auto Scaling. // -// Describes the available adjustment types for Amazon EC2 Auto Scaling scaling -// policies. These settings apply to step scaling policies and simple scaling -// policies; they do not apply to target tracking scaling policies. +// Describes the available adjustment types for step scaling and simple scaling +// policies. // // The following adjustment types are supported: // @@ -1927,7 +1930,11 @@ func (c *AutoScaling) DescribeAutoScalingGroupsRequest(input *DescribeAutoScalin // DescribeAutoScalingGroups API operation for Auto Scaling. // -// Describes one or more Auto Scaling groups. +// Gets information about the Auto Scaling groups in the account and Region. +// +// This operation returns information about instances in Auto Scaling groups. +// To retrieve information about the instances in a warm pool, you must call +// the DescribeWarmPool API. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2068,7 +2075,7 @@ func (c *AutoScaling) DescribeAutoScalingInstancesRequest(input *DescribeAutoSca // DescribeAutoScalingInstances API operation for Auto Scaling. // -// Describes one or more Auto Scaling instances. +// Gets information about the Auto Scaling instances in the account and Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2283,9 +2290,19 @@ func (c *AutoScaling) DescribeInstanceRefreshesRequest(input *DescribeInstanceRe // DescribeInstanceRefreshes API operation for Auto Scaling. // -// Describes one or more instance refreshes. +// Gets information about the instance refreshes for the specified Auto Scaling +// group. +// +// This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto +// Scaling group after you make configuration changes. +// +// To help you determine the status of an instance refresh, this operation returns +// information about the instance refreshes you previously initiated, including +// their status, end time, the percentage of the instance refresh that is complete, +// and the number of instances remaining to update before the instance refresh +// is complete. // -// You can determine the status of a request by looking at the Status parameter. // The following are the possible statuses: // // * Pending - The request was created, but the operation has not started. @@ -2303,10 +2320,6 @@ func (c *AutoScaling) DescribeInstanceRefreshesRequest(input *DescribeInstanceRe // // * Cancelled - The operation is cancelled. // -// For more information, see Replacing Auto Scaling instances based on an instance -// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) -// in the Amazon EC2 Auto Scaling User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2394,7 +2407,7 @@ func (c *AutoScaling) DescribeLaunchConfigurationsRequest(input *DescribeLaunchC // DescribeLaunchConfigurations API operation for Auto Scaling. // -// Describes one or more launch configurations. +// Gets information about the launch configurations in the account and Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2615,7 +2628,8 @@ func (c *AutoScaling) DescribeLifecycleHooksRequest(input *DescribeLifecycleHook // DescribeLifecycleHooks API operation for Auto Scaling. // -// Describes the lifecycle hooks for the specified Auto Scaling group. +// Gets information about the lifecycle hooks for the specified Auto Scaling +// group. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2695,7 +2709,30 @@ func (c *AutoScaling) DescribeLoadBalancerTargetGroupsRequest(input *DescribeLoa // DescribeLoadBalancerTargetGroups API operation for Auto Scaling. // -// Describes the target groups for the specified Auto Scaling group. +// Gets information about the load balancer target groups for the specified +// Auto Scaling group. +// +// To determine the availability of registered instances, use the State element +// in the response. When you attach a target group to an Auto Scaling group, +// the initial State value is Adding. The state transitions to Added after all +// Auto Scaling instances are registered with the target group. If Elastic Load +// Balancing health checks are enabled for the Auto Scaling group, the state +// transitions to InService after at least one Auto Scaling instance passes +// the health check. When the target group is in the InService state, Amazon +// EC2 Auto Scaling can terminate and replace any instances that are reported +// as unhealthy. If no registered instances pass the health checks, the target +// group doesn't enter the InService state. +// +// Target groups also have an InService state if you attach them in the CreateAutoScalingGroup +// API call. If your target group state is InService, but it is not working +// properly, check the scaling activities by calling DescribeScalingActivities +// and take any corrective actions necessary. +// +// For help with failed health checks, see Troubleshooting Amazon EC2 Auto Scaling: +// Health checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html) +// in the Amazon EC2 Auto Scaling User Guide. For more information, see Elastic +// Load Balancing and Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2775,12 +2812,35 @@ func (c *AutoScaling) DescribeLoadBalancersRequest(input *DescribeLoadBalancersI // DescribeLoadBalancers API operation for Auto Scaling. // -// Describes the load balancers for the specified Auto Scaling group. +// Gets information about the load balancers for the specified Auto Scaling +// group. // // This operation describes only Classic Load Balancers. If you have Application // Load Balancers, Network Load Balancers, or Gateway Load Balancers, use the // DescribeLoadBalancerTargetGroups API instead. // +// To determine the availability of registered instances, use the State element +// in the response. When you attach a load balancer to an Auto Scaling group, +// the initial State value is Adding. The state transitions to Added after all +// Auto Scaling instances are registered with the load balancer. If Elastic +// Load Balancing health checks are enabled for the Auto Scaling group, the +// state transitions to InService after at least one Auto Scaling instance passes +// the health check. When the load balancer is in the InService state, Amazon +// EC2 Auto Scaling can terminate and replace any instances that are reported +// as unhealthy. If no registered instances pass the health checks, the load +// balancer doesn't enter the InService state. +// +// Load balancers also have an InService state if you attach them in the CreateAutoScalingGroup +// API call. If your load balancer state is InService, but it is not working +// properly, check the scaling activities by calling DescribeScalingActivities +// and take any corrective actions necessary. +// +// For help with failed health checks, see Troubleshooting Amazon EC2 Auto Scaling: +// Health checks (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html) +// in the Amazon EC2 Auto Scaling User Guide. For more information, see Elastic +// Load Balancing and Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) +// in the Amazon EC2 Auto Scaling User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2948,8 +3008,8 @@ func (c *AutoScaling) DescribeNotificationConfigurationsRequest(input *DescribeN // DescribeNotificationConfigurations API operation for Auto Scaling. // -// Describes the notification actions associated with the specified Auto Scaling -// group. +// Gets information about the Amazon SNS notifications that are configured for +// one or more Auto Scaling groups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3090,7 +3150,7 @@ func (c *AutoScaling) DescribePoliciesRequest(input *DescribePoliciesInput) (req // DescribePolicies API operation for Auto Scaling. // -// Describes the policies for the specified Auto Scaling group. +// Gets information about the scaling policies in the account and Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3234,12 +3294,18 @@ func (c *AutoScaling) DescribeScalingActivitiesRequest(input *DescribeScalingAct // DescribeScalingActivities API operation for Auto Scaling. // -// Describes one or more scaling activities for the specified Auto Scaling group. +// Gets information about the scaling activities in the account and Region. // -// To view the scaling activities from the Amazon EC2 Auto Scaling console, -// choose the Activity tab of the Auto Scaling group. When scaling events occur, -// you see scaling activity messages in the Activity history. For more information, -// see Verifying a scaling activity for an Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html) +// When scaling events occur, you see a record of the scaling activity in the +// scaling activities. For more information, see Verifying a scaling activity +// for an Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html) +// in the Amazon EC2 Auto Scaling User Guide. +// +// If the scaling event succeeds, the value of the StatusCode element in the +// response is Successful. If an attempt to launch instances failed, the StatusCode +// value is Failed or Cancelled and the StatusMessage element in the response +// indicates the cause of the failure. For help interpreting the StatusMessage, +// see Troubleshooting Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/CHAP_Troubleshooting.html) // in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3462,9 +3528,11 @@ func (c *AutoScaling) DescribeScheduledActionsRequest(input *DescribeScheduledAc // DescribeScheduledActions API operation for Auto Scaling. // -// Describes the actions scheduled for your Auto Scaling group that haven't -// run or that have not reached their end time. To describe the actions that -// have already run, call the DescribeScalingActivities API. +// Gets information about the scheduled actions that haven't run or that have +// not reached their end time. +// +// To describe the scaling activities for scheduled actions that have already +// run, call the DescribeScalingActivities API. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3836,7 +3904,10 @@ func (c *AutoScaling) DescribeWarmPoolRequest(input *DescribeWarmPoolInput) (req // DescribeWarmPool API operation for Auto Scaling. // -// Describes a warm pool and its instances. +// Gets information about a warm pool and its instances. +// +// For more information, see Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4578,6 +4649,99 @@ func (c *AutoScaling) ExitStandbyWithContext(ctx aws.Context, input *ExitStandby return out, req.Send() } +const opGetPredictiveScalingForecast = "GetPredictiveScalingForecast" + +// GetPredictiveScalingForecastRequest generates a "aws/request.Request" representing the +// client's request for the GetPredictiveScalingForecast operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetPredictiveScalingForecast for more information on using the GetPredictiveScalingForecast +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetPredictiveScalingForecastRequest method. +// req, resp := client.GetPredictiveScalingForecastRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01/GetPredictiveScalingForecast +func (c *AutoScaling) GetPredictiveScalingForecastRequest(input *GetPredictiveScalingForecastInput) (req *request.Request, output *GetPredictiveScalingForecastOutput) { + op := &request.Operation{ + Name: opGetPredictiveScalingForecast, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetPredictiveScalingForecastInput{} + } + + output = &GetPredictiveScalingForecastOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetPredictiveScalingForecast API operation for Auto Scaling. +// +// Retrieves the forecast data for a predictive scaling policy. +// +// Load forecasts are predictions of the hourly load values using historical +// load data from CloudWatch and an analysis of historical trends. Capacity +// forecasts are represented as predicted values for the minimum capacity that +// is needed on an hourly basis, based on the hourly load forecast. +// +// A minimum of 24 hours of data is required to create the initial forecasts. +// However, having a full 14 days of historical data results in more accurate +// forecasts. +// +// For more information, see Predictive scaling for Amazon EC2 Auto Scaling +// (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html) +// in the Amazon EC2 Auto Scaling User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Auto Scaling's +// API operation GetPredictiveScalingForecast for usage and error information. +// +// Returned Error Codes: +// * ErrCodeResourceContentionFault "ResourceContention" +// You already have a pending update to an Amazon EC2 Auto Scaling resource +// (for example, an Auto Scaling group, instance, or load balancer). +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01/GetPredictiveScalingForecast +func (c *AutoScaling) GetPredictiveScalingForecast(input *GetPredictiveScalingForecastInput) (*GetPredictiveScalingForecastOutput, error) { + req, out := c.GetPredictiveScalingForecastRequest(input) + return out, req.Send() +} + +// GetPredictiveScalingForecastWithContext is the same as GetPredictiveScalingForecast with the addition of +// the ability to pass a context and additional request options. +// +// See GetPredictiveScalingForecast for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AutoScaling) GetPredictiveScalingForecastWithContext(ctx aws.Context, input *GetPredictiveScalingForecastInput, opts ...request.Option) (*GetPredictiveScalingForecastOutput, error) { + req, out := c.GetPredictiveScalingForecastRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opPutLifecycleHook = "PutLifecycleHook" // PutLifecycleHookRequest generates a "aws/request.Request" representing the @@ -4845,13 +5009,24 @@ func (c *AutoScaling) PutScalingPolicyRequest(input *PutScalingPolicyInput) (req // PutScalingPolicy API operation for Auto Scaling. // -// Creates or updates a scaling policy for an Auto Scaling group. +// Creates or updates a scaling policy for an Auto Scaling group. Scaling policies +// are used to scale an Auto Scaling group based on configurable metrics. If +// no policies are defined, the dynamic scaling and predictive scaling features +// are not used. // -// For more information about using scaling policies to scale your Auto Scaling -// group, see Target tracking scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html) +// For more information about using dynamic scaling, see Target tracking scaling +// policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html) // and Step and simple scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html) // in the Amazon EC2 Auto Scaling User Guide. // +// For more information about using predictive scaling, see Predictive scaling +// for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-predictive-scaling.html) +// in the Amazon EC2 Auto Scaling User Guide. +// +// You can view the scaling policies for an Auto Scaling group using the DescribePolicies +// API call. If you are no longer using a scaling policy, you can delete it +// by calling the DeletePolicy API. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4945,6 +5120,10 @@ func (c *AutoScaling) PutScheduledUpdateGroupActionRequest(input *PutScheduledUp // For more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html) // in the Amazon EC2 Auto Scaling User Guide. // +// You can view the scheduled actions for an Auto Scaling group using the DescribeScheduledActions +// API call. If you are no longer using a scheduled action, you can delete it +// by calling the DeleteScheduledAction API. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5034,11 +5213,12 @@ func (c *AutoScaling) PutWarmPoolRequest(input *PutWarmPoolInput) (req *request. // PutWarmPool API operation for Auto Scaling. // -// Adds a warm pool to the specified Auto Scaling group. A warm pool is a pool -// of pre-initialized EC2 instances that sits alongside the Auto Scaling group. -// Whenever your application needs to scale out, the Auto Scaling group can -// draw on the warm pool to meet its new desired capacity. For more information, -// see Warm pools for Amazon EC2 Auto Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) +// Creates or updates a warm pool for the specified Auto Scaling group. A warm +// pool is a pool of pre-initialized EC2 instances that sits alongside the Auto +// Scaling group. Whenever your application needs to scale out, the Auto Scaling +// group can draw on the warm pool to meet its new desired capacity. For more +// information and example configurations, see Warm pools for Amazon EC2 Auto +// Scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html) // in the Amazon EC2 Auto Scaling User Guide. // // This operation must be called from the Region in which the Auto Scaling group @@ -5603,16 +5783,16 @@ func (c *AutoScaling) StartInstanceRefreshRequest(input *StartInstanceRefreshInp // of previously launched instances in the Auto Scaling group with a new group // of instances. // -// If successful, this call creates a new instance refresh request with a unique +// This operation is part of the instance refresh feature (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in Amazon EC2 Auto Scaling, which helps you update instances in your Auto +// Scaling group after you make configuration changes. +// +// If the call succeeds, it creates a new instance refresh request with a unique // ID that you can use to track its progress. To query its status, call the // DescribeInstanceRefreshes API. To describe the instance refreshes that have // already run, call the DescribeInstanceRefreshes API. To cancel an instance // refresh operation in progress, use the CancelInstanceRefresh API. // -// For more information, see Replacing Auto Scaling instances based on an instance -// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) -// in the Amazon EC2 Auto Scaling User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6698,6 +6878,45 @@ func (s *CancelInstanceRefreshOutput) SetInstanceRefreshId(v string) *CancelInst return s } +// A GetPredictiveScalingForecast call returns the capacity forecast for a predictive +// scaling policy. This structure includes the data points for that capacity +// forecast, along with the timestamps of those data points. +type CapacityForecast struct { + _ struct{} `type:"structure"` + + // The time stamps for the data points, in UTC format. + // + // Timestamps is a required field + Timestamps []*time.Time `type:"list" required:"true"` + + // The values of the data points. + // + // Values is a required field + Values []*float64 `type:"list" required:"true"` +} + +// String returns the string representation +func (s CapacityForecast) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CapacityForecast) GoString() string { + return s.String() +} + +// SetTimestamps sets the Timestamps field's value. +func (s *CapacityForecast) SetTimestamps(v []*time.Time) *CapacityForecast { + s.Timestamps = v + return s +} + +// SetValues sets the Values field's value. +func (s *CapacityForecast) SetValues(v []*float64) *CapacityForecast { + s.Values = v + return s +} + type CompleteLifecycleActionInput struct { _ struct{} `type:"structure"` @@ -6837,6 +7056,9 @@ type CreateAutoScalingGroupInput struct { // in the Amazon EC2 Auto Scaling User Guide. CapacityRebalance *bool `type:"boolean"` + // Reserved. + Context *string `type:"string"` + // The amount of time, in seconds, after a scaling activity completes before // another scaling activity can start. The default value is 300. This setting // applies when using simple scaling policies, but not when using other scaling @@ -6962,8 +7184,8 @@ type CreateAutoScalingGroupInput struct { PlacementGroup *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling - // group uses to call other AWS services on your behalf. By default, Amazon - // EC2 Auto Scaling uses a service-linked role named AWSServiceRoleForAutoScaling, + // group uses to call other Amazon Web Services on your behalf. By default, + // Amazon EC2 Auto Scaling uses a service-linked role named AWSServiceRoleForAutoScaling, // which it creates if it does not exist. For more information, see Service-linked // roles (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) // in the Amazon EC2 Auto Scaling User Guide. @@ -7101,6 +7323,12 @@ func (s *CreateAutoScalingGroupInput) SetCapacityRebalance(v bool) *CreateAutoSc return s } +// SetContext sets the Context field's value. +func (s *CreateAutoScalingGroupInput) SetContext(v string) *CreateAutoScalingGroupInput { + s.Context = &v + return s +} + // SetDefaultCooldown sets the DefaultCooldown field's value. func (s *CreateAutoScalingGroupInput) SetDefaultCooldown(v int64) *CreateAutoScalingGroupInput { s.DefaultCooldown = &v @@ -8264,10 +8492,10 @@ type DeleteWarmPoolInput struct { // AutoScalingGroupName is a required field AutoScalingGroupName *string `min:"1" type:"string" required:"true"` - // Specifies that the warm pool is to be deleted along with all instances associated - // with the warm pool, without waiting for all instances to be terminated. This - // parameter also deletes any outstanding lifecycle actions associated with - // the warm pool instances. + // Specifies that the warm pool is to be deleted along with all of its associated + // instances, without waiting for all instances to be terminated. This parameter + // also deletes any outstanding lifecycle actions associated with the warm pool + // instances. ForceDelete *bool `type:"boolean"` } @@ -8340,18 +8568,18 @@ func (s DescribeAccountLimitsInput) GoString() string { type DescribeAccountLimitsOutput struct { _ struct{} `type:"structure"` - // The maximum number of groups allowed for your AWS account. The default is - // 200 groups per AWS Region. + // The maximum number of groups allowed for your account. The default is 200 + // groups per Region. MaxNumberOfAutoScalingGroups *int64 `type:"integer"` - // The maximum number of launch configurations allowed for your AWS account. - // The default is 200 launch configurations per AWS Region. + // The maximum number of launch configurations allowed for your account. The + // default is 200 launch configurations per Region. MaxNumberOfLaunchConfigurations *int64 `type:"integer"` - // The current number of groups for your AWS account. + // The current number of groups for your account. NumberOfAutoScalingGroups *int64 `type:"integer"` - // The current number of launch configurations for your AWS account. + // The current number of launch configurations for your account. NumberOfLaunchConfigurations *int64 `type:"integer"` } @@ -8513,9 +8741,11 @@ func (s *DescribeAutoScalingGroupsOutput) SetNextToken(v string) *DescribeAutoSc type DescribeAutoScalingInstancesInput struct { _ struct{} `type:"structure"` - // The IDs of the instances. You can specify up to MaxRecords IDs. If you omit - // this parameter, all Auto Scaling instances are described. If you specify - // an ID that does not exist, it is ignored with no error. + // The IDs of the instances. If you omit this parameter, all Auto Scaling instances + // are described. If you specify an ID that does not exist, it is ignored with + // no error. + // + // Array Members: Maximum number of 50 items. InstanceIds []*string `type:"list"` // The maximum number of items to return with this call. The default value is @@ -8737,6 +8967,8 @@ type DescribeLaunchConfigurationsInput struct { // The launch configuration names. If you omit this parameter, all launch configurations // are described. + // + // Array Members: Maximum number of 50 items. LaunchConfigurationNames []*string `type:"list"` // The maximum number of items to return with this call. The default value is @@ -9258,12 +9490,13 @@ type DescribePoliciesInput struct { // The names of one or more policies. If you omit this parameter, all policies // are described. If a group name is provided, the results are limited to that - // group. This list is limited to 50 items. If you specify an unknown policy - // name, it is ignored with no error. + // group. If you specify an unknown policy name, it is ignored with no error. + // + // Array Members: Maximum number of 50 items. PolicyNames []*string `type:"list"` // One or more policy types. The valid values are SimpleScaling, StepScaling, - // and TargetTrackingScaling. + // TargetTrackingScaling, and PredictiveScaling. PolicyTypes []*string `type:"list"` } @@ -9358,11 +9591,12 @@ func (s *DescribePoliciesOutput) SetScalingPolicies(v []*ScalingPolicy) *Describ type DescribeScalingActivitiesInput struct { _ struct{} `type:"structure"` - // The activity IDs of the desired scaling activities. You can specify up to - // 50 IDs. If you omit this parameter, all activities for the past six weeks - // are described. If unknown activities are requested, they are ignored with - // no error. If you specify an Auto Scaling group, the results are limited to - // that group. + // The activity IDs of the desired scaling activities. If you omit this parameter, + // all activities for the past six weeks are described. If unknown activities + // are requested, they are ignored with no error. If you specify an Auto Scaling + // group, the results are limited to that group. + // + // Array Members: Maximum number of 50 IDs. ActivityIds []*string `type:"list"` // The name of the Auto Scaling group. @@ -9526,9 +9760,11 @@ type DescribeScheduledActionsInput struct { // a previous call.) NextToken *string `type:"string"` - // The names of one or more scheduled actions. You can specify up to 50 actions. - // If you omit this parameter, all scheduled actions are described. If you specify - // an unknown scheduled action, it is ignored with no error. + // The names of one or more scheduled actions. If you omit this parameter, all + // scheduled actions are described. If you specify an unknown scheduled action, + // it is ignored with no error. + // + // Array Members: Maximum number of 50 actions. ScheduledActionNames []*string `type:"list"` // The earliest scheduled start time to return. If scheduled action names are @@ -10202,15 +10438,16 @@ type Ebs struct { // If you are creating a volume from a snapshot, you cannot specify an encryption // value. Volumes that are created from encrypted snapshots are automatically // encrypted, and volumes that are created from unencrypted snapshots are automatically - // unencrypted. By default, encrypted snapshots use the AWS managed CMK that - // is used for EBS encryption, but you can specify a custom CMK when you create - // the snapshot. The ability to encrypt a snapshot during copying also allows - // you to apply a new CMK to an already-encrypted snapshot. Volumes restored - // from the resulting copy are only accessible using the new CMK. + // unencrypted. By default, encrypted snapshots use the Amazon Web Services + // managed CMK that is used for EBS encryption, but you can specify a custom + // CMK when you create the snapshot. The ability to encrypt a snapshot during + // copying also allows you to apply a new CMK to an already-encrypted snapshot. + // Volumes restored from the resulting copy are only accessible using the new + // CMK. // // Enabling encryption by default (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) - // results in all EBS volumes being encrypted with the AWS managed CMK or a - // customer managed CMK, whether or not the snapshot was encrypted. + // results in all EBS volumes being encrypted with the Amazon Web Services managed + // CMK or a customer managed CMK, whether or not the snapshot was encrypted. // // For more information, see Using Encryption with EBS-Backed AMIs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html) // in the Amazon EC2 User Guide for Linux Instances and Required CMK key policy @@ -10218,13 +10455,24 @@ type Ebs struct { // in the Amazon EC2 Auto Scaling User Guide. Encrypted *bool `type:"boolean"` - // The number of I/O operations per second (IOPS) to provision for the volume. - // The maximum ratio of IOPS to volume size (in GiB) is 50:1. For more information, - // see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon EC2 User Guide for Linux Instances. + // The number of input/output (I/O) operations per second (IOPS) to provision + // for the volume. For gp3 and io1 volumes, this represents the number of IOPS + // that are provisioned for the volume. For gp2 volumes, this represents the + // baseline performance of the volume and the rate at which the volume accumulates + // I/O credits for bursting. // - // Required when the volume type is io1. (Not used with standard, gp2, st1, - // or sc1 volumes.) + // The following are the supported values for each volume type: + // + // * gp3: 3,000-16,000 IOPS + // + // * io1: 100-64,000 IOPS + // + // For io1 volumes, we guarantee 64,000 IOPS only for Instances built on the + // Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // Other instance families guarantee performance up to 32,000 IOPS. + // + // Iops is supported when the volume type is gp3 or io1 and required only when + // the volume type is io1. (Not used with standard, gp2, st1, or sc1 volumes.) Iops *int64 `min:"100" type:"integer"` // The snapshot ID of the volume to use. @@ -10232,26 +10480,29 @@ type Ebs struct { // You must specify either a VolumeSize or a SnapshotId. SnapshotId *string `min:"1" type:"string"` - // The volume size, in Gibibytes (GiB). + // The throughput (MiBps) to provision for a gp3 volume. + Throughput *int64 `min:"125" type:"integer"` + + // The volume size, in GiBs. The following are the supported volumes sizes for + // each volume type: // - // This can be a number from 1-1,024 for standard, 4-16,384 for io1, 1-16,384 - // for gp2, and 500-16,384 for st1 and sc1. If you specify a snapshot, the volume - // size must be equal to or larger than the snapshot size. + // * gp2 and gp3: 1-16,384 // - // Default: If you create a volume from a snapshot and you don't specify a volume - // size, the default is the snapshot size. + // * io1: 4-16,384 // - // You must specify either a VolumeSize or a SnapshotId. If you specify both + // * st1 and sc1: 125-16,384 + // + // * standard: 1-1,024 + // + // You must specify either a SnapshotId or a VolumeSize. If you specify both // SnapshotId and VolumeSize, the volume size must be equal or greater than // the size of the snapshot. VolumeSize *int64 `min:"1" type:"integer"` - // The volume type, which can be standard for Magnetic, io1 for Provisioned - // IOPS SSD, gp2 for General Purpose SSD, st1 for Throughput Optimized HDD, - // or sc1 for Cold HDD. For more information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) + // The volume type. For more information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) // in the Amazon EC2 User Guide for Linux Instances. // - // Valid Values: standard | io1 | gp2 | st1 | sc1 + // Valid Values: standard | io1 | gp2 | st1 | sc1 | gp3 VolumeType *string `min:"1" type:"string"` } @@ -10274,6 +10525,9 @@ func (s *Ebs) Validate() error { if s.SnapshotId != nil && len(*s.SnapshotId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SnapshotId", 1)) } + if s.Throughput != nil && *s.Throughput < 125 { + invalidParams.Add(request.NewErrParamMinValue("Throughput", 125)) + } if s.VolumeSize != nil && *s.VolumeSize < 1 { invalidParams.Add(request.NewErrParamMinValue("VolumeSize", 1)) } @@ -10311,6 +10565,12 @@ func (s *Ebs) SetSnapshotId(v string) *Ebs { return s } +// SetThroughput sets the Throughput field's value. +func (s *Ebs) SetThroughput(v int64) *Ebs { + s.Throughput = &v + return s +} + // SetVolumeSize sets the VolumeSize field's value. func (s *Ebs) SetVolumeSize(v int64) *Ebs { s.VolumeSize = &v @@ -10878,6 +11138,145 @@ func (s *Filter) SetValues(v []*string) *Filter { return s } +type GetPredictiveScalingForecastInput struct { + _ struct{} `type:"structure"` + + // The name of the Auto Scaling group. + // + // AutoScalingGroupName is a required field + AutoScalingGroupName *string `min:"1" type:"string" required:"true"` + + // The exclusive end time of the time range for the forecast data to get. The + // maximum time duration between the start and end time is 30 days. + // + // Although this parameter can accept a date and time that is more than two + // days in the future, the availability of forecast data has limits. Amazon + // EC2 Auto Scaling only issues forecasts for periods of two days in advance. + // + // EndTime is a required field + EndTime *time.Time `type:"timestamp" required:"true"` + + // The name of the policy. + // + // PolicyName is a required field + PolicyName *string `min:"1" type:"string" required:"true"` + + // The inclusive start time of the time range for the forecast data to get. + // At most, the date and time can be one year before the current date and time. + // + // StartTime is a required field + StartTime *time.Time `type:"timestamp" required:"true"` +} + +// String returns the string representation +func (s GetPredictiveScalingForecastInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetPredictiveScalingForecastInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetPredictiveScalingForecastInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetPredictiveScalingForecastInput"} + if s.AutoScalingGroupName == nil { + invalidParams.Add(request.NewErrParamRequired("AutoScalingGroupName")) + } + if s.AutoScalingGroupName != nil && len(*s.AutoScalingGroupName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AutoScalingGroupName", 1)) + } + if s.EndTime == nil { + invalidParams.Add(request.NewErrParamRequired("EndTime")) + } + if s.PolicyName == nil { + invalidParams.Add(request.NewErrParamRequired("PolicyName")) + } + if s.PolicyName != nil && len(*s.PolicyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) + } + if s.StartTime == nil { + invalidParams.Add(request.NewErrParamRequired("StartTime")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutoScalingGroupName sets the AutoScalingGroupName field's value. +func (s *GetPredictiveScalingForecastInput) SetAutoScalingGroupName(v string) *GetPredictiveScalingForecastInput { + s.AutoScalingGroupName = &v + return s +} + +// SetEndTime sets the EndTime field's value. +func (s *GetPredictiveScalingForecastInput) SetEndTime(v time.Time) *GetPredictiveScalingForecastInput { + s.EndTime = &v + return s +} + +// SetPolicyName sets the PolicyName field's value. +func (s *GetPredictiveScalingForecastInput) SetPolicyName(v string) *GetPredictiveScalingForecastInput { + s.PolicyName = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *GetPredictiveScalingForecastInput) SetStartTime(v time.Time) *GetPredictiveScalingForecastInput { + s.StartTime = &v + return s +} + +type GetPredictiveScalingForecastOutput struct { + _ struct{} `type:"structure"` + + // The capacity forecast. + // + // CapacityForecast is a required field + CapacityForecast *CapacityForecast `type:"structure" required:"true"` + + // The load forecast. + // + // LoadForecast is a required field + LoadForecast []*LoadForecast `type:"list" required:"true"` + + // The time the forecast was made. + // + // UpdateTime is a required field + UpdateTime *time.Time `type:"timestamp" required:"true"` +} + +// String returns the string representation +func (s GetPredictiveScalingForecastOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetPredictiveScalingForecastOutput) GoString() string { + return s.String() +} + +// SetCapacityForecast sets the CapacityForecast field's value. +func (s *GetPredictiveScalingForecastOutput) SetCapacityForecast(v *CapacityForecast) *GetPredictiveScalingForecastOutput { + s.CapacityForecast = v + return s +} + +// SetLoadForecast sets the LoadForecast field's value. +func (s *GetPredictiveScalingForecastOutput) SetLoadForecast(v []*LoadForecast) *GetPredictiveScalingForecastOutput { + s.LoadForecast = v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *GetPredictiveScalingForecastOutput) SetUpdateTime(v time.Time) *GetPredictiveScalingForecastOutput { + s.UpdateTime = &v + return s +} + // Describes an Auto Scaling group. type Group struct { _ struct{} `type:"structure"` @@ -10898,6 +11297,9 @@ type Group struct { // Indicates whether Capacity Rebalancing is enabled. CapacityRebalance *bool `type:"boolean"` + // Reserved. + Context *string `type:"string"` + // The date and time the group was created. // // CreatedTime is a required field @@ -10965,8 +11367,11 @@ type Group struct { // The name of the placement group into which to launch your instances, if any. PlacementGroup *string `min:"1" type:"string"` + // The predicted capacity of the group when it has a predictive scaling policy. + PredictedCapacity *int64 `type:"integer"` + // The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling - // group uses to call other AWS services on your behalf. + // group uses to call other Amazon Web Services on your behalf. ServiceLinkedRoleARN *string `min:"1" type:"string"` // The current state of the group when the DeleteAutoScalingGroup operation @@ -11029,6 +11434,12 @@ func (s *Group) SetCapacityRebalance(v bool) *Group { return s } +// SetContext sets the Context field's value. +func (s *Group) SetContext(v string) *Group { + s.Context = &v + return s +} + // SetCreatedTime sets the CreatedTime field's value. func (s *Group) SetCreatedTime(v time.Time) *Group { s.CreatedTime = &v @@ -11125,6 +11536,12 @@ func (s *Group) SetPlacementGroup(v string) *Group { return s } +// SetPredictedCapacity sets the PredictedCapacity field's value. +func (s *Group) SetPredictedCapacity(v int64) *Group { + s.PredictedCapacity = &v + return s +} + // SetServiceLinkedRoleARN sets the ServiceLinkedRoleARN field's value. func (s *Group) SetServiceLinkedRoleARN(v string) *Group { s.ServiceLinkedRoleARN = &v @@ -11548,7 +11965,7 @@ type InstanceRefresh struct { // replacement, Amazon EC2 Auto Scaling tracks the instance's health status // and warm-up time. When the instance's health status changes to healthy and // the specified warm-up time passes, the instance is considered updated and - // added to the percentage complete. + // is added to the percentage complete. PercentageComplete *int64 `type:"integer"` // Additional progress details for an Auto Scaling group that has a warm pool. @@ -11643,8 +12060,8 @@ func (s *InstanceRefresh) SetStatusReason(v string) *InstanceRefresh { return s } -// Reports the progress of an instance fresh on instances that are in the Auto -// Scaling group. +// Reports the progress of an instance refresh on instances that are in the +// Auto Scaling group. type InstanceRefreshLivePoolProgress struct { _ struct{} `type:"structure"` @@ -11655,7 +12072,7 @@ type InstanceRefreshLivePoolProgress struct { // For each instance replacement, Amazon EC2 Auto Scaling tracks the instance's // health status and warm-up time. When the instance's health status changes // to healthy and the specified warm-up time passes, the instance is considered - // updated and added to the percentage complete. + // updated and is added to the percentage complete. PercentageComplete *int64 `type:"integer"` } @@ -11687,11 +12104,11 @@ func (s *InstanceRefreshLivePoolProgress) SetPercentageComplete(v int64) *Instan type InstanceRefreshProgressDetails struct { _ struct{} `type:"structure"` - // Indicates the progress of an instance fresh on instances that are in the + // Indicates the progress of an instance refresh on instances that are in the // Auto Scaling group. LivePoolProgress *InstanceRefreshLivePoolProgress `type:"structure"` - // Indicates the progress of an instance fresh on instances that are in the + // Indicates the progress of an instance refresh on instances that are in the // warm pool. WarmPoolProgress *InstanceRefreshWarmPoolProgress `type:"structure"` } @@ -11718,8 +12135,8 @@ func (s *InstanceRefreshProgressDetails) SetWarmPoolProgress(v *InstanceRefreshW return s } -// Reports the progress of an instance fresh on instances that are in the warm -// pool. +// Reports the progress of an instance refresh on instances that are in the +// warm pool. type InstanceRefreshWarmPoolProgress struct { _ struct{} `type:"structure"` @@ -11730,7 +12147,7 @@ type InstanceRefreshWarmPoolProgress struct { // each instance replacement, Amazon EC2 Auto Scaling tracks the instance's // health status and warm-up time. When the instance's health status changes // to healthy and the specified warm-up time passes, the instance is considered - // updated and added to the percentage complete. + // updated and is added to the percentage complete. PercentageComplete *int64 `type:"integer"` } @@ -12634,17 +13051,6 @@ func (s *LifecycleHookSpecification) SetRoleARN(v string) *LifecycleHookSpecific } // Describes the state of a Classic Load Balancer. -// -// If you specify a load balancer when creating the Auto Scaling group, the -// state of the load balancer is InService. -// -// If you attach a load balancer to an existing Auto Scaling group, the initial -// state is Adding. The state transitions to Added after all instances in the -// group are registered with the load balancer. If Elastic Load Balancing health -// checks are enabled for the load balancer, the state transitions to InService -// after at least one instance in the group passes the health check. If EC2 -// health checks are enabled instead, the load balancer remains in the Added -// state. type LoadBalancerState struct { _ struct{} `type:"structure"` @@ -12653,19 +13059,19 @@ type LoadBalancerState struct { // One of the following load balancer states: // - // * Adding - The instances in the group are being registered with the load + // * Adding - The Auto Scaling instances are being registered with the load // balancer. // - // * Added - All instances in the group are registered with the load balancer. + // * Added - All Auto Scaling instances are registered with the load balancer. // - // * InService - At least one instance in the group passed an ELB health + // * InService - At least one Auto Scaling instance passed an ELB health // check. // - // * Removing - The instances in the group are being deregistered from the + // * Removing - The Auto Scaling instances are being deregistered from the // load balancer. If connection draining is enabled, Elastic Load Balancing // waits for in-flight requests to complete before deregistering the instances. // - // * Removed - All instances in the group are deregistered from the load + // * Removed - All Auto Scaling instances are deregistered from the load // balancer. State *string `min:"1" type:"string"` } @@ -12693,13 +13099,6 @@ func (s *LoadBalancerState) SetState(v string) *LoadBalancerState { } // Describes the state of a target group. -// -// If you attach a target group to an existing Auto Scaling group, the initial -// state is Adding. The state transitions to Added after all Auto Scaling instances -// are registered with the target group. If Elastic Load Balancing health checks -// are enabled, the state transitions to InService after at least one Auto Scaling -// instance passes the health check. If EC2 health checks are enabled instead, -// the target group remains in the Added state. type LoadBalancerTargetGroupState struct { _ struct{} `type:"structure"` @@ -12747,6 +13146,56 @@ func (s *LoadBalancerTargetGroupState) SetState(v string) *LoadBalancerTargetGro return s } +// A GetPredictiveScalingForecast call returns the load forecast for a predictive +// scaling policy. This structure includes the data points for that load forecast, +// along with the timestamps of those data points and the metric specification. +type LoadForecast struct { + _ struct{} `type:"structure"` + + // The metric specification for the load forecast. + // + // MetricSpecification is a required field + MetricSpecification *PredictiveScalingMetricSpecification `type:"structure" required:"true"` + + // The time stamps for the data points, in UTC format. + // + // Timestamps is a required field + Timestamps []*time.Time `type:"list" required:"true"` + + // The values of the data points. + // + // Values is a required field + Values []*float64 `type:"list" required:"true"` +} + +// String returns the string representation +func (s LoadForecast) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LoadForecast) GoString() string { + return s.String() +} + +// SetMetricSpecification sets the MetricSpecification field's value. +func (s *LoadForecast) SetMetricSpecification(v *PredictiveScalingMetricSpecification) *LoadForecast { + s.MetricSpecification = v + return s +} + +// SetTimestamps sets the Timestamps field's value. +func (s *LoadForecast) SetTimestamps(v []*time.Time) *LoadForecast { + s.Timestamps = v + return s +} + +// SetValues sets the Values field's value. +func (s *LoadForecast) SetValues(v []*float64) *LoadForecast { + s.Values = v + return s +} + // Describes a metric. type MetricCollectionType struct { _ struct{} `type:"structure"` @@ -13024,14 +13473,19 @@ type PredefinedMetricSpecification struct { // PredefinedMetricType is a required field PredefinedMetricType *string `type:"string" required:"true" enum:"MetricType"` - // Identifies the resource associated with the metric type. You can't specify - // a resource label unless the metric type is ALBRequestCountPerTarget and there - // is a target group attached to the Auto Scaling group. + // A label that uniquely identifies a specific Application Load Balancer target + // group from which to determine the average request count served by your Auto + // Scaling group. You can't specify a resource label unless the target group + // is attached to the Auto Scaling group. // // You create the resource label by appending the final portion of the load // balancer ARN and the final portion of the target group ARN into a single - // value, separated by a forward slash (/). The format is app///targetgroup//, - // where: + // value, separated by a forward slash (/). The format of the resource label + // is: + // + // app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff. + // + // Where: // // * app// is the final portion of // the load balancer ARN @@ -13039,8 +13493,6 @@ type PredefinedMetricSpecification struct { // * targetgroup// is the final portion // of the target group ARN. // - // This is an example: app/EC2Co-EcsEl-1TKLTMITMM0EO/f37c06a68c1748aa/targetgroup/EC2Co-Defau-LDNM7Q3ZH1ZN/6d4ea56ca2d6a18d. - // // To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) // API operation. To find the ARN for the target group, use the DescribeTargetGroups @@ -13087,6 +13539,483 @@ func (s *PredefinedMetricSpecification) SetResourceLabel(v string) *PredefinedMe return s } +// Represents a predictive scaling policy configuration to use with Amazon EC2 +// Auto Scaling. +type PredictiveScalingConfiguration struct { + _ struct{} `type:"structure"` + + // Defines the behavior that should be applied if the forecast capacity approaches + // or exceeds the maximum capacity of the Auto Scaling group. Defaults to HonorMaxCapacity + // if not specified. + // + // The following are possible values: + // + // * HonorMaxCapacity - Amazon EC2 Auto Scaling cannot scale out capacity + // higher than the maximum capacity. The maximum capacity is enforced as + // a hard limit. + // + // * IncreaseMaxCapacity - Amazon EC2 Auto Scaling can scale out capacity + // higher than the maximum capacity when the forecast capacity is close to + // or exceeds the maximum capacity. The upper limit is determined by the + // forecasted capacity and the value for MaxCapacityBuffer. + MaxCapacityBreachBehavior *string `type:"string" enum:"PredictiveScalingMaxCapacityBreachBehavior"` + + // The size of the capacity buffer to use when the forecast capacity is close + // to or exceeds the maximum capacity. The value is specified as a percentage + // relative to the forecast capacity. For example, if the buffer is 10, this + // means a 10 percent buffer, such that if the forecast capacity is 50, and + // the maximum capacity is 40, then the effective maximum capacity is 55. + // + // If set to 0, Amazon EC2 Auto Scaling may scale capacity higher than the maximum + // capacity to equal but not exceed forecast capacity. + // + // Required if the MaxCapacityBreachBehavior property is set to IncreaseMaxCapacity, + // and cannot be used otherwise. + MaxCapacityBuffer *int64 `type:"integer"` + + // This structure includes the metrics and target utilization to use for predictive + // scaling. + // + // This is an array, but we currently only support a single metric specification. + // That is, you can specify a target value and a single metric pair, or a target + // value and one scaling metric and one load metric. + // + // MetricSpecifications is a required field + MetricSpecifications []*PredictiveScalingMetricSpecification `type:"list" required:"true"` + + // The predictive scaling mode. Defaults to ForecastOnly if not specified. + Mode *string `type:"string" enum:"PredictiveScalingMode"` + + // The amount of time, in seconds, by which the instance launch time can be + // advanced. For example, the forecast says to add capacity at 10:00 AM, and + // you choose to pre-launch instances by 5 minutes. In that case, the instances + // will be launched at 9:55 AM. The intention is to give resources time to be + // provisioned. It can take a few minutes to launch an EC2 instance. The actual + // amount of time required depends on several factors, such as the size of the + // instance and whether there are startup scripts to complete. + // + // The value must be less than the forecast interval duration of 3600 seconds + // (60 minutes). Defaults to 300 seconds if not specified. + SchedulingBufferTime *int64 `type:"integer"` +} + +// String returns the string representation +func (s PredictiveScalingConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PredictiveScalingConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PredictiveScalingConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PredictiveScalingConfiguration"} + if s.MetricSpecifications == nil { + invalidParams.Add(request.NewErrParamRequired("MetricSpecifications")) + } + if s.MetricSpecifications != nil { + for i, v := range s.MetricSpecifications { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "MetricSpecifications", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxCapacityBreachBehavior sets the MaxCapacityBreachBehavior field's value. +func (s *PredictiveScalingConfiguration) SetMaxCapacityBreachBehavior(v string) *PredictiveScalingConfiguration { + s.MaxCapacityBreachBehavior = &v + return s +} + +// SetMaxCapacityBuffer sets the MaxCapacityBuffer field's value. +func (s *PredictiveScalingConfiguration) SetMaxCapacityBuffer(v int64) *PredictiveScalingConfiguration { + s.MaxCapacityBuffer = &v + return s +} + +// SetMetricSpecifications sets the MetricSpecifications field's value. +func (s *PredictiveScalingConfiguration) SetMetricSpecifications(v []*PredictiveScalingMetricSpecification) *PredictiveScalingConfiguration { + s.MetricSpecifications = v + return s +} + +// SetMode sets the Mode field's value. +func (s *PredictiveScalingConfiguration) SetMode(v string) *PredictiveScalingConfiguration { + s.Mode = &v + return s +} + +// SetSchedulingBufferTime sets the SchedulingBufferTime field's value. +func (s *PredictiveScalingConfiguration) SetSchedulingBufferTime(v int64) *PredictiveScalingConfiguration { + s.SchedulingBufferTime = &v + return s +} + +// This structure specifies the metrics and target utilization settings for +// a predictive scaling policy. +// +// You must specify either a metric pair, or a load metric and a scaling metric +// individually. Specifying a metric pair instead of individual metrics provides +// a simpler way to configure metrics for a scaling policy. You choose the metric +// pair, and the policy automatically knows the correct sum and average statistics +// to use for the load metric and the scaling metric. +// +// Example +// +// * You create a predictive scaling policy and specify ALBRequestCount as +// the value for the metric pair and 1000.0 as the target value. For this +// type of metric, you must provide the metric dimension for the corresponding +// target group, so you also provide a resource label for the Application +// Load Balancer target group that is attached to your Auto Scaling group. +// +// * The number of requests the target group receives per minute provides +// the load metric, and the request count averaged between the members of +// the target group provides the scaling metric. In CloudWatch, this refers +// to the RequestCount and RequestCountPerTarget metrics, respectively. +// +// * For optimal use of predictive scaling, you adhere to the best practice +// of using a dynamic scaling policy to automatically scale between the minimum +// capacity and maximum capacity in response to real-time changes in resource +// utilization. +// +// * Amazon EC2 Auto Scaling consumes data points for the load metric over +// the last 14 days and creates an hourly load forecast for predictive scaling. +// (A minimum of 24 hours of data is required.) +// +// * After creating the load forecast, Amazon EC2 Auto Scaling determines +// when to reduce or increase the capacity of your Auto Scaling group in +// each hour of the forecast period so that the average number of requests +// received by each instance is as close to 1000 requests per minute as possible +// at all times. +type PredictiveScalingMetricSpecification struct { + _ struct{} `type:"structure"` + + // The load metric specification. + PredefinedLoadMetricSpecification *PredictiveScalingPredefinedLoadMetric `type:"structure"` + + // The metric pair specification from which Amazon EC2 Auto Scaling determines + // the appropriate scaling metric and load metric to use. + PredefinedMetricPairSpecification *PredictiveScalingPredefinedMetricPair `type:"structure"` + + // The scaling metric specification. + PredefinedScalingMetricSpecification *PredictiveScalingPredefinedScalingMetric `type:"structure"` + + // Specifies the target utilization. + // + // TargetValue is a required field + TargetValue *float64 `type:"double" required:"true"` +} + +// String returns the string representation +func (s PredictiveScalingMetricSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PredictiveScalingMetricSpecification) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PredictiveScalingMetricSpecification) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PredictiveScalingMetricSpecification"} + if s.TargetValue == nil { + invalidParams.Add(request.NewErrParamRequired("TargetValue")) + } + if s.PredefinedLoadMetricSpecification != nil { + if err := s.PredefinedLoadMetricSpecification.Validate(); err != nil { + invalidParams.AddNested("PredefinedLoadMetricSpecification", err.(request.ErrInvalidParams)) + } + } + if s.PredefinedMetricPairSpecification != nil { + if err := s.PredefinedMetricPairSpecification.Validate(); err != nil { + invalidParams.AddNested("PredefinedMetricPairSpecification", err.(request.ErrInvalidParams)) + } + } + if s.PredefinedScalingMetricSpecification != nil { + if err := s.PredefinedScalingMetricSpecification.Validate(); err != nil { + invalidParams.AddNested("PredefinedScalingMetricSpecification", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPredefinedLoadMetricSpecification sets the PredefinedLoadMetricSpecification field's value. +func (s *PredictiveScalingMetricSpecification) SetPredefinedLoadMetricSpecification(v *PredictiveScalingPredefinedLoadMetric) *PredictiveScalingMetricSpecification { + s.PredefinedLoadMetricSpecification = v + return s +} + +// SetPredefinedMetricPairSpecification sets the PredefinedMetricPairSpecification field's value. +func (s *PredictiveScalingMetricSpecification) SetPredefinedMetricPairSpecification(v *PredictiveScalingPredefinedMetricPair) *PredictiveScalingMetricSpecification { + s.PredefinedMetricPairSpecification = v + return s +} + +// SetPredefinedScalingMetricSpecification sets the PredefinedScalingMetricSpecification field's value. +func (s *PredictiveScalingMetricSpecification) SetPredefinedScalingMetricSpecification(v *PredictiveScalingPredefinedScalingMetric) *PredictiveScalingMetricSpecification { + s.PredefinedScalingMetricSpecification = v + return s +} + +// SetTargetValue sets the TargetValue field's value. +func (s *PredictiveScalingMetricSpecification) SetTargetValue(v float64) *PredictiveScalingMetricSpecification { + s.TargetValue = &v + return s +} + +// Describes a load metric for a predictive scaling policy. +// +// When returned in the output of DescribePolicies, it indicates that a predictive +// scaling policy uses individually specified load and scaling metrics instead +// of a metric pair. +type PredictiveScalingPredefinedLoadMetric struct { + _ struct{} `type:"structure"` + + // The metric type. + // + // PredefinedMetricType is a required field + PredefinedMetricType *string `type:"string" required:"true" enum:"PredefinedLoadMetricType"` + + // A label that uniquely identifies a specific Application Load Balancer target + // group from which to determine the request count served by your Auto Scaling + // group. You can't specify a resource label unless the target group is attached + // to the Auto Scaling group. + // + // You create the resource label by appending the final portion of the load + // balancer ARN and the final portion of the target group ARN into a single + // value, separated by a forward slash (/). The format of the resource label + // is: + // + // app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff. + // + // Where: + // + // * app// is the final portion of + // the load balancer ARN + // + // * targetgroup// is the final portion + // of the target group ARN. + // + // To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) + // API operation. To find the ARN for the target group, use the DescribeTargetGroups + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) + // API operation. + ResourceLabel *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s PredictiveScalingPredefinedLoadMetric) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PredictiveScalingPredefinedLoadMetric) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PredictiveScalingPredefinedLoadMetric) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PredictiveScalingPredefinedLoadMetric"} + if s.PredefinedMetricType == nil { + invalidParams.Add(request.NewErrParamRequired("PredefinedMetricType")) + } + if s.ResourceLabel != nil && len(*s.ResourceLabel) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceLabel", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPredefinedMetricType sets the PredefinedMetricType field's value. +func (s *PredictiveScalingPredefinedLoadMetric) SetPredefinedMetricType(v string) *PredictiveScalingPredefinedLoadMetric { + s.PredefinedMetricType = &v + return s +} + +// SetResourceLabel sets the ResourceLabel field's value. +func (s *PredictiveScalingPredefinedLoadMetric) SetResourceLabel(v string) *PredictiveScalingPredefinedLoadMetric { + s.ResourceLabel = &v + return s +} + +// Represents a metric pair for a predictive scaling policy. +type PredictiveScalingPredefinedMetricPair struct { + _ struct{} `type:"structure"` + + // Indicates which metrics to use. There are two different types of metrics + // for each metric type: one is a load metric and one is a scaling metric. For + // example, if the metric type is ASGCPUUtilization, the Auto Scaling group's + // total CPU metric is used as the load metric, and the average CPU metric is + // used for the scaling metric. + // + // PredefinedMetricType is a required field + PredefinedMetricType *string `type:"string" required:"true" enum:"PredefinedMetricPairType"` + + // A label that uniquely identifies a specific Application Load Balancer target + // group from which to determine the total and average request count served + // by your Auto Scaling group. You can't specify a resource label unless the + // target group is attached to the Auto Scaling group. + // + // You create the resource label by appending the final portion of the load + // balancer ARN and the final portion of the target group ARN into a single + // value, separated by a forward slash (/). The format of the resource label + // is: + // + // app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff. + // + // Where: + // + // * app// is the final portion of + // the load balancer ARN + // + // * targetgroup// is the final portion + // of the target group ARN. + // + // To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) + // API operation. To find the ARN for the target group, use the DescribeTargetGroups + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) + // API operation. + ResourceLabel *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s PredictiveScalingPredefinedMetricPair) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PredictiveScalingPredefinedMetricPair) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PredictiveScalingPredefinedMetricPair) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PredictiveScalingPredefinedMetricPair"} + if s.PredefinedMetricType == nil { + invalidParams.Add(request.NewErrParamRequired("PredefinedMetricType")) + } + if s.ResourceLabel != nil && len(*s.ResourceLabel) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceLabel", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPredefinedMetricType sets the PredefinedMetricType field's value. +func (s *PredictiveScalingPredefinedMetricPair) SetPredefinedMetricType(v string) *PredictiveScalingPredefinedMetricPair { + s.PredefinedMetricType = &v + return s +} + +// SetResourceLabel sets the ResourceLabel field's value. +func (s *PredictiveScalingPredefinedMetricPair) SetResourceLabel(v string) *PredictiveScalingPredefinedMetricPair { + s.ResourceLabel = &v + return s +} + +// Describes a scaling metric for a predictive scaling policy. +// +// When returned in the output of DescribePolicies, it indicates that a predictive +// scaling policy uses individually specified load and scaling metrics instead +// of a metric pair. +type PredictiveScalingPredefinedScalingMetric struct { + _ struct{} `type:"structure"` + + // The metric type. + // + // PredefinedMetricType is a required field + PredefinedMetricType *string `type:"string" required:"true" enum:"PredefinedScalingMetricType"` + + // A label that uniquely identifies a specific Application Load Balancer target + // group from which to determine the average request count served by your Auto + // Scaling group. You can't specify a resource label unless the target group + // is attached to the Auto Scaling group. + // + // You create the resource label by appending the final portion of the load + // balancer ARN and the final portion of the target group ARN into a single + // value, separated by a forward slash (/). The format of the resource label + // is: + // + // app/my-alb/778d41231b141a0f/targetgroup/my-alb-target-group/943f017f100becff. + // + // Where: + // + // * app// is the final portion of + // the load balancer ARN + // + // * targetgroup// is the final portion + // of the target group ARN. + // + // To find the ARN for an Application Load Balancer, use the DescribeLoadBalancers + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) + // API operation. To find the ARN for the target group, use the DescribeTargetGroups + // (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) + // API operation. + ResourceLabel *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s PredictiveScalingPredefinedScalingMetric) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PredictiveScalingPredefinedScalingMetric) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PredictiveScalingPredefinedScalingMetric) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PredictiveScalingPredefinedScalingMetric"} + if s.PredefinedMetricType == nil { + invalidParams.Add(request.NewErrParamRequired("PredefinedMetricType")) + } + if s.ResourceLabel != nil && len(*s.ResourceLabel) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceLabel", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPredefinedMetricType sets the PredefinedMetricType field's value. +func (s *PredictiveScalingPredefinedScalingMetric) SetPredefinedMetricType(v string) *PredictiveScalingPredefinedScalingMetric { + s.PredefinedMetricType = &v + return s +} + +// SetResourceLabel sets the ResourceLabel field's value. +func (s *PredictiveScalingPredefinedScalingMetric) SetResourceLabel(v string) *PredictiveScalingPredefinedScalingMetric { + s.ResourceLabel = &v + return s +} + // Describes a process type. // // For more information, see Scaling processes (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#process-types) @@ -13463,8 +14392,21 @@ type PutScalingPolicyInput struct { // * StepScaling // // * SimpleScaling (default) + // + // * PredictiveScaling PolicyType *string `min:"1" type:"string"` + // A predictive scaling policy. Provides support for only predefined metrics. + // + // Predictive scaling works with CPU utilization, network in/out, and the Application + // Load Balancer request count. + // + // For more information, see PredictiveScalingConfiguration (https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredictiveScalingConfiguration.html) + // in the Amazon EC2 Auto Scaling API Reference. + // + // Required if the policy type is PredictiveScaling. + PredictiveScalingConfiguration *PredictiveScalingConfiguration `type:"structure"` + // The amount by which to scale, based on the specified adjustment type. A positive // value adds to the current capacity while a negative number removes from the // current capacity. For exact capacity, you must specify a positive value. @@ -13480,7 +14422,7 @@ type PutScalingPolicyInput struct { // type.) StepAdjustments []*StepAdjustment `type:"list"` - // A target tracking scaling policy. Includes support for predefined or customized + // A target tracking scaling policy. Provides support for predefined or customized // metrics. // // The following predefined metrics are available: @@ -13537,6 +14479,11 @@ func (s *PutScalingPolicyInput) Validate() error { if s.PolicyType != nil && len(*s.PolicyType) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyType", 1)) } + if s.PredictiveScalingConfiguration != nil { + if err := s.PredictiveScalingConfiguration.Validate(); err != nil { + invalidParams.AddNested("PredictiveScalingConfiguration", err.(request.ErrInvalidParams)) + } + } if s.StepAdjustments != nil { for i, v := range s.StepAdjustments { if v == nil { @@ -13619,6 +14566,12 @@ func (s *PutScalingPolicyInput) SetPolicyType(v string) *PutScalingPolicyInput { return s } +// SetPredictiveScalingConfiguration sets the PredictiveScalingConfiguration field's value. +func (s *PutScalingPolicyInput) SetPredictiveScalingConfiguration(v *PredictiveScalingConfiguration) *PutScalingPolicyInput { + s.PredictiveScalingConfiguration = v + return s +} + // SetScalingAdjustment sets the ScalingAdjustment field's value. func (s *PutScalingPolicyInput) SetScalingAdjustment(v int64) *PutScalingPolicyInput { s.ScalingAdjustment = &v @@ -13852,24 +14805,26 @@ type PutWarmPoolInput struct { // AutoScalingGroupName is a required field AutoScalingGroupName *string `min:"1" type:"string" required:"true"` - // Specifies the total maximum number of instances that are allowed to be in - // the warm pool or in any state except Terminated for the Auto Scaling group. - // This is an optional property. Specify it only if the warm pool size should - // not be determined by the difference between the group's maximum capacity - // and its desired capacity. + // Specifies the maximum number of instances that are allowed to be in the warm + // pool or in any state except Terminated for the Auto Scaling group. This is + // an optional property. Specify it only if you do not want the warm pool size + // to be determined by the difference between the group's maximum capacity and + // its desired capacity. // - // Amazon EC2 Auto Scaling will launch and maintain either the difference between - // the group's maximum capacity and its desired capacity, if a value for MaxGroupPreparedCapacity - // is not specified, or the difference between the MaxGroupPreparedCapacity - // and the desired capacity, if a value for MaxGroupPreparedCapacity is specified. + // If a value for MaxGroupPreparedCapacity is not specified, Amazon EC2 Auto + // Scaling launches and maintains the difference between the group's maximum + // capacity and its desired capacity. If you specify a value for MaxGroupPreparedCapacity, + // Amazon EC2 Auto Scaling uses the difference between the MaxGroupPreparedCapacity + // and the desired capacity instead. // // The size of the warm pool is dynamic. Only when MaxGroupPreparedCapacity // and MinSize are set to the same value does the warm pool have an absolute // size. // // If the desired capacity of the Auto Scaling group is higher than the MaxGroupPreparedCapacity, - // the capacity of the warm pool is 0. To remove a value that you previously - // set, include the property but specify -1 for the value. + // the capacity of the warm pool is 0, unless you specify a value for MinSize. + // To remove a value that you previously set, include the property but specify + // -1 for the value. MaxGroupPreparedCapacity *int64 `type:"integer"` // Specifies the minimum number of instances to maintain in the warm pool. This @@ -13877,8 +14832,8 @@ type PutWarmPoolInput struct { // available to handle traffic spikes. Defaults to 0 if not specified. MinSize *int64 `type:"integer"` - // Sets the instance state to transition to after the lifecycle hooks finish. - // Valid values are: Stopped (default) or Running. + // Sets the instance state to transition to after the lifecycle actions are + // complete. Default is Stopped. PoolState *string `type:"string" enum:"WarmPoolState"` } @@ -14178,11 +15133,16 @@ type ScalingPolicy struct { // // * SimpleScaling (default) // + // * PredictiveScaling + // // For more information, see Target tracking scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html) // and Step and simple scaling policies (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html) // in the Amazon EC2 Auto Scaling User Guide. PolicyType *string `min:"1" type:"string"` + // A predictive scaling policy. + PredictiveScalingConfiguration *PredictiveScalingConfiguration `type:"structure"` + // The amount by which to scale, based on the specified adjustment type. A positive // value adds to the current capacity while a negative number removes from the // current capacity. @@ -14278,6 +15238,12 @@ func (s *ScalingPolicy) SetPolicyType(v string) *ScalingPolicy { return s } +// SetPredictiveScalingConfiguration sets the PredictiveScalingConfiguration field's value. +func (s *ScalingPolicy) SetPredictiveScalingConfiguration(v *PredictiveScalingConfiguration) *ScalingPolicy { + s.PredictiveScalingConfiguration = v + return s +} + // SetScalingAdjustment sets the ScalingAdjustment field's value. func (s *ScalingPolicy) SetScalingAdjustment(v int64) *ScalingPolicy { s.ScalingAdjustment = &v @@ -15133,7 +16099,7 @@ type Tag struct { // in the group. PropagateAtLaunch *bool `type:"boolean"` - // The name of the group. + // The name of the Auto Scaling group. ResourceId *string `type:"string"` // The type of resource. The only supported value is auto-scaling-group. @@ -15437,6 +16403,9 @@ type UpdateAutoScalingGroupInput struct { // in the Amazon EC2 Auto Scaling User Guide. CapacityRebalance *bool `type:"boolean"` + // Reserved. + Context *string `type:"string"` + // The amount of time, in seconds, after a scaling activity completes before // another scaling activity can start. The default value is 300. This setting // applies when using simple scaling policies, but not when using other scaling @@ -15517,7 +16486,7 @@ type UpdateAutoScalingGroupInput struct { PlacementGroup *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling - // group uses to call other AWS services on your behalf. For more information, + // group uses to call other Amazon Web Services on your behalf. For more information, // see Service-linked roles (https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) // in the Amazon EC2 Auto Scaling User Guide. ServiceLinkedRoleARN *string `min:"1" type:"string"` @@ -15603,6 +16572,12 @@ func (s *UpdateAutoScalingGroupInput) SetCapacityRebalance(v bool) *UpdateAutoSc return s } +// SetContext sets the Context field's value. +func (s *UpdateAutoScalingGroupInput) SetContext(v string) *UpdateAutoScalingGroupInput { + s.Context = &v + return s +} + // SetDefaultCooldown sets the DefaultCooldown field's value. func (s *UpdateAutoScalingGroupInput) SetDefaultCooldown(v int64) *UpdateAutoScalingGroupInput { s.DefaultCooldown = &v @@ -15711,15 +16686,14 @@ func (s UpdateAutoScalingGroupOutput) GoString() string { type WarmPoolConfiguration struct { _ struct{} `type:"structure"` - // The total maximum number of instances that are allowed to be in the warm - // pool or in any state except Terminated for the Auto Scaling group. + // The maximum number of instances that are allowed to be in the warm pool or + // in any state except Terminated for the Auto Scaling group. MaxGroupPreparedCapacity *int64 `type:"integer"` // The minimum number of instances to maintain in the warm pool. MinSize *int64 `type:"integer"` - // The instance state to transition to after the lifecycle actions are complete: - // Stopped or Running. + // The instance state to transition to after the lifecycle actions are complete. PoolState *string `type:"string" enum:"WarmPoolState"` // The status of a warm pool that is marked for deletion. @@ -15972,6 +16946,110 @@ func MetricType_Values() []string { } } +const ( + // PredefinedLoadMetricTypeAsgtotalCpuutilization is a PredefinedLoadMetricType enum value + PredefinedLoadMetricTypeAsgtotalCpuutilization = "ASGTotalCPUUtilization" + + // PredefinedLoadMetricTypeAsgtotalNetworkIn is a PredefinedLoadMetricType enum value + PredefinedLoadMetricTypeAsgtotalNetworkIn = "ASGTotalNetworkIn" + + // PredefinedLoadMetricTypeAsgtotalNetworkOut is a PredefinedLoadMetricType enum value + PredefinedLoadMetricTypeAsgtotalNetworkOut = "ASGTotalNetworkOut" + + // PredefinedLoadMetricTypeAlbtargetGroupRequestCount is a PredefinedLoadMetricType enum value + PredefinedLoadMetricTypeAlbtargetGroupRequestCount = "ALBTargetGroupRequestCount" +) + +// PredefinedLoadMetricType_Values returns all elements of the PredefinedLoadMetricType enum +func PredefinedLoadMetricType_Values() []string { + return []string{ + PredefinedLoadMetricTypeAsgtotalCpuutilization, + PredefinedLoadMetricTypeAsgtotalNetworkIn, + PredefinedLoadMetricTypeAsgtotalNetworkOut, + PredefinedLoadMetricTypeAlbtargetGroupRequestCount, + } +} + +const ( + // PredefinedMetricPairTypeAsgcpuutilization is a PredefinedMetricPairType enum value + PredefinedMetricPairTypeAsgcpuutilization = "ASGCPUUtilization" + + // PredefinedMetricPairTypeAsgnetworkIn is a PredefinedMetricPairType enum value + PredefinedMetricPairTypeAsgnetworkIn = "ASGNetworkIn" + + // PredefinedMetricPairTypeAsgnetworkOut is a PredefinedMetricPairType enum value + PredefinedMetricPairTypeAsgnetworkOut = "ASGNetworkOut" + + // PredefinedMetricPairTypeAlbrequestCount is a PredefinedMetricPairType enum value + PredefinedMetricPairTypeAlbrequestCount = "ALBRequestCount" +) + +// PredefinedMetricPairType_Values returns all elements of the PredefinedMetricPairType enum +func PredefinedMetricPairType_Values() []string { + return []string{ + PredefinedMetricPairTypeAsgcpuutilization, + PredefinedMetricPairTypeAsgnetworkIn, + PredefinedMetricPairTypeAsgnetworkOut, + PredefinedMetricPairTypeAlbrequestCount, + } +} + +const ( + // PredefinedScalingMetricTypeAsgaverageCpuutilization is a PredefinedScalingMetricType enum value + PredefinedScalingMetricTypeAsgaverageCpuutilization = "ASGAverageCPUUtilization" + + // PredefinedScalingMetricTypeAsgaverageNetworkIn is a PredefinedScalingMetricType enum value + PredefinedScalingMetricTypeAsgaverageNetworkIn = "ASGAverageNetworkIn" + + // PredefinedScalingMetricTypeAsgaverageNetworkOut is a PredefinedScalingMetricType enum value + PredefinedScalingMetricTypeAsgaverageNetworkOut = "ASGAverageNetworkOut" + + // PredefinedScalingMetricTypeAlbrequestCountPerTarget is a PredefinedScalingMetricType enum value + PredefinedScalingMetricTypeAlbrequestCountPerTarget = "ALBRequestCountPerTarget" +) + +// PredefinedScalingMetricType_Values returns all elements of the PredefinedScalingMetricType enum +func PredefinedScalingMetricType_Values() []string { + return []string{ + PredefinedScalingMetricTypeAsgaverageCpuutilization, + PredefinedScalingMetricTypeAsgaverageNetworkIn, + PredefinedScalingMetricTypeAsgaverageNetworkOut, + PredefinedScalingMetricTypeAlbrequestCountPerTarget, + } +} + +const ( + // PredictiveScalingMaxCapacityBreachBehaviorHonorMaxCapacity is a PredictiveScalingMaxCapacityBreachBehavior enum value + PredictiveScalingMaxCapacityBreachBehaviorHonorMaxCapacity = "HonorMaxCapacity" + + // PredictiveScalingMaxCapacityBreachBehaviorIncreaseMaxCapacity is a PredictiveScalingMaxCapacityBreachBehavior enum value + PredictiveScalingMaxCapacityBreachBehaviorIncreaseMaxCapacity = "IncreaseMaxCapacity" +) + +// PredictiveScalingMaxCapacityBreachBehavior_Values returns all elements of the PredictiveScalingMaxCapacityBreachBehavior enum +func PredictiveScalingMaxCapacityBreachBehavior_Values() []string { + return []string{ + PredictiveScalingMaxCapacityBreachBehaviorHonorMaxCapacity, + PredictiveScalingMaxCapacityBreachBehaviorIncreaseMaxCapacity, + } +} + +const ( + // PredictiveScalingModeForecastAndScale is a PredictiveScalingMode enum value + PredictiveScalingModeForecastAndScale = "ForecastAndScale" + + // PredictiveScalingModeForecastOnly is a PredictiveScalingMode enum value + PredictiveScalingModeForecastOnly = "ForecastOnly" +) + +// PredictiveScalingMode_Values returns all elements of the PredictiveScalingMode enum +func PredictiveScalingMode_Values() []string { + return []string{ + PredictiveScalingModeForecastAndScale, + PredictiveScalingModeForecastOnly, + } +} + const ( // RefreshStrategyRolling is a RefreshStrategy enum value RefreshStrategyRolling = "Rolling" diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go index 5b9e92f197..62f8b8eed8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface/interface.go @@ -268,6 +268,10 @@ type AutoScalingAPI interface { ExitStandbyWithContext(aws.Context, *autoscaling.ExitStandbyInput, ...request.Option) (*autoscaling.ExitStandbyOutput, error) ExitStandbyRequest(*autoscaling.ExitStandbyInput) (*request.Request, *autoscaling.ExitStandbyOutput) + GetPredictiveScalingForecast(*autoscaling.GetPredictiveScalingForecastInput) (*autoscaling.GetPredictiveScalingForecastOutput, error) + GetPredictiveScalingForecastWithContext(aws.Context, *autoscaling.GetPredictiveScalingForecastInput, ...request.Option) (*autoscaling.GetPredictiveScalingForecastOutput, error) + GetPredictiveScalingForecastRequest(*autoscaling.GetPredictiveScalingForecastInput) (*request.Request, *autoscaling.GetPredictiveScalingForecastOutput) + PutLifecycleHook(*autoscaling.PutLifecycleHookInput) (*autoscaling.PutLifecycleHookOutput, error) PutLifecycleHookWithContext(aws.Context, *autoscaling.PutLifecycleHookInput, ...request.Option) (*autoscaling.PutLifecycleHookOutput, error) PutLifecycleHookRequest(*autoscaling.PutLifecycleHookInput) (*request.Request, *autoscaling.PutLifecycleHookOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go index 0a2fe8c30f..27f32492dd 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/doc.go @@ -5,12 +5,14 @@ // // Amazon EC2 Auto Scaling is designed to automatically launch or terminate // EC2 instances based on user-defined scaling policies, scheduled actions, -// and health checks. Use this service with AWS Auto Scaling, Amazon CloudWatch, -// and Elastic Load Balancing. +// and health checks. // -// For more information, including information about granting IAM users required -// permissions for Amazon EC2 Auto Scaling actions, see the Amazon EC2 Auto +// For more information about Amazon EC2 Auto Scaling, see the Amazon EC2 Auto // Scaling User Guide (https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html). +// For information about granting IAM users required permissions for calls to +// Amazon EC2 Auto Scaling, see Granting IAM users required permissions for +// Amazon EC2 Auto Scaling resources (https://docs.aws.amazon.com/autoscaling/ec2/APIReference/ec2-auto-scaling-api-permissions.html) +// in the Amazon EC2 Auto Scaling API Reference. // // See https://docs.aws.amazon.com/goto/WebAPI/autoscaling-2011-01-01 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go index 0c756db06f..b7df06a59d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/api.go @@ -13,6 +13,182 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/query" ) +const opActivateType = "ActivateType" + +// ActivateTypeRequest generates a "aws/request.Request" representing the +// client's request for the ActivateType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ActivateType for more information on using the ActivateType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ActivateTypeRequest method. +// req, resp := client.ActivateTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/ActivateType +func (c *CloudFormation) ActivateTypeRequest(input *ActivateTypeInput) (req *request.Request, output *ActivateTypeOutput) { + op := &request.Operation{ + Name: opActivateType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ActivateTypeInput{} + } + + output = &ActivateTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// ActivateType API operation for AWS CloudFormation. +// +// Activates a public third-party extension, making it available for use in +// stack templates. For more information, see Using public extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) +// in the CloudFormation User Guide. +// +// Once you have activated a public third-party extension in your account and +// region, use SetTypeConfiguration (AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) +// to specify configuration properties for the extension. For more information, +// see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) +// in the CloudFormation User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation ActivateType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// * ErrCodeTypeNotFoundException "TypeNotFoundException" +// The specified extension does not exist in the CloudFormation registry. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/ActivateType +func (c *CloudFormation) ActivateType(input *ActivateTypeInput) (*ActivateTypeOutput, error) { + req, out := c.ActivateTypeRequest(input) + return out, req.Send() +} + +// ActivateTypeWithContext is the same as ActivateType with the addition of +// the ability to pass a context and additional request options. +// +// See ActivateType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) ActivateTypeWithContext(ctx aws.Context, input *ActivateTypeInput, opts ...request.Option) (*ActivateTypeOutput, error) { + req, out := c.ActivateTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opBatchDescribeTypeConfigurations = "BatchDescribeTypeConfigurations" + +// BatchDescribeTypeConfigurationsRequest generates a "aws/request.Request" representing the +// client's request for the BatchDescribeTypeConfigurations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchDescribeTypeConfigurations for more information on using the BatchDescribeTypeConfigurations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the BatchDescribeTypeConfigurationsRequest method. +// req, resp := client.BatchDescribeTypeConfigurationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/BatchDescribeTypeConfigurations +func (c *CloudFormation) BatchDescribeTypeConfigurationsRequest(input *BatchDescribeTypeConfigurationsInput) (req *request.Request, output *BatchDescribeTypeConfigurationsOutput) { + op := &request.Operation{ + Name: opBatchDescribeTypeConfigurations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &BatchDescribeTypeConfigurationsInput{} + } + + output = &BatchDescribeTypeConfigurationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchDescribeTypeConfigurations API operation for AWS CloudFormation. +// +// Returns configuration data for the specified CloudFormation extensions, from +// the CloudFormation registry for the account and region. +// +// For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) +// in the CloudFormation User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation BatchDescribeTypeConfigurations for usage and error information. +// +// Returned Error Codes: +// * ErrCodeTypeConfigurationNotFoundException "TypeConfigurationNotFoundException" +// The specified extension configuration cannot be found. +// +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/BatchDescribeTypeConfigurations +func (c *CloudFormation) BatchDescribeTypeConfigurations(input *BatchDescribeTypeConfigurationsInput) (*BatchDescribeTypeConfigurationsOutput, error) { + req, out := c.BatchDescribeTypeConfigurationsRequest(input) + return out, req.Send() +} + +// BatchDescribeTypeConfigurationsWithContext is the same as BatchDescribeTypeConfigurations with the addition of +// the ability to pass a context and additional request options. +// +// See BatchDescribeTypeConfigurations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) BatchDescribeTypeConfigurationsWithContext(ctx aws.Context, input *BatchDescribeTypeConfigurationsInput, opts ...request.Option) (*BatchDescribeTypeConfigurationsOutput, error) { + req, out := c.BatchDescribeTypeConfigurationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCancelUpdateStack = "CancelUpdateStack" // CancelUpdateStackRequest generates a "aws/request.Request" representing the @@ -585,6 +761,96 @@ func (c *CloudFormation) CreateStackSetWithContext(ctx aws.Context, input *Creat return out, req.Send() } +const opDeactivateType = "DeactivateType" + +// DeactivateTypeRequest generates a "aws/request.Request" representing the +// client's request for the DeactivateType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeactivateType for more information on using the DeactivateType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeactivateTypeRequest method. +// req, resp := client.DeactivateTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DeactivateType +func (c *CloudFormation) DeactivateTypeRequest(input *DeactivateTypeInput) (req *request.Request, output *DeactivateTypeOutput) { + op := &request.Operation{ + Name: opDeactivateType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeactivateTypeInput{} + } + + output = &DeactivateTypeOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeactivateType API operation for AWS CloudFormation. +// +// Deactivates a public extension that was previously activated in this account +// and region. +// +// Once deactivated, an extension cannot be used in any CloudFormation operation. +// This includes stack update operations where the stack template includes the +// extension, even if no updates are being made to the extension. In addition, +// deactivated extensions are not automatically updated if a new version of +// the extension is released. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation DeactivateType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// * ErrCodeTypeNotFoundException "TypeNotFoundException" +// The specified extension does not exist in the CloudFormation registry. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DeactivateType +func (c *CloudFormation) DeactivateType(input *DeactivateTypeInput) (*DeactivateTypeOutput, error) { + req, out := c.DeactivateTypeRequest(input) + return out, req.Send() +} + +// DeactivateTypeWithContext is the same as DeactivateType with the addition of +// the ability to pass a context and additional request options. +// +// See DeactivateType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) DeactivateTypeWithContext(ctx aws.Context, input *DeactivateTypeInput, opts ...request.Option) (*DeactivateTypeOutput, error) { + req, out := c.DeactivateTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteChangeSet = "DeleteChangeSet" // DeleteChangeSetRequest generates a "aws/request.Request" representing the @@ -1013,7 +1279,7 @@ func (c *CloudFormation) DeregisterTypeRequest(input *DeregisterTypeInput) (req // An error occurred during a CloudFormation registry operation. // // * ErrCodeTypeNotFoundException "TypeNotFoundException" -// The specified type does not exist in the CloudFormation registry. +// The specified extension does not exist in the CloudFormation registry. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DeregisterType func (c *CloudFormation) DeregisterType(input *DeregisterTypeInput) (*DeregisterTypeOutput, error) { @@ -1255,6 +1521,96 @@ func (c *CloudFormation) DescribeChangeSetWithContext(ctx aws.Context, input *De return out, req.Send() } +const opDescribePublisher = "DescribePublisher" + +// DescribePublisherRequest generates a "aws/request.Request" representing the +// client's request for the DescribePublisher operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribePublisher for more information on using the DescribePublisher +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribePublisherRequest method. +// req, resp := client.DescribePublisherRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DescribePublisher +func (c *CloudFormation) DescribePublisherRequest(input *DescribePublisherInput) (req *request.Request, output *DescribePublisherOutput) { + op := &request.Operation{ + Name: opDescribePublisher, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribePublisherInput{} + } + + output = &DescribePublisherOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribePublisher API operation for AWS CloudFormation. +// +// Returns information about a CloudFormation extension publisher. +// +// If you do not supply a PublisherId, and you have registered as an extension +// publisher, DescribePublisher returns information about your own publisher +// account. +// +// For more information on registering as a publisher, see: +// +// * RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html) +// +// * Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) +// in the CloudFormation CLI User Guide +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation DescribePublisher for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DescribePublisher +func (c *CloudFormation) DescribePublisher(input *DescribePublisherInput) (*DescribePublisherOutput, error) { + req, out := c.DescribePublisherRequest(input) + return out, req.Send() +} + +// DescribePublisherWithContext is the same as DescribePublisher with the addition of +// the ability to pass a context and additional request options. +// +// See DescribePublisher for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) DescribePublisherWithContext(ctx aws.Context, input *DescribePublisherInput, opts ...request.Option) (*DescribePublisherOutput, error) { + req, out := c.DescribePublisherRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeStackDriftDetectionStatus = "DescribeStackDriftDetectionStatus" // DescribeStackDriftDetectionStatusRequest generates a "aws/request.Request" representing the @@ -2233,7 +2589,7 @@ func (c *CloudFormation) DescribeTypeRequest(input *DescribeTypeInput) (req *req // An error occurred during a CloudFormation registry operation. // // * ErrCodeTypeNotFoundException "TypeNotFoundException" -// The specified type does not exist in the CloudFormation registry. +// The specified extension does not exist in the CloudFormation registry. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/DescribeType func (c *CloudFormation) DescribeType(input *DescribeTypeInput) (*DescribeTypeOutput, error) { @@ -4735,6 +5091,95 @@ func (c *CloudFormation) ListTypesPagesWithContext(ctx aws.Context, input *ListT return p.Err() } +const opPublishType = "PublishType" + +// PublishTypeRequest generates a "aws/request.Request" representing the +// client's request for the PublishType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PublishType for more information on using the PublishType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the PublishTypeRequest method. +// req, resp := client.PublishTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/PublishType +func (c *CloudFormation) PublishTypeRequest(input *PublishTypeInput) (req *request.Request, output *PublishTypeOutput) { + op := &request.Operation{ + Name: opPublishType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PublishTypeInput{} + } + + output = &PublishTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// PublishType API operation for AWS CloudFormation. +// +// Publishes the specified extension to the CloudFormation registry as a public +// extension in this region. Public extensions are available for use by all +// CloudFormation users. For more information on publishing extensions, see +// Publishing extensions to make them available for public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) +// in the CloudFormation CLI User Guide. +// +// To publish an extension, you must be registered as a publisher with CloudFormation. +// For more information, see RegisterPublisher (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation PublishType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// * ErrCodeTypeNotFoundException "TypeNotFoundException" +// The specified extension does not exist in the CloudFormation registry. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/PublishType +func (c *CloudFormation) PublishType(input *PublishTypeInput) (*PublishTypeOutput, error) { + req, out := c.PublishTypeRequest(input) + return out, req.Send() +} + +// PublishTypeWithContext is the same as PublishType with the addition of +// the ability to pass a context and additional request options. +// +// See PublishType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) PublishTypeWithContext(ctx aws.Context, input *PublishTypeInput, opts ...request.Option) (*PublishTypeOutput, error) { + req, out := c.PublishTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRecordHandlerProgress = "RecordHandlerProgress" // RecordHandlerProgressRequest generates a "aws/request.Request" representing the @@ -4823,6 +5268,91 @@ func (c *CloudFormation) RecordHandlerProgressWithContext(ctx aws.Context, input return out, req.Send() } +const opRegisterPublisher = "RegisterPublisher" + +// RegisterPublisherRequest generates a "aws/request.Request" representing the +// client's request for the RegisterPublisher operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RegisterPublisher for more information on using the RegisterPublisher +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RegisterPublisherRequest method. +// req, resp := client.RegisterPublisherRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/RegisterPublisher +func (c *CloudFormation) RegisterPublisherRequest(input *RegisterPublisherInput) (req *request.Request, output *RegisterPublisherOutput) { + op := &request.Operation{ + Name: opRegisterPublisher, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RegisterPublisherInput{} + } + + output = &RegisterPublisherOutput{} + req = c.newRequest(op, input, output) + return +} + +// RegisterPublisher API operation for AWS CloudFormation. +// +// Registers your account as a publisher of public extensions in the CloudFormation +// registry. Public extensions are available for use by all CloudFormation users. +// This publisher ID applies to your account in all AWS regions. +// +// For information on requirements for registering as a public extension publisher, +// see Registering your account to publish CloudFormation extensions (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs) +// in the CloudFormation CLI User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation RegisterPublisher for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/RegisterPublisher +func (c *CloudFormation) RegisterPublisher(input *RegisterPublisherInput) (*RegisterPublisherOutput, error) { + req, out := c.RegisterPublisherRequest(input) + return out, req.Send() +} + +// RegisterPublisherWithContext is the same as RegisterPublisher with the addition of +// the ability to pass a context and additional request options. +// +// See RegisterPublisher for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) RegisterPublisherWithContext(ctx aws.Context, input *RegisterPublisherInput, opts ...request.Option) (*RegisterPublisherOutput, error) { + req, out := c.RegisterPublisherRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterType = "RegisterType" // RegisterTypeRequest generates a "aws/request.Request" representing the @@ -4889,6 +5419,12 @@ func (c *CloudFormation) RegisterTypeRequest(input *RegisterTypeInput) (req *req // use DescribeTypeRegistration to monitor the progress of the registration // request. // +// Once you have registered a private extension in your account and region, +// use SetTypeConfiguration (AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) +// to specify configuration properties for the extension. For more information, +// see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) +// in the CloudFormation User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4997,6 +5533,99 @@ func (c *CloudFormation) SetStackPolicyWithContext(ctx aws.Context, input *SetSt return out, req.Send() } +const opSetTypeConfiguration = "SetTypeConfiguration" + +// SetTypeConfigurationRequest generates a "aws/request.Request" representing the +// client's request for the SetTypeConfiguration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SetTypeConfiguration for more information on using the SetTypeConfiguration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the SetTypeConfigurationRequest method. +// req, resp := client.SetTypeConfigurationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/SetTypeConfiguration +func (c *CloudFormation) SetTypeConfigurationRequest(input *SetTypeConfigurationInput) (req *request.Request, output *SetTypeConfigurationOutput) { + op := &request.Operation{ + Name: opSetTypeConfiguration, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SetTypeConfigurationInput{} + } + + output = &SetTypeConfigurationOutput{} + req = c.newRequest(op, input, output) + return +} + +// SetTypeConfiguration API operation for AWS CloudFormation. +// +// Specifies the configuration data for a registered CloudFormation extension, +// in the given account and region. +// +// To view the current configuration data for an extension, refer to the ConfigurationSchema +// element of DescribeType (AWSCloudFormation/latest/APIReference/API_DescribeType.html). +// For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) +// in the CloudFormation User Guide. +// +// It is strongly recommended that you use dynamic references to restrict sensitive +// configuration definitions, such as third-party credentials. For more details +// on dynamic references, see Using dynamic references to specify template values +// (https://docs.aws.amazon.com/) in the AWS CloudFormation User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation SetTypeConfiguration for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// * ErrCodeTypeNotFoundException "TypeNotFoundException" +// The specified extension does not exist in the CloudFormation registry. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/SetTypeConfiguration +func (c *CloudFormation) SetTypeConfiguration(input *SetTypeConfigurationInput) (*SetTypeConfigurationOutput, error) { + req, out := c.SetTypeConfigurationRequest(input) + return out, req.Send() +} + +// SetTypeConfigurationWithContext is the same as SetTypeConfiguration with the addition of +// the ability to pass a context and additional request options. +// +// See SetTypeConfiguration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) SetTypeConfigurationWithContext(ctx aws.Context, input *SetTypeConfigurationInput, opts ...request.Option) (*SetTypeConfigurationOutput, error) { + req, out := c.SetTypeConfigurationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opSetTypeDefaultVersion = "SetTypeDefaultVersion" // SetTypeDefaultVersionRequest generates a "aws/request.Request" representing the @@ -5057,7 +5686,7 @@ func (c *CloudFormation) SetTypeDefaultVersionRequest(input *SetTypeDefaultVersi // An error occurred during a CloudFormation registry operation. // // * ErrCodeTypeNotFoundException "TypeNotFoundException" -// The specified type does not exist in the CloudFormation registry. +// The specified extension does not exist in the CloudFormation registry. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/SetTypeDefaultVersion func (c *CloudFormation) SetTypeDefaultVersion(input *SetTypeDefaultVersionInput) (*SetTypeDefaultVersionOutput, error) { @@ -5247,6 +5876,114 @@ func (c *CloudFormation) StopStackSetOperationWithContext(ctx aws.Context, input return out, req.Send() } +const opTestType = "TestType" + +// TestTypeRequest generates a "aws/request.Request" representing the +// client's request for the TestType operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TestType for more information on using the TestType +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the TestTypeRequest method. +// req, resp := client.TestTypeRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/TestType +func (c *CloudFormation) TestTypeRequest(input *TestTypeInput) (req *request.Request, output *TestTypeOutput) { + op := &request.Operation{ + Name: opTestType, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TestTypeInput{} + } + + output = &TestTypeOutput{} + req = c.newRequest(op, input, output) + return +} + +// TestType API operation for AWS CloudFormation. +// +// Tests a registered extension to make sure it meets all necessary requirements +// for being published in the CloudFormation registry. +// +// * For resource types, this includes passing all contracts tests defined +// for the type. +// +// * For modules, this includes determining if the module's model meets all +// necessary requirements. +// +// For more information, see Testing your public extension prior to publishing +// (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) +// in the CloudFormation CLI User Guide. +// +// If you do not specify a version, CloudFormation uses the default version +// of the extension in your account and region for testing. +// +// To perform testing, CloudFormation assumes the execution role specified when +// the test was registered. For more information, see RegisterType (AWSCloudFormation/latest/APIReference/API_RegisterType.html). +// +// Once you've initiated testing on an extension using TestType, you can use +// DescribeType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html) +// to monitor the current test status and test status description for the extension. +// +// An extension must have a test status of PASSED before it can be published. +// For more information, see Publishing extensions to make them available for +// public use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html) +// in the CloudFormation CLI User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS CloudFormation's +// API operation TestType for usage and error information. +// +// Returned Error Codes: +// * ErrCodeCFNRegistryException "CFNRegistryException" +// An error occurred during a CloudFormation registry operation. +// +// * ErrCodeTypeNotFoundException "TypeNotFoundException" +// The specified extension does not exist in the CloudFormation registry. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudformation-2010-05-15/TestType +func (c *CloudFormation) TestType(input *TestTypeInput) (*TestTypeOutput, error) { + req, out := c.TestTypeRequest(input) + return out, req.Send() +} + +// TestTypeWithContext is the same as TestType with the addition of +// the ability to pass a context and additional request options. +// +// See TestType for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFormation) TestTypeWithContext(ctx aws.Context, input *TestTypeInput, opts ...request.Option) (*TestTypeOutput, error) { + req, out := c.TestTypeRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUpdateStack = "UpdateStack" // UpdateStackRequest generates a "aws/request.Request" representing the @@ -5826,6 +6563,195 @@ func (s *AccountLimit) SetValue(v int64) *AccountLimit { return s } +type ActivateTypeInput struct { + _ struct{} `type:"structure"` + + // Whether to automatically update the extension in this account and region + // when a new minor version is published by the extension publisher. Major versions + // released by the publisher must be manually updated. + // + // The default is true. + AutoUpdate *bool `type:"boolean"` + + // The name of the IAM execution role to use to activate the extension. + ExecutionRoleArn *string `min:"1" type:"string"` + + // Contains logging configuration information for an extension. + LoggingConfig *LoggingConfig `type:"structure"` + + // The major version of this extension you want to activate, if multiple major + // versions are available. The default is the latest major version. CloudFormation + // uses the latest available minor version of the major version selected. + // + // You can specify MajorVersion or VersionBump, but not both. + MajorVersion *int64 `min:"1" type:"long"` + + // The Amazon Resource Number (ARN) of the public extension. + // + // Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId. + PublicTypeArn *string `type:"string"` + + // The ID of the extension publisher. + // + // Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId. + PublisherId *string `min:"1" type:"string"` + + // The extension type. + // + // Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The name of the extension. + // + // Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId. + TypeName *string `min:"10" type:"string"` + + // An alias to assign to the public extension, in this account and region. If + // you specify an alias for the extension, CloudFormation treats the alias as + // the extension type name within this account and region. You must use the + // alias to refer to the extension in your templates, API calls, and CloudFormation + // console. + // + // An extension alias must be unique within a given account and region. You + // can activate the same public resource multiple times in the same account + // and region, using different type name aliases. + TypeNameAlias *string `min:"10" type:"string"` + + // Manually updates a previously-activated type to a new major or minor version, + // if available. You can also use this parameter to update the value of AutoUpdate. + // + // * MAJOR: CloudFormation updates the extension to the newest major version, + // if one is available. + // + // * MINOR: CloudFormation updates the extension to the newest minor version, + // if one is available. + VersionBump *string `type:"string" enum:"VersionBump"` +} + +// String returns the string representation +func (s ActivateTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ActivateTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ActivateTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ActivateTypeInput"} + if s.ExecutionRoleArn != nil && len(*s.ExecutionRoleArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ExecutionRoleArn", 1)) + } + if s.MajorVersion != nil && *s.MajorVersion < 1 { + invalidParams.Add(request.NewErrParamMinValue("MajorVersion", 1)) + } + if s.PublisherId != nil && len(*s.PublisherId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublisherId", 1)) + } + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + if s.TypeNameAlias != nil && len(*s.TypeNameAlias) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeNameAlias", 10)) + } + if s.LoggingConfig != nil { + if err := s.LoggingConfig.Validate(); err != nil { + invalidParams.AddNested("LoggingConfig", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutoUpdate sets the AutoUpdate field's value. +func (s *ActivateTypeInput) SetAutoUpdate(v bool) *ActivateTypeInput { + s.AutoUpdate = &v + return s +} + +// SetExecutionRoleArn sets the ExecutionRoleArn field's value. +func (s *ActivateTypeInput) SetExecutionRoleArn(v string) *ActivateTypeInput { + s.ExecutionRoleArn = &v + return s +} + +// SetLoggingConfig sets the LoggingConfig field's value. +func (s *ActivateTypeInput) SetLoggingConfig(v *LoggingConfig) *ActivateTypeInput { + s.LoggingConfig = v + return s +} + +// SetMajorVersion sets the MajorVersion field's value. +func (s *ActivateTypeInput) SetMajorVersion(v int64) *ActivateTypeInput { + s.MajorVersion = &v + return s +} + +// SetPublicTypeArn sets the PublicTypeArn field's value. +func (s *ActivateTypeInput) SetPublicTypeArn(v string) *ActivateTypeInput { + s.PublicTypeArn = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *ActivateTypeInput) SetPublisherId(v string) *ActivateTypeInput { + s.PublisherId = &v + return s +} + +// SetType sets the Type field's value. +func (s *ActivateTypeInput) SetType(v string) *ActivateTypeInput { + s.Type = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *ActivateTypeInput) SetTypeName(v string) *ActivateTypeInput { + s.TypeName = &v + return s +} + +// SetTypeNameAlias sets the TypeNameAlias field's value. +func (s *ActivateTypeInput) SetTypeNameAlias(v string) *ActivateTypeInput { + s.TypeNameAlias = &v + return s +} + +// SetVersionBump sets the VersionBump field's value. +func (s *ActivateTypeInput) SetVersionBump(v string) *ActivateTypeInput { + s.VersionBump = &v + return s +} + +type ActivateTypeOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Number (ARN) of the activated extension, in this account + // and region. + Arn *string `type:"string"` +} + +// String returns the string representation +func (s ActivateTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ActivateTypeOutput) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *ActivateTypeOutput) SetArn(v string) *ActivateTypeOutput { + s.Arn = &v + return s +} + // [Service-managed permissions] Describes whether StackSets automatically deploys // to AWS Organizations accounts that are added to a target organization or // organizational unit (OU). @@ -5867,6 +6793,144 @@ func (s *AutoDeployment) SetRetainStacksOnAccountRemoval(v bool) *AutoDeployment return s } +// Detailed information concerning an error generated during the setting of +// configuration data for a CloudFormation extension. +type BatchDescribeTypeConfigurationsError struct { + _ struct{} `type:"structure"` + + // The error code. + ErrorCode *string `min:"3" type:"string"` + + // The error message. + ErrorMessage *string `min:"1" type:"string"` + + // Identifying information for the configuration of a CloudFormation extension. + TypeConfigurationIdentifier *TypeConfigurationIdentifier `type:"structure"` +} + +// String returns the string representation +func (s BatchDescribeTypeConfigurationsError) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BatchDescribeTypeConfigurationsError) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *BatchDescribeTypeConfigurationsError) SetErrorCode(v string) *BatchDescribeTypeConfigurationsError { + s.ErrorCode = &v + return s +} + +// SetErrorMessage sets the ErrorMessage field's value. +func (s *BatchDescribeTypeConfigurationsError) SetErrorMessage(v string) *BatchDescribeTypeConfigurationsError { + s.ErrorMessage = &v + return s +} + +// SetTypeConfigurationIdentifier sets the TypeConfigurationIdentifier field's value. +func (s *BatchDescribeTypeConfigurationsError) SetTypeConfigurationIdentifier(v *TypeConfigurationIdentifier) *BatchDescribeTypeConfigurationsError { + s.TypeConfigurationIdentifier = v + return s +} + +type BatchDescribeTypeConfigurationsInput struct { + _ struct{} `type:"structure"` + + // The list of identifiers for the desired extension configurations. + // + // TypeConfigurationIdentifiers is a required field + TypeConfigurationIdentifiers []*TypeConfigurationIdentifier `min:"1" type:"list" required:"true"` +} + +// String returns the string representation +func (s BatchDescribeTypeConfigurationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BatchDescribeTypeConfigurationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchDescribeTypeConfigurationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchDescribeTypeConfigurationsInput"} + if s.TypeConfigurationIdentifiers == nil { + invalidParams.Add(request.NewErrParamRequired("TypeConfigurationIdentifiers")) + } + if s.TypeConfigurationIdentifiers != nil && len(s.TypeConfigurationIdentifiers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TypeConfigurationIdentifiers", 1)) + } + if s.TypeConfigurationIdentifiers != nil { + for i, v := range s.TypeConfigurationIdentifiers { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TypeConfigurationIdentifiers", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTypeConfigurationIdentifiers sets the TypeConfigurationIdentifiers field's value. +func (s *BatchDescribeTypeConfigurationsInput) SetTypeConfigurationIdentifiers(v []*TypeConfigurationIdentifier) *BatchDescribeTypeConfigurationsInput { + s.TypeConfigurationIdentifiers = v + return s +} + +type BatchDescribeTypeConfigurationsOutput struct { + _ struct{} `type:"structure"` + + // A list of information concerning any errors generated during the setting + // of the specified configurations. + Errors []*BatchDescribeTypeConfigurationsError `type:"list"` + + // A list of any of the specified extension configurations from the CloudFormation + // registry. + TypeConfigurations []*TypeConfigurationDetails `type:"list"` + + // A list of any of the specified extension configurations that CloudFormation + // could not process for any reason. + UnprocessedTypeConfigurations []*TypeConfigurationIdentifier `type:"list"` +} + +// String returns the string representation +func (s BatchDescribeTypeConfigurationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BatchDescribeTypeConfigurationsOutput) GoString() string { + return s.String() +} + +// SetErrors sets the Errors field's value. +func (s *BatchDescribeTypeConfigurationsOutput) SetErrors(v []*BatchDescribeTypeConfigurationsError) *BatchDescribeTypeConfigurationsOutput { + s.Errors = v + return s +} + +// SetTypeConfigurations sets the TypeConfigurations field's value. +func (s *BatchDescribeTypeConfigurationsOutput) SetTypeConfigurations(v []*TypeConfigurationDetails) *BatchDescribeTypeConfigurationsOutput { + s.TypeConfigurations = v + return s +} + +// SetUnprocessedTypeConfigurations sets the UnprocessedTypeConfigurations field's value. +func (s *BatchDescribeTypeConfigurationsOutput) SetUnprocessedTypeConfigurations(v []*TypeConfigurationIdentifier) *BatchDescribeTypeConfigurationsOutput { + s.UnprocessedTypeConfigurations = v + return s +} + // The input for the CancelUpdateStack action. type CancelUpdateStackInput struct { _ struct{} `type:"structure"` @@ -7490,6 +8554,81 @@ func (s *CreateStackSetOutput) SetStackSetId(v string) *CreateStackSetOutput { return s } +type DeactivateTypeInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the extension, in this account and region. + // + // Conditional: You must specify either Arn, or TypeName and Type. + Arn *string `type:"string"` + + // The extension type. + // + // Conditional: You must specify either Arn, or TypeName and Type. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The type name of the extension, in this account and region. If you specified + // a type name alias when enabling the extension, use the type name alias. + // + // Conditional: You must specify either Arn, or TypeName and Type. + TypeName *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s DeactivateTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeactivateTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeactivateTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeactivateTypeInput"} + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetArn sets the Arn field's value. +func (s *DeactivateTypeInput) SetArn(v string) *DeactivateTypeInput { + s.Arn = &v + return s +} + +// SetType sets the Type field's value. +func (s *DeactivateTypeInput) SetType(v string) *DeactivateTypeInput { + s.Type = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *DeactivateTypeInput) SetTypeName(v string) *DeactivateTypeInput { + s.TypeName = &v + return s +} + +type DeactivateTypeOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeactivateTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeactivateTypeOutput) GoString() string { + return s.String() +} + // The input for the DeleteChangeSet action. type DeleteChangeSetInput struct { _ struct{} `type:"structure"` @@ -8423,6 +9562,98 @@ func (s *DescribeChangeSetOutput) SetTags(v []*Tag) *DescribeChangeSetOutput { return s } +type DescribePublisherInput struct { + _ struct{} `type:"structure"` + + // The ID of the extension publisher. + // + // If you do not supply a PublisherId, and you have registered as an extension + // publisher, DescribePublisher returns information about your own publisher + // account. + PublisherId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s DescribePublisherInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePublisherInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribePublisherInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribePublisherInput"} + if s.PublisherId != nil && len(*s.PublisherId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublisherId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPublisherId sets the PublisherId field's value. +func (s *DescribePublisherInput) SetPublisherId(v string) *DescribePublisherInput { + s.PublisherId = &v + return s +} + +type DescribePublisherOutput struct { + _ struct{} `type:"structure"` + + // The type of account used as the identity provider when registering this publisher + // with CloudFormation. + IdentityProvider *string `type:"string" enum:"IdentityProvider"` + + // The ID of the extension publisher. + PublisherId *string `min:"1" type:"string"` + + // The URL to the publisher's profile with the identity provider. + PublisherProfile *string `type:"string"` + + // Whether the publisher is verified. Currently, all registered publishers are + // verified. + PublisherStatus *string `type:"string" enum:"PublisherStatus"` +} + +// String returns the string representation +func (s DescribePublisherOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePublisherOutput) GoString() string { + return s.String() +} + +// SetIdentityProvider sets the IdentityProvider field's value. +func (s *DescribePublisherOutput) SetIdentityProvider(v string) *DescribePublisherOutput { + s.IdentityProvider = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *DescribePublisherOutput) SetPublisherId(v string) *DescribePublisherOutput { + s.PublisherId = &v + return s +} + +// SetPublisherProfile sets the PublisherProfile field's value. +func (s *DescribePublisherOutput) SetPublisherProfile(v string) *DescribePublisherOutput { + s.PublisherProfile = &v + return s +} + +// SetPublisherStatus sets the PublisherStatus field's value. +func (s *DescribePublisherOutput) SetPublisherStatus(v string) *DescribePublisherOutput { + s.PublisherStatus = &v + return s +} + type DescribeStackDriftDetectionStatusInput struct { _ struct{} `type:"structure"` @@ -9379,6 +10610,14 @@ type DescribeTypeInput struct { // Conditional: You must specify either TypeName and Type, or Arn. Arn *string `type:"string"` + // The version number of a public third-party extension. + PublicVersionNumber *string `min:"5" type:"string"` + + // The publisher ID of the extension publisher. + // + // Extensions provided by Amazon are not assigned a publisher ID. + PublisherId *string `min:"1" type:"string"` + // The kind of extension. // // Conditional: You must specify either TypeName and Type, or Arn. @@ -9412,6 +10651,12 @@ func (s DescribeTypeInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeTypeInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeTypeInput"} + if s.PublicVersionNumber != nil && len(*s.PublicVersionNumber) < 5 { + invalidParams.Add(request.NewErrParamMinLen("PublicVersionNumber", 5)) + } + if s.PublisherId != nil && len(*s.PublisherId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublisherId", 1)) + } if s.TypeName != nil && len(*s.TypeName) < 10 { invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) } @@ -9431,6 +10676,18 @@ func (s *DescribeTypeInput) SetArn(v string) *DescribeTypeInput { return s } +// SetPublicVersionNumber sets the PublicVersionNumber field's value. +func (s *DescribeTypeInput) SetPublicVersionNumber(v string) *DescribeTypeInput { + s.PublicVersionNumber = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *DescribeTypeInput) SetPublisherId(v string) *DescribeTypeInput { + s.PublisherId = &v + return s +} + // SetType sets the Type field's value. func (s *DescribeTypeInput) SetType(v string) *DescribeTypeInput { s.Type = &v @@ -9455,9 +10712,30 @@ type DescribeTypeOutput struct { // The Amazon Resource Name (ARN) of the extension. Arn *string `type:"string"` + // Whether CloudFormation automatically updates the extension in this account + // and region when a new minor version is published by the extension publisher. + // Major versions released by the publisher must be manually updated. For more + // information, see Activating public extensions for use in your account (AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable) + // in the AWS CloudFormation User Guide. + AutoUpdate *bool `type:"boolean"` + + // A JSON string that represent the current configuration data for the extension + // in this account and region. + // + // To set the configuration data for an extension, use SetTypeConfiguration + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html). + // For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) + // in the CloudFormation User Guide. + ConfigurationSchema *string `min:"1" type:"string"` + // The ID of the default version of the extension. The default version is used // when the extension version is not specified. // + // This applies only to private extensions you have registered in your account. + // For public extensions, both those provided by Amazon and published by third + // parties, CloudFormation returns null. For more information, see RegisterType + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). + // // To set the default version of an extension, use SetTypeDefaultVersion . DefaultVersionId *string `min:"1" type:"string"` @@ -9465,53 +10743,114 @@ type DescribeTypeOutput struct { // // Valid values include: // - // * LIVE: The extension is registered and can be used in CloudFormation + // * LIVE: The extension is activated or registered and can be used in CloudFormation // operations, dependent on its provisioning behavior and visibility scope. // - // * DEPRECATED: The extension has been deregistered and can no longer be - // used in CloudFormation operations. + // * DEPRECATED: The extension has been deactivated or deregistered and can + // no longer be used in CloudFormation operations. + // + // For public third-party extensions, CloudFormation returns null. DeprecatedStatus *string `type:"string" enum:"DeprecatedStatus"` - // The description of the registered extension. + // The description of the extension. Description *string `min:"1" type:"string"` // The URL of a page providing detailed documentation for this extension. DocumentationUrl *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM execution role used to register - // the extension. If your resource type calls AWS APIs in any of its handlers, - // you must create an IAM execution role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) - // that includes the necessary permissions to call those AWS APIs, and provision + // the extension. This applies only to private extensions you have registered + // in your account. For more information, see RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). + // + // If the registered extension calls any AWS APIs, you must create an IAM execution + // role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) that + // includes the necessary permissions to call those AWS APIs, and provision // that execution role in your account. CloudFormation then assumes that execution // role to provide your extension with the appropriate credentials. ExecutionRoleArn *string `min:"1" type:"string"` + // Whether or not the extension is activated in the account and region. + // + // This only applies to public third-party extensions. For all other extensions, + // CloudFormation returns null. + IsActivated *bool `type:"boolean"` + // Whether the specified extension version is set as the default version. + // + // This applies only to private extensions you have registered in your account, + // and extensions published by Amazon. For public third-party extensions, whether + // or not they are activated in your account, CloudFormation returns null. IsDefaultVersion *bool `type:"boolean"` - // When the specified extension version was registered. + // When the specified extension version was registered. This applies only to: + // + // * Private extensions you have registered in your account. For more information, + // see RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). + // + // * Public extensions you have activated in your account with auto-update + // specified. For more information, see ActivateType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html). LastUpdated *time.Time `type:"timestamp"` - // Contains logging configuration information for an extension. + // The latest version of a public extension that is available for use. + // + // This only applies if you specify a public extension, and you do not specify + // a version. For all other requests, CloudFormation returns null. + LatestPublicVersion *string `min:"5" type:"string"` + + // Contains logging configuration information for private extensions. This applies + // only to private extensions you have registered in your account. For public + // extensions, both those provided by Amazon and published by third parties, + // CloudFormation returns null. For more information, see RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). LoggingConfig *LoggingConfig `type:"structure"` - // The provisioning behavior of the extension. AWS CloudFormation determines - // the provisioning type during registration, based on the types of handlers - // in the schema handler package submitted. + // For public extensions that have been activated for this account and region, + // the Amazon Resource Name (ARN) of the public extension. + OriginalTypeArn *string `type:"string"` + + // For public extensions that have been activated for this account and region, + // the type name of the public extension. + // + // If you specified a TypeNameAlias when enabling the extension in this account + // and region, CloudFormation treats that alias as the extension's type name + // within the account and region, not the type name of the public extension. + // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) + // in the CloudFormation User Guide. + OriginalTypeName *string `min:"10" type:"string"` + + // For resource type extensions, the provisioning behavior of the resource type. + // AWS CloudFormation determines the provisioning type during registration, + // based on the types of handlers in the schema handler package submitted. // // Valid values include: // - // * FULLY_MUTABLE: The extension includes an update handler to process updates - // to the extension during stack update operations. + // * FULLY_MUTABLE: The resource type includes an update handler to process + // updates to the type during stack update operations. // - // * IMMUTABLE: The extension does not include an update handler, so the - // extension cannot be updated and must instead be replaced during stack - // update operations. + // * IMMUTABLE: The resource type does not include an update handler, so + // the type cannot be updated and must instead be replaced during stack update + // operations. // - // * NON_PROVISIONABLE: The extension does not include all of the following + // * NON_PROVISIONABLE: The resource type does not include all of the following // handlers, and therefore cannot actually be provisioned. create read delete ProvisioningType *string `type:"string" enum:"ProvisioningType"` + // The version number of a public third-party extension. + // + // This applies only if you specify a public extension you have activated in + // your account, or specify a public extension without specifying a version. + // For all other extensions, CloudFormation returns null. + PublicVersionNumber *string `min:"5" type:"string"` + + // The publisher ID of the extension publisher. + // + // This applies only to public third-party extensions. For private registered + // extensions, and extensions provided by Amazon, CloudFormation returns null. + PublisherId *string `min:"1" type:"string"` + + // For extensions that are modules, the public third-party extensions that must + // be activated in your account in order for the module itself to be activated. + RequiredActivatedTypes []*RequiredActivatedType `type:"list"` + // The schema that defines the extension. // // For more information on extension schemas, see Resource Provider Schema (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-schema.html) @@ -9521,23 +10860,56 @@ type DescribeTypeOutput struct { // The URL of the source code for the extension. SourceUrl *string `type:"string"` - // When the specified extension version was registered. + // When the specified private extension version was registered or activated + // in your account. TimeCreated *time.Time `type:"timestamp"` // The kind of extension. Type *string `type:"string" enum:"RegistryType"` - // The name of the registered extension. + // The name of the extension. + // + // If the extension is a public third-party type you have activated with a type + // name alias, CloudFormation returns the type name alias. For more information, + // see ActivateType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html). TypeName *string `min:"10" type:"string"` + // The contract test status of the registered extension version. To return the + // extension test status of a specifc extension version, you must specify VersionId. + // + // This applies only to registered private extension versions. CloudFormation + // does not return this information for public extensions, whether or not they + // are activated in your account. + // + // * PASSED: The extension has passed all its contract tests. An extension + // must have a test status of PASSED before it can be published. For more + // information, see Publishing extensions to make them available for public + // use (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html) + // in the CloudFormation Command Line Interface User Guide. + // + // * FAILED: The extension has failed one or more contract tests. + // + // * IN_PROGRESS: Contract tests are currently being performed on the extension. + // + // * NOT_TESTED: Contract tests have not been performed on the extension. + TypeTestsStatus *string `type:"string" enum:"TypeTestsStatus"` + + // The description of the test status. To return the extension test status of + // a specifc extension version, you must specify VersionId. + // + // This applies only to registered private extension versions. CloudFormation + // does not return this information for public extensions, whether or not they + // are activated in your account. + TypeTestsStatusDescription *string `min:"1" type:"string"` + // The scope at which the extension is visible and usable in CloudFormation // operations. // // Valid values include: // // * PRIVATE: The extension is only visible and usable within the account - // in which it is registered. Currently, AWS CloudFormation marks any types - // you register as PRIVATE. + // in which it is registered. AWS CloudFormation marks any extensions you + // register as PRIVATE. // // * PUBLIC: The extension is publically visible and usable within any Amazon // account. @@ -9560,6 +10932,18 @@ func (s *DescribeTypeOutput) SetArn(v string) *DescribeTypeOutput { return s } +// SetAutoUpdate sets the AutoUpdate field's value. +func (s *DescribeTypeOutput) SetAutoUpdate(v bool) *DescribeTypeOutput { + s.AutoUpdate = &v + return s +} + +// SetConfigurationSchema sets the ConfigurationSchema field's value. +func (s *DescribeTypeOutput) SetConfigurationSchema(v string) *DescribeTypeOutput { + s.ConfigurationSchema = &v + return s +} + // SetDefaultVersionId sets the DefaultVersionId field's value. func (s *DescribeTypeOutput) SetDefaultVersionId(v string) *DescribeTypeOutput { s.DefaultVersionId = &v @@ -9590,6 +10974,12 @@ func (s *DescribeTypeOutput) SetExecutionRoleArn(v string) *DescribeTypeOutput { return s } +// SetIsActivated sets the IsActivated field's value. +func (s *DescribeTypeOutput) SetIsActivated(v bool) *DescribeTypeOutput { + s.IsActivated = &v + return s +} + // SetIsDefaultVersion sets the IsDefaultVersion field's value. func (s *DescribeTypeOutput) SetIsDefaultVersion(v bool) *DescribeTypeOutput { s.IsDefaultVersion = &v @@ -9602,18 +10992,54 @@ func (s *DescribeTypeOutput) SetLastUpdated(v time.Time) *DescribeTypeOutput { return s } +// SetLatestPublicVersion sets the LatestPublicVersion field's value. +func (s *DescribeTypeOutput) SetLatestPublicVersion(v string) *DescribeTypeOutput { + s.LatestPublicVersion = &v + return s +} + // SetLoggingConfig sets the LoggingConfig field's value. func (s *DescribeTypeOutput) SetLoggingConfig(v *LoggingConfig) *DescribeTypeOutput { s.LoggingConfig = v return s } +// SetOriginalTypeArn sets the OriginalTypeArn field's value. +func (s *DescribeTypeOutput) SetOriginalTypeArn(v string) *DescribeTypeOutput { + s.OriginalTypeArn = &v + return s +} + +// SetOriginalTypeName sets the OriginalTypeName field's value. +func (s *DescribeTypeOutput) SetOriginalTypeName(v string) *DescribeTypeOutput { + s.OriginalTypeName = &v + return s +} + // SetProvisioningType sets the ProvisioningType field's value. func (s *DescribeTypeOutput) SetProvisioningType(v string) *DescribeTypeOutput { s.ProvisioningType = &v return s } +// SetPublicVersionNumber sets the PublicVersionNumber field's value. +func (s *DescribeTypeOutput) SetPublicVersionNumber(v string) *DescribeTypeOutput { + s.PublicVersionNumber = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *DescribeTypeOutput) SetPublisherId(v string) *DescribeTypeOutput { + s.PublisherId = &v + return s +} + +// SetRequiredActivatedTypes sets the RequiredActivatedTypes field's value. +func (s *DescribeTypeOutput) SetRequiredActivatedTypes(v []*RequiredActivatedType) *DescribeTypeOutput { + s.RequiredActivatedTypes = v + return s +} + // SetSchema sets the Schema field's value. func (s *DescribeTypeOutput) SetSchema(v string) *DescribeTypeOutput { s.Schema = &v @@ -9644,6 +11070,18 @@ func (s *DescribeTypeOutput) SetTypeName(v string) *DescribeTypeOutput { return s } +// SetTypeTestsStatus sets the TypeTestsStatus field's value. +func (s *DescribeTypeOutput) SetTypeTestsStatus(v string) *DescribeTypeOutput { + s.TypeTestsStatus = &v + return s +} + +// SetTypeTestsStatusDescription sets the TypeTestsStatusDescription field's value. +func (s *DescribeTypeOutput) SetTypeTestsStatusDescription(v string) *DescribeTypeOutput { + s.TypeTestsStatusDescription = &v + return s +} + // SetVisibility sets the Visibility field's value. func (s *DescribeTypeOutput) SetVisibility(v string) *DescribeTypeOutput { s.Visibility = &v @@ -10350,7 +11788,7 @@ type GetTemplateInput struct { // specify Processed. // // If the template doesn't include transforms, Original and Processed return - // the same template. By default, AWS CloudFormation specifies Original. + // the same template. By default, AWS CloudFormation specifies Processed. TemplateStage *string `type:"string" enum:"TemplateStage"` } @@ -11820,6 +13258,11 @@ type ListTypeVersionsInput struct { // the previous response object's NextToken parameter is set to null. NextToken *string `min:"1" type:"string"` + // The publisher ID of the extension publisher. + // + // Extensions published by Amazon are not assigned a publisher ID. + PublisherId *string `min:"1" type:"string"` + // The kind of the extension. // // Conditional: You must specify either TypeName and Type, or Arn. @@ -11850,6 +13293,9 @@ func (s *ListTypeVersionsInput) Validate() error { if s.NextToken != nil && len(*s.NextToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } + if s.PublisherId != nil && len(*s.PublisherId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublisherId", 1)) + } if s.TypeName != nil && len(*s.TypeName) < 10 { invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) } @@ -11884,6 +13330,12 @@ func (s *ListTypeVersionsInput) SetNextToken(v string) *ListTypeVersionsInput { return s } +// SetPublisherId sets the PublisherId field's value. +func (s *ListTypeVersionsInput) SetPublisherId(v string) *ListTypeVersionsInput { + s.PublisherId = &v + return s +} + // SetType sets the Type field's value. func (s *ListTypeVersionsInput) SetType(v string) *ListTypeVersionsInput { s.Type = &v @@ -11946,6 +13398,12 @@ type ListTypesInput struct { // used in CloudFormation operations. DeprecatedStatus *string `type:"string" enum:"DeprecatedStatus"` + // Filter criteria to use in determining which extensions to return. + // + // If you specify a filter, CloudFormation ignores any specified Visibility + // value when returning the list of types. + Filters *TypeFilters `type:"structure"` + // The maximum number of results to be returned with a single call. If the number // of available results exceeds this maximum, the response includes a NextToken // value that you can assign to the NextToken request parameter to get the next @@ -11959,37 +13417,41 @@ type ListTypesInput struct { // the previous response object's NextToken parameter is set to null. NextToken *string `min:"1" type:"string"` - // The provisioning behavior of the type. AWS CloudFormation determines the - // provisioning type during registration, based on the types of handlers in - // the schema handler package submitted. + // For resource types, the provisioning behavior of the resource type. AWS CloudFormation + // determines the provisioning type during registration, based on the types + // of handlers in the schema handler package submitted. // // Valid values include: // - // * FULLY_MUTABLE: The extension includes an update handler to process updates - // to the extension during stack update operations. + // * FULLY_MUTABLE: The resource type includes an update handler to process + // updates to the type during stack update operations. // - // * IMMUTABLE: The extension does not include an update handler, so the - // extension cannot be updated and must instead be replaced during stack - // update operations. + // * IMMUTABLE: The resource type does not include an update handler, so + // the type cannot be updated and must instead be replaced during stack update + // operations. // - // * NON_PROVISIONABLE: The extension does not include create, read, and - // delete handlers, and therefore cannot actually be provisioned. + // * NON_PROVISIONABLE: The resource type does not include create, read, + // and delete handlers, and therefore cannot actually be provisioned. + // + // The default is FULLY_MUTABLE. ProvisioningType *string `type:"string" enum:"ProvisioningType"` // The type of extension. Type *string `type:"string" enum:"RegistryType"` - // The scope at which the extension is visible and usable in CloudFormation + // The scope at which the extensions are visible and usable in CloudFormation // operations. // // Valid values include: // - // * PRIVATE: The extension is only visible and usable within the account - // in which it is registered. Currently, AWS CloudFormation marks any extension - // you create as PRIVATE. + // * PRIVATE: Extensions that are visible and usable within this account + // and region. This includes: Private extensions you have registered in this + // account and region. Public extensions that you have activated in this + // account and region. // - // * PUBLIC: The extension is publically visible and usable within any Amazon - // account. + // * PUBLIC: Extensions that are publicly visible and available to be activated + // within any Amazon account. This includes extensions from Amazon, as well + // as third-party publishers. // // The default is PRIVATE. Visibility *string `type:"string" enum:"Visibility"` @@ -12014,6 +13476,11 @@ func (s *ListTypesInput) Validate() error { if s.NextToken != nil && len(*s.NextToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } + if s.Filters != nil { + if err := s.Filters.Validate(); err != nil { + invalidParams.AddNested("Filters", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -12027,6 +13494,12 @@ func (s *ListTypesInput) SetDeprecatedStatus(v string) *ListTypesInput { return s } +// SetFilters sets the Filters field's value. +func (s *ListTypesInput) SetFilters(v *TypeFilters) *ListTypesInput { + s.Filters = v + return s +} + // SetMaxResults sets the MaxResults field's value. func (s *ListTypesInput) SetMaxResults(v int64) *ListTypesInput { s.MaxResults = &v @@ -12093,12 +13566,12 @@ func (s *ListTypesOutput) SetTypeSummaries(v []*TypeSummary) *ListTypesOutput { return s } -// Contains logging configuration information for a type. +// Contains logging configuration information for an extension. type LoggingConfig struct { _ struct{} `type:"structure"` // The Amazon CloudWatch log group to which CloudFormation sends error logging - // information when invoking the type's handlers. + // information when invoking the extension's handlers. // // LogGroupName is a required field LogGroupName *string `min:"1" type:"string" required:"true"` @@ -12528,6 +14001,111 @@ func (s *PropertyDifference) SetPropertyPath(v string) *PropertyDifference { return s } +type PublishTypeInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Number (ARN) of the extension. + // + // Conditional: You must specify Arn, or TypeName and Type. + Arn *string `type:"string"` + + // The version number to assign to this version of the extension. + // + // Use the following format, and adhere to semantic versioning when assigning + // a version number to your extension: + // + // MAJOR.MINOR.PATCH + // + // For more information, see Semantic Versioning 2.0.0 (https://semver.org/). + // + // If you do not specify a version number, CloudFormation increments the version + // number by one minor version release. + PublicVersionNumber *string `min:"5" type:"string"` + + // The type of the extension. + // + // Conditional: You must specify Arn, or TypeName and Type. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The name of the extension. + // + // Conditional: You must specify Arn, or TypeName and Type. + TypeName *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s PublishTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PublishTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PublishTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PublishTypeInput"} + if s.PublicVersionNumber != nil && len(*s.PublicVersionNumber) < 5 { + invalidParams.Add(request.NewErrParamMinLen("PublicVersionNumber", 5)) + } + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetArn sets the Arn field's value. +func (s *PublishTypeInput) SetArn(v string) *PublishTypeInput { + s.Arn = &v + return s +} + +// SetPublicVersionNumber sets the PublicVersionNumber field's value. +func (s *PublishTypeInput) SetPublicVersionNumber(v string) *PublishTypeInput { + s.PublicVersionNumber = &v + return s +} + +// SetType sets the Type field's value. +func (s *PublishTypeInput) SetType(v string) *PublishTypeInput { + s.Type = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *PublishTypeInput) SetTypeName(v string) *PublishTypeInput { + s.TypeName = &v + return s +} + +type PublishTypeOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Number (ARN) assigned to the public extension upon publication. + PublicTypeArn *string `type:"string"` +} + +// String returns the string representation +func (s PublishTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PublishTypeOutput) GoString() string { + return s.String() +} + +// SetPublicTypeArn sets the PublicTypeArn field's value. +func (s *PublishTypeOutput) SetPublicTypeArn(v string) *PublishTypeOutput { + s.PublicTypeArn = &v + return s +} + type RecordHandlerProgressInput struct { _ struct{} `type:"structure"` @@ -12648,6 +14226,83 @@ func (s RecordHandlerProgressOutput) GoString() string { return s.String() } +type RegisterPublisherInput struct { + _ struct{} `type:"structure"` + + // Whether you accept the terms and conditions for publishing extensions in + // the CloudFormation registry. You must accept the terms and conditions in + // order to register to publish public extensions to the CloudFormation registry. + // + // The default is false. + AcceptTermsAndConditions *bool `type:"boolean"` + + // If you are using a Bitbucket or GitHub account for identity verification, + // the Amazon Resource Name (ARN) for your connection to that account. + // + // For more information, see Registering your account to publish CloudFormation + // extensions (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs) + // in the CloudFormation CLI User Guide. + ConnectionArn *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s RegisterPublisherInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterPublisherInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RegisterPublisherInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RegisterPublisherInput"} + if s.ConnectionArn != nil && len(*s.ConnectionArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ConnectionArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAcceptTermsAndConditions sets the AcceptTermsAndConditions field's value. +func (s *RegisterPublisherInput) SetAcceptTermsAndConditions(v bool) *RegisterPublisherInput { + s.AcceptTermsAndConditions = &v + return s +} + +// SetConnectionArn sets the ConnectionArn field's value. +func (s *RegisterPublisherInput) SetConnectionArn(v string) *RegisterPublisherInput { + s.ConnectionArn = &v + return s +} + +type RegisterPublisherOutput struct { + _ struct{} `type:"structure"` + + // The ID assigned this account by CloudFormation for publishing extensions. + PublisherId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s RegisterPublisherOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RegisterPublisherOutput) GoString() string { + return s.String() +} + +// SetPublisherId sets the PublisherId field's value. +func (s *RegisterPublisherOutput) SetPublisherId(v string) *RegisterPublisherOutput { + s.PublisherId = &v + return s +} + type RegisterTypeInput struct { _ struct{} `type:"structure"` @@ -12658,13 +14313,21 @@ type RegisterTypeInput struct { ClientRequestToken *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of the IAM role for CloudFormation to assume - // when invoking the extension. If your extension calls AWS APIs in any of its - // handlers, you must create an IAM execution role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) + // when invoking the extension. + // + // For CloudFormation to assume the specified execution role, the role must + // contain a trust relationship with the CloudFormation service principle (resources.cloudformation.amazonaws.com). + // For more information on adding trust relationships, see Modifying a role + // trust policy (IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy) + // in the AWS Identity and Access Management User Guide. + // + // If your extension calls AWS APIs in any of its handlers, you must create + // an IAM execution role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) // that includes the necessary permissions to call those AWS APIs, and provision // that execution role in your account. When CloudFormation needs to invoke - // the extension handler, CloudFormation assumes this execution role to create - // a temporary session token, which it then passes to the extension handler, - // thereby supplying your extension with the appropriate credentials. + // the resource type handler, CloudFormation assumes this execution role to + // create a temporary session token, which it then passes to the resource type + // handler, thereby supplying your resource type with the appropriate credentials. ExecutionRoleArn *string `min:"1" type:"string"` // Specifies logging configuration information for an extension. @@ -12691,7 +14354,11 @@ type RegisterTypeInput struct { // The name of the extension being registered. // - // We recommend that extension names adhere to the following pattern: company_or_organization::service::type. + // We recommend that extension names adhere to the following patterns: + // + // * For resource types, company_or_organization::service::type. + // + // * For modules, company_or_organization::service::type::MODULE. // // The following organization namespaces are reserved and cannot be used in // your extension names: @@ -12817,6 +14484,72 @@ func (s *RegisterTypeOutput) SetRegistrationToken(v string) *RegisterTypeOutput return s } +// For extensions that are modules, a public third-party extension that must +// be activated in your account in order for the module itself to be activated. +// +// For more information, see Activating public modules for use in your account +// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html#module-enabling) +// in the AWS CloudFormation User Guide. +type RequiredActivatedType struct { + _ struct{} `type:"structure"` + + // The type name of the public extension. + // + // If you specified a TypeNameAlias when enabling the extension in this account + // and region, CloudFormation treats that alias as the extension's type name + // within the account and region, not the type name of the public extension. + // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) + // in the CloudFormation User Guide. + OriginalTypeName *string `min:"10" type:"string"` + + // The publisher ID of the extension publisher. + PublisherId *string `min:"1" type:"string"` + + // A list of the major versions of the extension type that the macro supports. + SupportedMajorVersions []*int64 `type:"list"` + + // An alias assigned to the public extension, in this account and region. If + // you specify an alias for the extension, CloudFormation treats the alias as + // the extension type name within this account and region. You must use the + // alias to refer to the extension in your templates, API calls, and CloudFormation + // console. + TypeNameAlias *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s RequiredActivatedType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RequiredActivatedType) GoString() string { + return s.String() +} + +// SetOriginalTypeName sets the OriginalTypeName field's value. +func (s *RequiredActivatedType) SetOriginalTypeName(v string) *RequiredActivatedType { + s.OriginalTypeName = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *RequiredActivatedType) SetPublisherId(v string) *RequiredActivatedType { + s.PublisherId = &v + return s +} + +// SetSupportedMajorVersions sets the SupportedMajorVersions field's value. +func (s *RequiredActivatedType) SetSupportedMajorVersions(v []*int64) *RequiredActivatedType { + s.SupportedMajorVersions = v + return s +} + +// SetTypeNameAlias sets the TypeNameAlias field's value. +func (s *RequiredActivatedType) SetTypeNameAlias(v string) *RequiredActivatedType { + s.TypeNameAlias = &v + return s +} + // The ResourceChange structure describes the resource and the action that AWS // CloudFormation will perform on it if you execute this change set. type ResourceChange struct { @@ -13441,6 +15174,138 @@ func (s SetStackPolicyOutput) GoString() string { return s.String() } +type SetTypeConfigurationInput struct { + _ struct{} `type:"structure"` + + // The configuration data for the extension, in this account and region. + // + // The configuration data must be formatted as JSON, and validate against the + // schema returned in the ConfigurationSchema response element of API_DescribeType + // (AWSCloudFormation/latest/APIReference/API_DescribeType.html). For more information, + // see Defining account-level configuration data for an extension (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration) + // in the CloudFormation CLI User Guide. + // + // Configuration is a required field + Configuration *string `min:"1" type:"string" required:"true"` + + // An alias by which to refer to this extension configuration data. + // + // Conditional: Specifying a configuration alias is required when setting a + // configuration for a resource type extension. + ConfigurationAlias *string `min:"1" type:"string"` + + // The type of extension. + // + // Conditional: You must specify ConfigurationArn, or Type and TypeName. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The Amazon Resource Name (ARN) for the extension, in this account and region. + // + // For public extensions, this will be the ARN assigned when you activate the + // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) + // in this account and region. For private extensions, this will be the ARN + // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) + // in this account and region. + // + // Do not include the extension versions suffix at the end of the ARN. You can + // set the configuration for an extension, but not for a specific extension + // version. + TypeArn *string `type:"string"` + + // The name of the extension. + // + // Conditional: You must specify ConfigurationArn, or Type and TypeName. + TypeName *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s SetTypeConfigurationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SetTypeConfigurationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SetTypeConfigurationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SetTypeConfigurationInput"} + if s.Configuration == nil { + invalidParams.Add(request.NewErrParamRequired("Configuration")) + } + if s.Configuration != nil && len(*s.Configuration) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Configuration", 1)) + } + if s.ConfigurationAlias != nil && len(*s.ConfigurationAlias) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ConfigurationAlias", 1)) + } + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConfiguration sets the Configuration field's value. +func (s *SetTypeConfigurationInput) SetConfiguration(v string) *SetTypeConfigurationInput { + s.Configuration = &v + return s +} + +// SetConfigurationAlias sets the ConfigurationAlias field's value. +func (s *SetTypeConfigurationInput) SetConfigurationAlias(v string) *SetTypeConfigurationInput { + s.ConfigurationAlias = &v + return s +} + +// SetType sets the Type field's value. +func (s *SetTypeConfigurationInput) SetType(v string) *SetTypeConfigurationInput { + s.Type = &v + return s +} + +// SetTypeArn sets the TypeArn field's value. +func (s *SetTypeConfigurationInput) SetTypeArn(v string) *SetTypeConfigurationInput { + s.TypeArn = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *SetTypeConfigurationInput) SetTypeName(v string) *SetTypeConfigurationInput { + s.TypeName = &v + return s +} + +type SetTypeConfigurationOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the configuration data, in this account + // and region. + // + // Conditional: You must specify ConfigurationArn, or Type and TypeName. + ConfigurationArn *string `type:"string"` +} + +// String returns the string representation +func (s SetTypeConfigurationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SetTypeConfigurationOutput) GoString() string { + return s.String() +} + +// SetConfigurationArn sets the ConfigurationArn field's value. +func (s *SetTypeConfigurationOutput) SetConfigurationArn(v string) *SetTypeConfigurationOutput { + s.ConfigurationArn = &v + return s +} + type SetTypeDefaultVersionInput struct { _ struct{} `type:"structure"` @@ -15657,6 +17522,8 @@ type StackSetOperationPreferences struct { // // Conditional: You must specify either FailureToleranceCount or FailureTolerancePercentage // (but not both). + // + // By default, 0 is specified. FailureToleranceCount *int64 `type:"integer"` // The percentage of accounts, per Region, for which this stack operation can @@ -15669,6 +17536,8 @@ type StackSetOperationPreferences struct { // // Conditional: You must specify either FailureToleranceCount or FailureTolerancePercentage, // but not both. + // + // By default, 0 is specified. FailureTolerancePercentage *int64 `type:"integer"` // The maximum number of accounts in which to perform this operation at one @@ -15681,6 +17550,8 @@ type StackSetOperationPreferences struct { // // Conditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage, // but not both. + // + // By default, 1 is specified. MaxConcurrentCount *int64 `min:"1" type:"integer"` // The maximum percentage of accounts in which to perform this operation at @@ -15697,6 +17568,8 @@ type StackSetOperationPreferences struct { // // Conditional: You must specify either MaxConcurrentCount or MaxConcurrentPercentage, // but not both. + // + // By default, 1 is specified. MaxConcurrentPercentage *int64 `min:"1" type:"integer"` // The concurrency type of deploying StackSets operations in regions, could @@ -16408,29 +18281,481 @@ func (s *TemplateParameter) SetParameterKey(v string) *TemplateParameter { return s } -// Contains summary information about the specified CloudFormation type. +type TestTypeInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Number (ARN) of the extension. + // + // Conditional: You must specify Arn, or TypeName and Type. + Arn *string `type:"string"` + + // The S3 bucket to which CloudFormation delivers the contract test execution + // logs. + // + // CloudFormation delivers the logs by the time contract testing has completed + // and the extension has been assigned a test type status of PASSED or FAILED. + // + // The user calling TestType must be able to access items in the specified S3 + // bucket. Specifically, the user needs the following permissions: + // + // * GetObject + // + // * PutObject + // + // For more information, see Actions, Resources, and Condition Keys for Amazon + // S3 (https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html) + // in the AWS Identity and Access Management User Guide. + LogDeliveryBucket *string `min:"3" type:"string"` + + // The type of the extension to test. + // + // Conditional: You must specify Arn, or TypeName and Type. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The name of the extension to test. + // + // Conditional: You must specify Arn, or TypeName and Type. + TypeName *string `min:"10" type:"string"` + + // The version of the extension to test. + // + // You can specify the version id with either Arn, or with TypeName and Type. + // + // If you do not specify a version, CloudFormation uses the default version + // of the extension in this account and region for testing. + VersionId *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s TestTypeInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TestTypeInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TestTypeInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TestTypeInput"} + if s.LogDeliveryBucket != nil && len(*s.LogDeliveryBucket) < 3 { + invalidParams.Add(request.NewErrParamMinLen("LogDeliveryBucket", 3)) + } + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + if s.VersionId != nil && len(*s.VersionId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VersionId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetArn sets the Arn field's value. +func (s *TestTypeInput) SetArn(v string) *TestTypeInput { + s.Arn = &v + return s +} + +// SetLogDeliveryBucket sets the LogDeliveryBucket field's value. +func (s *TestTypeInput) SetLogDeliveryBucket(v string) *TestTypeInput { + s.LogDeliveryBucket = &v + return s +} + +// SetType sets the Type field's value. +func (s *TestTypeInput) SetType(v string) *TestTypeInput { + s.Type = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *TestTypeInput) SetTypeName(v string) *TestTypeInput { + s.TypeName = &v + return s +} + +// SetVersionId sets the VersionId field's value. +func (s *TestTypeInput) SetVersionId(v string) *TestTypeInput { + s.VersionId = &v + return s +} + +type TestTypeOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Number (ARN) of the extension. + TypeVersionArn *string `type:"string"` +} + +// String returns the string representation +func (s TestTypeOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TestTypeOutput) GoString() string { + return s.String() +} + +// SetTypeVersionArn sets the TypeVersionArn field's value. +func (s *TestTypeOutput) SetTypeVersionArn(v string) *TestTypeOutput { + s.TypeVersionArn = &v + return s +} + +// Detailed information concerning the specification of a CloudFormation extension +// in a given account and region. +// +// For more information, see Configuring extensions at the account level (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) +// in the CloudFormation User Guide. +type TypeConfigurationDetails struct { + _ struct{} `type:"structure"` + + // The alias specified for this configuration, if one was specified when the + // configuration was set. + Alias *string `min:"1" type:"string"` + + // The Amazon Resource Name (ARN) for the configuration data, in this account + // and region. + Arn *string `type:"string"` + + // A JSON string specifying the configuration data for the extension, in this + // account and region. + // + // If a configuration has not been set for a specified extension, CloudFormation + // returns {}. + Configuration *string `min:"1" type:"string"` + + // Whether or not this configuration data is the default configuration for the + // extension. + IsDefaultConfiguration *bool `type:"boolean"` + + // When the configuration data was last updated for this extension. + // + // If a configuration has not been set for a specified extension, CloudFormation + // returns null. + LastUpdated *time.Time `type:"timestamp"` + + // The Amazon Resource Name (ARN) for the extension, in this account and region. + // + // For public extensions, this will be the ARN assigned when you activate the + // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) + // in this account and region. For private extensions, this will be the ARN + // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) + // in this account and region. + TypeArn *string `type:"string"` + + // The name of the extension. + TypeName *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s TypeConfigurationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TypeConfigurationDetails) GoString() string { + return s.String() +} + +// SetAlias sets the Alias field's value. +func (s *TypeConfigurationDetails) SetAlias(v string) *TypeConfigurationDetails { + s.Alias = &v + return s +} + +// SetArn sets the Arn field's value. +func (s *TypeConfigurationDetails) SetArn(v string) *TypeConfigurationDetails { + s.Arn = &v + return s +} + +// SetConfiguration sets the Configuration field's value. +func (s *TypeConfigurationDetails) SetConfiguration(v string) *TypeConfigurationDetails { + s.Configuration = &v + return s +} + +// SetIsDefaultConfiguration sets the IsDefaultConfiguration field's value. +func (s *TypeConfigurationDetails) SetIsDefaultConfiguration(v bool) *TypeConfigurationDetails { + s.IsDefaultConfiguration = &v + return s +} + +// SetLastUpdated sets the LastUpdated field's value. +func (s *TypeConfigurationDetails) SetLastUpdated(v time.Time) *TypeConfigurationDetails { + s.LastUpdated = &v + return s +} + +// SetTypeArn sets the TypeArn field's value. +func (s *TypeConfigurationDetails) SetTypeArn(v string) *TypeConfigurationDetails { + s.TypeArn = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *TypeConfigurationDetails) SetTypeName(v string) *TypeConfigurationDetails { + s.TypeName = &v + return s +} + +// Identifying information for the configuration of a CloudFormation extension. +type TypeConfigurationIdentifier struct { + _ struct{} `type:"structure"` + + // The type of extension. + Type *string `type:"string" enum:"ThirdPartyType"` + + // The Amazon Resource Name (ARN) for the extension, in this account and region. + // + // For public extensions, this will be the ARN assigned when you activate the + // type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) + // in this account and region. For private extensions, this will be the ARN + // assigned when you register the type (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html) + // in this account and region. + TypeArn *string `type:"string"` + + // The alias specified for this configuration, if one was specified when the + // configuration was set. + TypeConfigurationAlias *string `min:"1" type:"string"` + + // The Amazon Resource Name (ARN) for the configuration, in this account and + // region. + TypeConfigurationArn *string `type:"string"` + + // The name of the extension type to which this configuration applies. + TypeName *string `min:"10" type:"string"` +} + +// String returns the string representation +func (s TypeConfigurationIdentifier) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TypeConfigurationIdentifier) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TypeConfigurationIdentifier) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TypeConfigurationIdentifier"} + if s.TypeConfigurationAlias != nil && len(*s.TypeConfigurationAlias) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TypeConfigurationAlias", 1)) + } + if s.TypeName != nil && len(*s.TypeName) < 10 { + invalidParams.Add(request.NewErrParamMinLen("TypeName", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetType sets the Type field's value. +func (s *TypeConfigurationIdentifier) SetType(v string) *TypeConfigurationIdentifier { + s.Type = &v + return s +} + +// SetTypeArn sets the TypeArn field's value. +func (s *TypeConfigurationIdentifier) SetTypeArn(v string) *TypeConfigurationIdentifier { + s.TypeArn = &v + return s +} + +// SetTypeConfigurationAlias sets the TypeConfigurationAlias field's value. +func (s *TypeConfigurationIdentifier) SetTypeConfigurationAlias(v string) *TypeConfigurationIdentifier { + s.TypeConfigurationAlias = &v + return s +} + +// SetTypeConfigurationArn sets the TypeConfigurationArn field's value. +func (s *TypeConfigurationIdentifier) SetTypeConfigurationArn(v string) *TypeConfigurationIdentifier { + s.TypeConfigurationArn = &v + return s +} + +// SetTypeName sets the TypeName field's value. +func (s *TypeConfigurationIdentifier) SetTypeName(v string) *TypeConfigurationIdentifier { + s.TypeName = &v + return s +} + +// Filter criteria to use in determining which extensions to return. +type TypeFilters struct { + _ struct{} `type:"structure"` + + // The category of extensions to return. + // + // * REGISTERED: Private extensions that have been registered for this account + // and region. + // + // * ACTIVATED: Public extensions that have been activated for this account + // and region. + // + // * THIRD-PARTY: Extensions available for use from publishers other than + // Amazon. This includes: Private extensions registered in the account. Public + // extensions from publishers other than Amazon, whether activated or not. + // + // * AWS-TYPES: Extensions available for use from Amazon. + Category *string `type:"string" enum:"Category"` + + // The id of the publisher of the extension. + // + // Extensions published by Amazon are not assigned a publisher ID. Use the AWS-TYPES + // category to specify a list of types published by Amazon. + PublisherId *string `min:"1" type:"string"` + + // A prefix to use as a filter for results. + TypeNamePrefix *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s TypeFilters) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TypeFilters) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TypeFilters) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TypeFilters"} + if s.PublisherId != nil && len(*s.PublisherId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublisherId", 1)) + } + if s.TypeNamePrefix != nil && len(*s.TypeNamePrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TypeNamePrefix", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCategory sets the Category field's value. +func (s *TypeFilters) SetCategory(v string) *TypeFilters { + s.Category = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *TypeFilters) SetPublisherId(v string) *TypeFilters { + s.PublisherId = &v + return s +} + +// SetTypeNamePrefix sets the TypeNamePrefix field's value. +func (s *TypeFilters) SetTypeNamePrefix(v string) *TypeFilters { + s.TypeNamePrefix = &v + return s +} + +// Contains summary information about the specified CloudFormation extension. type TypeSummary struct { _ struct{} `type:"structure"` - // The ID of the default version of the type. The default version is used when - // the type version is not specified. + // The ID of the default version of the extension. The default version is used + // when the extension version is not specified. // - // To set the default version of a type, use SetTypeDefaultVersion . + // This applies only to private extensions you have registered in your account. + // For public extensions, both those provided by Amazon and published by third + // parties, CloudFormation returns null. For more information, see RegisterType + // (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). + // + // To set the default version of an extension, use SetTypeDefaultVersion . DefaultVersionId *string `min:"1" type:"string"` - // The description of the type. + // The description of the extension. Description *string `min:"1" type:"string"` - // When the current default version of the type was registered. + // Whether or not the extension is activated for this account and region. + // + // This applies only to third-party public extensions. Extensions published + // by Amazon are activated by default. + IsActivated *bool `type:"boolean"` + + // When the specified extension version was registered. This applies only to: + // + // * Private extensions you have registered in your account. For more information, + // see RegisterType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html). + // + // * Public extensions you have activated in your account with auto-update + // specified. For more information, see ActivateType (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html). + // + // For all other extension types, CloudFormation returns null. LastUpdated *time.Time `type:"timestamp"` - // The kind of type. + // For public extensions that have been activated for this account and region, + // the latest version of the public extension that is available. For any extensions + // other than activated third-arty extensions, CloudFormation returns null. + // + // How you specified AutoUpdate when enabling the extension affects whether + // CloudFormation automatically updates the extention in this account and region + // when a new version is released. For more information, see Setting CloudFormation + // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) + // in the CloudFormation User Guide. + LatestPublicVersion *string `min:"5" type:"string"` + + // For public extensions that have been activated for this account and region, + // the type name of the public extension. + // + // If you specified a TypeNameAlias when enabling the extension in this account + // and region, CloudFormation treats that alias as the extension's type name + // within the account and region, not the type name of the public extension. + // For more information, see Specifying aliases to refer to extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-alias) + // in the CloudFormation User Guide. + OriginalTypeName *string `min:"10" type:"string"` + + // For public extensions that have been activated for this account and region, + // the version of the public extension to be used for CloudFormation operations + // in this account and region. + // + // How you specified AutoUpdate when enabling the extension affects whether + // CloudFormation automatically updates the extention in this account and region + // when a new version is released. For more information, see Setting CloudFormation + // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) + // in the CloudFormation User Guide. + PublicVersionNumber *string `min:"5" type:"string"` + + // The ID of the extension publisher, if the extension is published by a third + // party. Extensions published by Amazon do not return a publisher ID. + PublisherId *string `min:"1" type:"string"` + + // The service used to verify the publisher identity. + // + // For more information, see Registering your account to publish CloudFormation + // extensions (https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) + // in the CFN-CLI User Guide for Extension Development. + PublisherIdentity *string `type:"string" enum:"IdentityProvider"` + + // The publisher name, as defined in the public profile for that publisher in + // the service used to verify the publisher identity. + PublisherName *string `min:"1" type:"string"` + + // The kind of extension. Type *string `type:"string" enum:"RegistryType"` - // The Amazon Resource Name (ARN) of the type. + // The Amazon Resource Name (ARN) of the extension. TypeArn *string `type:"string"` - // The name of the type. + // The name of the extension. + // + // If you specified a TypeNameAlias when you activate this extension (https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html) + // in your account and region, CloudFormation considers that alias as the type + // name. TypeName *string `min:"10" type:"string"` } @@ -16456,12 +18781,54 @@ func (s *TypeSummary) SetDescription(v string) *TypeSummary { return s } +// SetIsActivated sets the IsActivated field's value. +func (s *TypeSummary) SetIsActivated(v bool) *TypeSummary { + s.IsActivated = &v + return s +} + // SetLastUpdated sets the LastUpdated field's value. func (s *TypeSummary) SetLastUpdated(v time.Time) *TypeSummary { s.LastUpdated = &v return s } +// SetLatestPublicVersion sets the LatestPublicVersion field's value. +func (s *TypeSummary) SetLatestPublicVersion(v string) *TypeSummary { + s.LatestPublicVersion = &v + return s +} + +// SetOriginalTypeName sets the OriginalTypeName field's value. +func (s *TypeSummary) SetOriginalTypeName(v string) *TypeSummary { + s.OriginalTypeName = &v + return s +} + +// SetPublicVersionNumber sets the PublicVersionNumber field's value. +func (s *TypeSummary) SetPublicVersionNumber(v string) *TypeSummary { + s.PublicVersionNumber = &v + return s +} + +// SetPublisherId sets the PublisherId field's value. +func (s *TypeSummary) SetPublisherId(v string) *TypeSummary { + s.PublisherId = &v + return s +} + +// SetPublisherIdentity sets the PublisherIdentity field's value. +func (s *TypeSummary) SetPublisherIdentity(v string) *TypeSummary { + s.PublisherIdentity = &v + return s +} + +// SetPublisherName sets the PublisherName field's value. +func (s *TypeSummary) SetPublisherName(v string) *TypeSummary { + s.PublisherName = &v + return s +} + // SetType sets the Type field's value. func (s *TypeSummary) SetType(v string) *TypeSummary { s.Type = &v @@ -16481,31 +18848,47 @@ func (s *TypeSummary) SetTypeName(v string) *TypeSummary { } // Contains summary information about a specific version of a CloudFormation -// type. +// extension. type TypeVersionSummary struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the type version. + // The Amazon Resource Name (ARN) of the extension version. Arn *string `type:"string"` - // The description of the type version. + // The description of the extension version. Description *string `min:"1" type:"string"` - // Whether the specified type version is set as the default version. + // Whether the specified extension version is set as the default version. + // + // This applies only to private extensions you have registered in your account, + // and extensions published by Amazon. For public third-party extensions, whether + // or not they are activated in your account, CloudFormation returns null. IsDefaultVersion *bool `type:"boolean"` + // For public extensions that have been activated for this account and region, + // the version of the public extension to be used for CloudFormation operations + // in this account and region. For any extensions other than activated third-arty + // extensions, CloudFormation returns null. + // + // How you specified AutoUpdate when enabling the extension affects whether + // CloudFormation automatically updates the extention in this account and region + // when a new version is released. For more information, see Setting CloudFormation + // to automatically use new versions of extensions (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto) + // in the CloudFormation User Guide. + PublicVersionNumber *string `min:"5" type:"string"` + // When the version was registered. TimeCreated *time.Time `type:"timestamp"` - // The kind of type. + // The kind of extension. Type *string `type:"string" enum:"RegistryType"` - // The name of the type. + // The name of the extension. TypeName *string `min:"10" type:"string"` - // The ID of a specific version of the type. The version ID is the value at - // the end of the Amazon Resource Name (ARN) assigned to the type version when - // it is registered. + // The ID of a specific version of the extension. The version ID is the value + // at the end of the Amazon Resource Name (ARN) assigned to the extension version + // when it is registered. VersionId *string `min:"1" type:"string"` } @@ -16537,6 +18920,12 @@ func (s *TypeVersionSummary) SetIsDefaultVersion(v bool) *TypeVersionSummary { return s } +// SetPublicVersionNumber sets the PublicVersionNumber field's value. +func (s *TypeVersionSummary) SetPublicVersionNumber(v string) *TypeVersionSummary { + s.PublicVersionNumber = &v + return s +} + // SetTimeCreated sets the TimeCreated field's value. func (s *TypeVersionSummary) SetTimeCreated(v time.Time) *TypeVersionSummary { s.TimeCreated = &v @@ -17827,6 +20216,30 @@ func Capability_Values() []string { } } +const ( + // CategoryRegistered is a Category enum value + CategoryRegistered = "REGISTERED" + + // CategoryActivated is a Category enum value + CategoryActivated = "ACTIVATED" + + // CategoryThirdParty is a Category enum value + CategoryThirdParty = "THIRD_PARTY" + + // CategoryAwsTypes is a Category enum value + CategoryAwsTypes = "AWS_TYPES" +) + +// Category_Values returns all elements of the Category enum +func Category_Values() []string { + return []string{ + CategoryRegistered, + CategoryActivated, + CategoryThirdParty, + CategoryAwsTypes, + } +} + const ( // ChangeActionAdd is a ChangeAction enum value ChangeActionAdd = "Add" @@ -18081,6 +20494,9 @@ const ( // HandlerErrorCodeInternalFailure is a HandlerErrorCode enum value HandlerErrorCodeInternalFailure = "InternalFailure" + + // HandlerErrorCodeInvalidTypeConfiguration is a HandlerErrorCode enum value + HandlerErrorCodeInvalidTypeConfiguration = "InvalidTypeConfiguration" ) // HandlerErrorCode_Values returns all elements of the HandlerErrorCode enum @@ -18100,6 +20516,27 @@ func HandlerErrorCode_Values() []string { HandlerErrorCodeServiceInternalError, HandlerErrorCodeNetworkFailure, HandlerErrorCodeInternalFailure, + HandlerErrorCodeInvalidTypeConfiguration, + } +} + +const ( + // IdentityProviderAwsMarketplace is a IdentityProvider enum value + IdentityProviderAwsMarketplace = "AWS_Marketplace" + + // IdentityProviderGitHub is a IdentityProvider enum value + IdentityProviderGitHub = "GitHub" + + // IdentityProviderBitbucket is a IdentityProvider enum value + IdentityProviderBitbucket = "Bitbucket" +) + +// IdentityProvider_Values returns all elements of the IdentityProvider enum +func IdentityProvider_Values() []string { + return []string{ + IdentityProviderAwsMarketplace, + IdentityProviderGitHub, + IdentityProviderBitbucket, } } @@ -18183,6 +20620,22 @@ func ProvisioningType_Values() []string { } } +const ( + // PublisherStatusVerified is a PublisherStatus enum value + PublisherStatusVerified = "VERIFIED" + + // PublisherStatusUnverified is a PublisherStatus enum value + PublisherStatusUnverified = "UNVERIFIED" +) + +// PublisherStatus_Values returns all elements of the PublisherStatus enum +func PublisherStatus_Values() []string { + return []string{ + PublisherStatusVerified, + PublisherStatusUnverified, + } +} + const ( // RegionConcurrencyTypeSequential is a RegionConcurrencyType enum value RegionConcurrencyTypeSequential = "SEQUENTIAL" @@ -18787,6 +21240,62 @@ func TemplateStage_Values() []string { } } +const ( + // ThirdPartyTypeResource is a ThirdPartyType enum value + ThirdPartyTypeResource = "RESOURCE" + + // ThirdPartyTypeModule is a ThirdPartyType enum value + ThirdPartyTypeModule = "MODULE" +) + +// ThirdPartyType_Values returns all elements of the ThirdPartyType enum +func ThirdPartyType_Values() []string { + return []string{ + ThirdPartyTypeResource, + ThirdPartyTypeModule, + } +} + +const ( + // TypeTestsStatusPassed is a TypeTestsStatus enum value + TypeTestsStatusPassed = "PASSED" + + // TypeTestsStatusFailed is a TypeTestsStatus enum value + TypeTestsStatusFailed = "FAILED" + + // TypeTestsStatusInProgress is a TypeTestsStatus enum value + TypeTestsStatusInProgress = "IN_PROGRESS" + + // TypeTestsStatusNotTested is a TypeTestsStatus enum value + TypeTestsStatusNotTested = "NOT_TESTED" +) + +// TypeTestsStatus_Values returns all elements of the TypeTestsStatus enum +func TypeTestsStatus_Values() []string { + return []string{ + TypeTestsStatusPassed, + TypeTestsStatusFailed, + TypeTestsStatusInProgress, + TypeTestsStatusNotTested, + } +} + +const ( + // VersionBumpMajor is a VersionBump enum value + VersionBumpMajor = "MAJOR" + + // VersionBumpMinor is a VersionBump enum value + VersionBumpMinor = "MINOR" +) + +// VersionBump_Values returns all elements of the VersionBump enum +func VersionBump_Values() []string { + return []string{ + VersionBumpMajor, + VersionBumpMinor, + } +} + const ( // VisibilityPublic is a Visibility enum value VisibilityPublic = "PUBLIC" diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/errors.go b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/errors.go index f2312e9fb7..3d5f29d4b2 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/cloudformation/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudformation/errors.go @@ -131,9 +131,15 @@ const ( // A client request token already exists. ErrCodeTokenAlreadyExistsException = "TokenAlreadyExistsException" + // ErrCodeTypeConfigurationNotFoundException for service response error code + // "TypeConfigurationNotFoundException". + // + // The specified extension configuration cannot be found. + ErrCodeTypeConfigurationNotFoundException = "TypeConfigurationNotFoundException" + // ErrCodeTypeNotFoundException for service response error code // "TypeNotFoundException". // - // The specified type does not exist in the CloudFormation registry. + // The specified extension does not exist in the CloudFormation registry. ErrCodeTypeNotFoundException = "TypeNotFoundException" ) diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 8dbfdcb8a1..9c4262af3c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -515,19 +515,20 @@ func (c *EC2) AdvertiseByoipCidrRequest(input *AdvertiseByoipCidrInput) (req *re // AdvertiseByoipCidr API operation for Amazon Elastic Compute Cloud. // // Advertises an IPv4 or IPv6 address range that is provisioned for use with -// your AWS resources through bring your own IP addresses (BYOIP). +// your Amazon Web Services resources through bring your own IP addresses (BYOIP). // // You can perform this operation at most once every 10 seconds, even if you // specify different address ranges each time. // // We recommend that you stop advertising the BYOIP CIDR from other locations -// when you advertise it from AWS. To minimize down time, you can configure -// your AWS resources to use an address from a BYOIP CIDR before it is advertised, -// and then simultaneously stop advertising it from the current location and -// start advertising it through AWS. +// when you advertise it from Amazon Web Services. To minimize down time, you +// can configure your Amazon Web Services resources to use an address from a +// BYOIP CIDR before it is advertised, and then simultaneously stop advertising +// it from the current location and start advertising it through Amazon Web +// Services. // // It can take a few minutes before traffic to the specified addresses starts -// routing to AWS because of BGP propagation delays. +// routing to Amazon Web Services because of BGP propagation delays. // // To stop advertising the BYOIP CIDR, use WithdrawByoipCidr. // @@ -603,22 +604,22 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // AllocateAddress API operation for Amazon Elastic Compute Cloud. // -// Allocates an Elastic IP address to your AWS account. After you allocate the -// Elastic IP address you can associate it with an instance or network interface. -// After you release an Elastic IP address, it is released to the IP address -// pool and can be allocated to a different AWS account. +// Allocates an Elastic IP address to your account. After you allocate the Elastic +// IP address you can associate it with an instance or network interface. After +// you release an Elastic IP address, it is released to the IP address pool +// and can be allocated to a different account. // -// You can allocate an Elastic IP address from an address pool owned by AWS -// or from an address pool created from a public IPv4 address range that you -// have brought to AWS for use with your AWS resources using bring your own -// IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses -// (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) +// You can allocate an Elastic IP address from an address pool owned by Amazon +// Web Services or from an address pool created from a public IPv4 address range +// that you have brought to Amazon Web Services for use with your Amazon Web +// Services resources using bring your own IP addresses (BYOIP). For more information, +// see Bring Your Own IP Addresses (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) // in the Amazon Elastic Compute Cloud User Guide. // // [EC2-VPC] If you release an Elastic IP address, you might be able to recover // it. You cannot recover an Elastic IP address that you released after it is -// allocated to another AWS account. You cannot recover an Elastic IP address -// for EC2-Classic. To attempt to recover an Elastic IP address that you released, +// allocated to another account. You cannot recover an Elastic IP address for +// EC2-Classic. To attempt to recover an Elastic IP address that you released, // specify it in this operation. // // An Elastic IP address is for use either in the EC2-Classic platform or in @@ -1308,25 +1309,25 @@ func (c *EC2) AssociateEnclaveCertificateIamRoleRequest(input *AssociateEnclaveC // AssociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate +// Associates an Identity and Access Management (IAM) role with an Certificate // Manager (ACM) certificate. This enables the certificate to be used by the // ACM for Nitro Enclaves application inside an enclave. For more information, -// see AWS Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) -// in the AWS Nitro Enclaves User Guide. +// see Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) +// in the Amazon Web Services Nitro Enclaves User Guide. // // When the IAM role is associated with the ACM certificate, the certificate, // certificate chain, and encrypted private key are placed in an Amazon S3 bucket // that only the associated IAM role can access. The private key of the certificate -// is encrypted with an AWS-managed KMS customer master (CMK) that has an attached -// attestation-based CMK policy. +// is encrypted with an Amazon Web Services managed key that has an attached +// attestation-based key policy. // // To enable the IAM role to access the Amazon S3 object, you must grant it // permission to call s3:GetObject on the Amazon S3 bucket returned by the command. -// To enable the IAM role to access the AWS KMS CMK, you must grant it permission -// to call kms:Decrypt on the AWS KMS CMK returned by the command. For more -// information, see Grant the role permission to access the certificate and -// encryption key (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) -// in the AWS Nitro Enclaves User Guide. +// To enable the IAM role to access the KMS key, you must grant it permission +// to call kms:Decrypt on the KMS key returned by the command. For more information, +// see Grant the role permission to access the certificate and encryption key +// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) +// in the Amazon Web Services Nitro Enclaves User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1743,6 +1744,88 @@ func (c *EC2) AssociateTransitGatewayRouteTableWithContext(ctx aws.Context, inpu return out, req.Send() } +const opAssociateTrunkInterface = "AssociateTrunkInterface" + +// AssociateTrunkInterfaceRequest generates a "aws/request.Request" representing the +// client's request for the AssociateTrunkInterface operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateTrunkInterface for more information on using the AssociateTrunkInterface +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateTrunkInterfaceRequest method. +// req, resp := client.AssociateTrunkInterfaceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateTrunkInterface +func (c *EC2) AssociateTrunkInterfaceRequest(input *AssociateTrunkInterfaceInput) (req *request.Request, output *AssociateTrunkInterfaceOutput) { + op := &request.Operation{ + Name: opAssociateTrunkInterface, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateTrunkInterfaceInput{} + } + + output = &AssociateTrunkInterfaceOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateTrunkInterface API operation for Amazon Elastic Compute Cloud. +// +// Associates a branch network interface with a trunk network interface. +// +// Before you create the association, run the create-network-interface (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) +// command and set --interface-type to trunk. You must also create a network +// interface for each branch network interface that you want to associate with +// the trunk network interface. +// +// For more information, see Network interface trunking (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eni-trunking.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AssociateTrunkInterface for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AssociateTrunkInterface +func (c *EC2) AssociateTrunkInterface(input *AssociateTrunkInterfaceInput) (*AssociateTrunkInterfaceOutput, error) { + req, out := c.AssociateTrunkInterfaceRequest(input) + return out, req.Send() +} + +// AssociateTrunkInterfaceWithContext is the same as AssociateTrunkInterface with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateTrunkInterface for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AssociateTrunkInterfaceWithContext(ctx aws.Context, input *AssociateTrunkInterfaceInput, opts ...request.Option) (*AssociateTrunkInterfaceOutput, error) { + req, out := c.AssociateTrunkInterfaceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateVpcCidrBlock = "AssociateVpcCidrBlock" // AssociateVpcCidrBlockRequest generates a "aws/request.Request" representing the @@ -2356,18 +2439,17 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE output = &AuthorizeSecurityGroupEgressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Adds the specified egress rules to a security group for use with -// a VPC. +// [VPC only] Adds the specified outbound (egress) rules to a security group +// for use with a VPC. // // An outbound rule permits instances to send traffic to the specified IPv4 -// or IPv6 CIDR address ranges, or to the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address ranges, or to the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For the TCP and // UDP protocols, you must also specify the destination port or port range. @@ -2377,8 +2459,7 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // Rule changes are propagated to affected instances as quickly as possible. // However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits -// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). +// For information about VPC security group quotas, see Amazon VPC quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2447,17 +2528,16 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup output = &AuthorizeSecurityGroupIngressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Adds the specified ingress rules to a security group. +// Adds the specified inbound (ingress) rules to a security group. // // An inbound rule permits instances to receive traffic from the specified IPv4 -// or IPv6 CIDR address ranges, or from the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address range, or from the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For TCP and UDP, // you must also specify the destination port or port range. For ICMP/ICMPv6, @@ -2467,7 +2547,7 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits +// For more information about VPC security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5336,12 +5416,22 @@ func (c *EC2) CreateNatGatewayRequest(input *CreateNatGatewayInput) (req *reques // CreateNatGateway API operation for Amazon Elastic Compute Cloud. // -// Creates a NAT gateway in the specified public subnet. This action creates -// a network interface in the specified subnet with a private IP address from -// the IP address range of the subnet. Internet-bound traffic from a private -// subnet can be routed to the NAT gateway, therefore enabling instances in -// the private subnet to connect to the internet. For more information, see -// NAT Gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) +// Creates a NAT gateway in the specified subnet. This action creates a network +// interface in the specified subnet with a private IP address from the IP address +// range of the subnet. You can create either a public NAT gateway or a private +// NAT gateway. +// +// With a public NAT gateway, internet-bound traffic from a private subnet can +// be routed to the NAT gateway, so that instances in a private subnet can connect +// to the internet. +// +// With a private NAT gateway, private communication is routed across VPCs and +// on-premises networks through a transit gateway or virtual private gateway. +// Common use cases include running large workloads behind a small pool of allowlisted +// IPv4 addresses, preserving private IPv4 addresses, and communicating between +// overlapping networks. +// +// For more information, see NAT Gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5741,11 +5831,11 @@ func (c *EC2) CreateNetworkInterfacePermissionRequest(input *CreateNetworkInterf // CreateNetworkInterfacePermission API operation for Amazon Elastic Compute Cloud. // -// Grants an AWS-authorized account permission to attach the specified network -// interface to an instance in their account. +// Grants an Amazon Web Services-authorized account permission to attach the +// specified network interface to an instance in their account. // -// You can grant permission to a single AWS account only, and only one account -// at a time. +// You can grant permission to a single account only, and only one account at +// a time. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6626,7 +6716,7 @@ func (c *EC2) CreateSpotDatafeedSubscriptionRequest(input *CreateSpotDatafeedSub // CreateSpotDatafeedSubscription API operation for Amazon Elastic Compute Cloud. // // Creates a data feed for Spot Instances, enabling you to view Spot Instance -// usage logs. You can create one data feed per AWS account. For more information, +// usage logs. You can create one data feed per account. For more information, // see Spot Instance data feed (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-data-feeds.html) // in the Amazon EC2 User Guide for Linux Instances. // @@ -10031,9 +10121,10 @@ func (c *EC2) DeleteNatGatewayRequest(input *DeleteNatGatewayInput) (req *reques // DeleteNatGateway API operation for Amazon Elastic Compute Cloud. // -// Deletes the specified NAT gateway. Deleting a NAT gateway disassociates its -// Elastic IP address, but does not release the address from your account. Deleting -// a NAT gateway does not delete any NAT gateway routes in your route tables. +// Deletes the specified NAT gateway. Deleting a public NAT gateway disassociates +// its Elastic IP address, but does not release the address from your account. +// Deleting a NAT gateway does not delete any NAT gateway routes in your route +// tables. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12961,8 +13052,8 @@ func (c *EC2) DeprovisionByoipCidrRequest(input *DeprovisionByoipCidrInput) (req // DeprovisionByoipCidr API operation for Amazon Elastic Compute Cloud. // // Releases the specified address range that you provisioned for use with your -// AWS resources through bring your own IP addresses (BYOIP) and deletes the -// corresponding address pool. +// Amazon Web Services resources through bring your own IP addresses (BYOIP) +// and deletes the corresponding address pool. // // Before you can release an address range, you must stop advertising it using // WithdrawByoipCidr and you must not have any IP addresses allocated from its @@ -14042,7 +14133,7 @@ func (c *EC2) DescribeCapacityReservationsRequest(input *DescribeCapacityReserva // DescribeCapacityReservations API operation for Amazon Elastic Compute Cloud. // // Describes one or more of your Capacity Reservations. The results describe -// only the Capacity Reservations in the AWS Region that you're currently using. +// only the Capacity Reservations in the Region that you're currently using. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17507,8 +17598,8 @@ func (c *EC2) DescribeImagesRequest(input *DescribeImagesInput) (req *request.Re // // Recently deregistered images appear in the returned results for a short interval // and then return empty results. After all instances that reference a deregistered -// AMI are terminated, specifying the ID of the image results in an error indicating -// that the AMI ID cannot be found. +// AMI are terminated, specifying the ID of the image will eventually return +// an error indicating that the AMI ID cannot be found. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20136,7 +20227,8 @@ func (c *EC2) DescribeManagedPrefixListsRequest(input *DescribeManagedPrefixList // DescribeManagedPrefixLists API operation for Amazon Elastic Compute Cloud. // -// Describes your managed prefix lists and any AWS-managed prefix lists. +// Describes your managed prefix lists and any Amazon Web Services-managed prefix +// lists. // // To view the entries for your prefix list, use GetManagedPrefixListEntries. // @@ -21350,9 +21442,9 @@ func (c *EC2) DescribePrefixListsRequest(input *DescribePrefixListsInput) (req * // DescribePrefixLists API operation for Amazon Elastic Compute Cloud. // -// Describes available AWS services in a prefix list format, which includes -// the prefix list name and prefix list ID of the service and the IP address -// range for the service. +// Describes available Amazon Web Services services in a prefix list format, +// which includes the prefix list name and prefix list ID of the service and +// the IP address range for the service. // // We recommend that you use DescribeManagedPrefixLists instead. // @@ -22869,6 +22961,138 @@ func (c *EC2) DescribeSecurityGroupReferencesWithContext(ctx aws.Context, input return out, req.Send() } +const opDescribeSecurityGroupRules = "DescribeSecurityGroupRules" + +// DescribeSecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeSecurityGroupRules for more information on using the DescribeSecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeSecurityGroupRulesRequest method. +// req, resp := client.DescribeSecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRulesRequest(input *DescribeSecurityGroupRulesInput) (req *request.Request, output *DescribeSecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opDescribeSecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeSecurityGroupRulesInput{} + } + + output = &DescribeSecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeSecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more of your security group rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeSecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRules(input *DescribeSecurityGroupRulesInput) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + return out, req.Send() +} + +// DescribeSecurityGroupRulesWithContext is the same as DescribeSecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeSecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, opts ...request.Option) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeSecurityGroupRulesPages iterates over the pages of a DescribeSecurityGroupRules operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeSecurityGroupRules method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeSecurityGroupRules operation. +// pageNum := 0 +// err := client.DescribeSecurityGroupRulesPages(params, +// func(page *ec2.DescribeSecurityGroupRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeSecurityGroupRulesPages(input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool) error { + return c.DescribeSecurityGroupRulesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeSecurityGroupRulesPagesWithContext same as DescribeSecurityGroupRulesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesPagesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeSecurityGroupRulesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSecurityGroupRulesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeSecurityGroupRulesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeSecurityGroups = "DescribeSecurityGroups" // DescribeSecurityGroupsRequest generates a "aws/request.Request" representing the @@ -25930,6 +26154,80 @@ func (c *EC2) DescribeTransitGatewaysPagesWithContext(ctx aws.Context, input *De return p.Err() } +const opDescribeTrunkInterfaceAssociations = "DescribeTrunkInterfaceAssociations" + +// DescribeTrunkInterfaceAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrunkInterfaceAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTrunkInterfaceAssociations for more information on using the DescribeTrunkInterfaceAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTrunkInterfaceAssociationsRequest method. +// req, resp := client.DescribeTrunkInterfaceAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrunkInterfaceAssociations +func (c *EC2) DescribeTrunkInterfaceAssociationsRequest(input *DescribeTrunkInterfaceAssociationsInput) (req *request.Request, output *DescribeTrunkInterfaceAssociationsOutput) { + op := &request.Operation{ + Name: opDescribeTrunkInterfaceAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeTrunkInterfaceAssociationsInput{} + } + + output = &DescribeTrunkInterfaceAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTrunkInterfaceAssociations API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more network interface trunk associations. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTrunkInterfaceAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrunkInterfaceAssociations +func (c *EC2) DescribeTrunkInterfaceAssociations(input *DescribeTrunkInterfaceAssociationsInput) (*DescribeTrunkInterfaceAssociationsOutput, error) { + req, out := c.DescribeTrunkInterfaceAssociationsRequest(input) + return out, req.Send() +} + +// DescribeTrunkInterfaceAssociationsWithContext is the same as DescribeTrunkInterfaceAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTrunkInterfaceAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrunkInterfaceAssociationsWithContext(ctx aws.Context, input *DescribeTrunkInterfaceAssociationsInput, opts ...request.Option) (*DescribeTrunkInterfaceAssociationsOutput, error) { + req, out := c.DescribeTrunkInterfaceAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeVolumeAttribute = "DescribeVolumeAttribute" // DescribeVolumeAttributeRequest generates a "aws/request.Request" representing the @@ -28464,6 +28762,83 @@ func (c *EC2) DisableFastSnapshotRestoresWithContext(ctx aws.Context, input *Dis return out, req.Send() } +const opDisableImageDeprecation = "DisableImageDeprecation" + +// DisableImageDeprecationRequest generates a "aws/request.Request" representing the +// client's request for the DisableImageDeprecation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableImageDeprecation for more information on using the DisableImageDeprecation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableImageDeprecationRequest method. +// req, resp := client.DisableImageDeprecationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageDeprecation +func (c *EC2) DisableImageDeprecationRequest(input *DisableImageDeprecationInput) (req *request.Request, output *DisableImageDeprecationOutput) { + op := &request.Operation{ + Name: opDisableImageDeprecation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableImageDeprecationInput{} + } + + output = &DisableImageDeprecationOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableImageDeprecation API operation for Amazon Elastic Compute Cloud. +// +// Cancels the deprecation of the specified AMI. +// +// For more information, see Deprecate an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableImageDeprecation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableImageDeprecation +func (c *EC2) DisableImageDeprecation(input *DisableImageDeprecationInput) (*DisableImageDeprecationOutput, error) { + req, out := c.DisableImageDeprecationRequest(input) + return out, req.Send() +} + +// DisableImageDeprecationWithContext is the same as DisableImageDeprecation with the addition of +// the ability to pass a context and additional request options. +// +// See DisableImageDeprecation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableImageDeprecationWithContext(ctx aws.Context, input *DisableImageDeprecationInput, opts ...request.Option) (*DisableImageDeprecationOutput, error) { + req, out := c.DisableImageDeprecationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableSerialConsoleAccess = "DisableSerialConsoleAccess" // DisableSerialConsoleAccessRequest generates a "aws/request.Request" representing the @@ -29059,13 +29434,12 @@ func (c *EC2) DisassociateEnclaveCertificateIamRoleRequest(input *DisassociateEn // DisassociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. +// Disassociates an IAM role from an Certificate Manager (ACM) certificate. // Disassociating an IAM role from an ACM certificate removes the Amazon S3 // object that contains the certificate, certificate chain, and encrypted private // key from the Amazon S3 bucket. It also revokes the IAM role's permission -// to use the AWS Key Management Service (KMS) customer master key (CMK) used -// to encrypt the private key. This effectively revokes the role's permission -// to use the certificate. +// to use the KMS key used to encrypt the private key. This effectively revokes +// the role's permission to use the certificate. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29475,6 +29849,81 @@ func (c *EC2) DisassociateTransitGatewayRouteTableWithContext(ctx aws.Context, i return out, req.Send() } +const opDisassociateTrunkInterface = "DisassociateTrunkInterface" + +// DisassociateTrunkInterfaceRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateTrunkInterface operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateTrunkInterface for more information on using the DisassociateTrunkInterface +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateTrunkInterfaceRequest method. +// req, resp := client.DisassociateTrunkInterfaceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateTrunkInterface +func (c *EC2) DisassociateTrunkInterfaceRequest(input *DisassociateTrunkInterfaceInput) (req *request.Request, output *DisassociateTrunkInterfaceOutput) { + op := &request.Operation{ + Name: opDisassociateTrunkInterface, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateTrunkInterfaceInput{} + } + + output = &DisassociateTrunkInterfaceOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateTrunkInterface API operation for Amazon Elastic Compute Cloud. +// +// Removes an association between a branch network interface with a trunk network +// interface. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisassociateTrunkInterface for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisassociateTrunkInterface +func (c *EC2) DisassociateTrunkInterface(input *DisassociateTrunkInterfaceInput) (*DisassociateTrunkInterfaceOutput, error) { + req, out := c.DisassociateTrunkInterfaceRequest(input) + return out, req.Send() +} + +// DisassociateTrunkInterfaceWithContext is the same as DisassociateTrunkInterface with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateTrunkInterface for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisassociateTrunkInterfaceWithContext(ctx aws.Context, input *DisassociateTrunkInterfaceInput, opts ...request.Option) (*DisassociateTrunkInterfaceOutput, error) { + req, out := c.DisassociateTrunkInterfaceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateVpcCidrBlock = "DisassociateVpcCidrBlock" // DisassociateVpcCidrBlockRequest generates a "aws/request.Request" representing the @@ -29727,6 +30176,83 @@ func (c *EC2) EnableFastSnapshotRestoresWithContext(ctx aws.Context, input *Enab return out, req.Send() } +const opEnableImageDeprecation = "EnableImageDeprecation" + +// EnableImageDeprecationRequest generates a "aws/request.Request" representing the +// client's request for the EnableImageDeprecation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableImageDeprecation for more information on using the EnableImageDeprecation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableImageDeprecationRequest method. +// req, resp := client.EnableImageDeprecationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageDeprecation +func (c *EC2) EnableImageDeprecationRequest(input *EnableImageDeprecationInput) (req *request.Request, output *EnableImageDeprecationOutput) { + op := &request.Operation{ + Name: opEnableImageDeprecation, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableImageDeprecationInput{} + } + + output = &EnableImageDeprecationOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableImageDeprecation API operation for Amazon Elastic Compute Cloud. +// +// Enables deprecation of the specified AMI at the specified date and time. +// +// For more information, see Deprecate an AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html) +// in the Amazon Elastic Compute Cloud User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableImageDeprecation for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableImageDeprecation +func (c *EC2) EnableImageDeprecation(input *EnableImageDeprecationInput) (*EnableImageDeprecationOutput, error) { + req, out := c.EnableImageDeprecationRequest(input) + return out, req.Send() +} + +// EnableImageDeprecationWithContext is the same as EnableImageDeprecation with the addition of +// the ability to pass a context and additional request options. +// +// See EnableImageDeprecation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableImageDeprecationWithContext(ctx aws.Context, input *EnableImageDeprecationInput, opts ...request.Option) (*EnableImageDeprecationOutput, error) { + req, out := c.EnableImageDeprecationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableSerialConsoleAccess = "EnableSerialConsoleAccess" // EnableSerialConsoleAccessRequest generates a "aws/request.Request" representing the @@ -30546,11 +31072,10 @@ func (c *EC2) GetAssociatedEnclaveCertificateIamRolesRequest(input *GetAssociate // GetAssociatedEnclaveCertificateIamRoles API operation for Amazon Elastic Compute Cloud. // -// Returns the IAM roles that are associated with the specified AWS Certificate -// Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket -// and the Amazon S3 object key where the certificate, certificate chain, and -// encrypted private key bundle are stored, and the ARN of the AWS Key Management -// Service (KMS) customer master key (CMK) that's used to encrypt the private +// Returns the IAM roles that are associated with the specified ACM (ACM) certificate. +// It also returns the name of the Amazon S3 bucket and the Amazon S3 object +// key where the certificate, certificate chain, and encrypted private key bundle +// are stored, and the ARN of the KMS key that's used to encrypt the private // key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -30760,9 +31285,9 @@ func (c *EC2) GetCapacityReservationUsageRequest(input *GetCapacityReservationUs // // Gets usage information about a Capacity Reservation. If the Capacity Reservation // is shared, it shows usage information for the Capacity Reservation owner -// and each AWS account that is currently using the shared capacity. If the -// Capacity Reservation is not shared, it shows only the Capacity Reservation -// owner's usage. +// and each account that is currently using the shared capacity. If the Capacity +// Reservation is not shared, it shows only the Capacity Reservation owner's +// usage. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -33109,10 +33634,11 @@ func (c *EC2) ImportKeyPairRequest(input *ImportKeyPairInput) (req *request.Requ // ImportKeyPair API operation for Amazon Elastic Compute Cloud. // // Imports the public key from an RSA key pair that you created with a third-party -// tool. Compare this with CreateKeyPair, in which AWS creates the key pair -// and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, -// you create the key pair and give AWS just the public key. The private key -// is never transferred between you and AWS. +// tool. Compare this with CreateKeyPair, in which Amazon Web Services creates +// the key pair and gives the keys to you (Amazon Web Services keeps a copy +// of the public key). With ImportKeyPair, you create the key pair and give +// Amazon Web Services just the public key. The private key is never transferred +// between you and Amazon Web Services. // // For more information about key pairs, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -33661,14 +34187,14 @@ func (c *EC2) ModifyDefaultCreditSpecificationRequest(input *ModifyDefaultCredit // ModifyDefaultCreditSpecification API operation for Amazon Elastic Compute Cloud. // // Modifies the default credit option for CPU usage of burstable performance -// instances. The default credit option is set at the account level per AWS -// Region, and is specified per instance family. All new burstable performance -// instances in the account launch using the default credit option. +// instances. The default credit option is set at the account level per Region, +// and is specified per instance family. All new burstable performance instances +// in the account launch using the default credit option. // // ModifyDefaultCreditSpecification is an asynchronous operation, which works -// at an AWS Region level and modifies the credit option for each Availability -// Zone. All zones in a Region are updated within five minutes. But if instances -// are launched during this operation, they might not get the new credit option +// at an Region level and modifies the credit option for each Availability Zone. +// All zones in a Region are updated within five minutes. But if instances are +// launched during this operation, they might not get the new credit option // until the zone is updated. To verify whether the update has occurred, you // can call GetDefaultCreditSpecification and check DefaultCreditSpecification // for updates. @@ -35134,6 +35660,80 @@ func (c *EC2) ModifyReservedInstancesWithContext(ctx aws.Context, input *ModifyR return out, req.Send() } +const opModifySecurityGroupRules = "ModifySecurityGroupRules" + +// ModifySecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the ModifySecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifySecurityGroupRules for more information on using the ModifySecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifySecurityGroupRulesRequest method. +// req, resp := client.ModifySecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRulesRequest(input *ModifySecurityGroupRulesInput) (req *request.Request, output *ModifySecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opModifySecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifySecurityGroupRulesInput{} + } + + output = &ModifySecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifySecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Modifies the rules of a security group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifySecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRules(input *ModifySecurityGroupRulesInput) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + return out, req.Send() +} + +// ModifySecurityGroupRulesWithContext is the same as ModifySecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See ModifySecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifySecurityGroupRulesWithContext(ctx aws.Context, input *ModifySecurityGroupRulesInput, opts ...request.Option) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifySnapshotAttribute = "ModifySnapshotAttribute" // ModifySnapshotAttributeRequest generates a "aws/request.Request" representing the @@ -37167,16 +37767,16 @@ func (c *EC2) ProvisionByoipCidrRequest(input *ProvisionByoipCidrInput) (req *re // ProvisionByoipCidr API operation for Amazon Elastic Compute Cloud. // -// Provisions an IPv4 or IPv6 address range for use with your AWS resources -// through bring your own IP addresses (BYOIP) and creates a corresponding address -// pool. After the address range is provisioned, it is ready to be advertised +// Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services +// resources through bring your own IP addresses (BYOIP) and creates a corresponding +// address pool. After the address range is provisioned, it is ready to be advertised // using AdvertiseByoipCidr. // -// AWS verifies that you own the address range and are authorized to advertise -// it. You must ensure that the address range is registered to you and that -// you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise -// the address range. For more information, see Bring Your Own IP Addresses -// (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) +// Amazon Web Services verifies that you own the address range and are authorized +// to advertise it. You must ensure that the address range is registered to +// you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 +// to advertise the address range. For more information, see Bring your own +// IP addresses (BYOIP) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) // in the Amazon Elastic Compute Cloud User Guide. // // Provisioning an address range is an asynchronous operation, so the call returns @@ -38349,7 +38949,7 @@ func (c *EC2) ReleaseAddressRequest(input *ReleaseAddressInput) (req *request.Re // Be sure to update your DNS records and any servers or devices that communicate // with the address. If you attempt to release an Elastic IP address that you // already released, you'll get an AuthFailure error if the address is already -// allocated to another AWS account. +// allocated to another account. // // [EC2-VPC] After you release an Elastic IP address for use in a VPC, you might // be able to recover it. For more information, see AllocateAddress. @@ -40009,23 +40609,25 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Removes the specified egress rules from a security group for EC2-VPC. -// This action does not apply to security groups for use in EC2-Classic. To -// remove a rule, the values that you specify (for example, ports) must match -// the existing rule's values exactly. +// [VPC only] Removes the specified outbound (egress) rules from a security +// group for EC2-VPC. This action does not apply to security groups for use +// in EC2-Classic. +// +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and destination (CIDR range, security group, or prefix +// list). For the TCP and UDP protocols, you must also specify the destination +// port or range of ports. For the ICMP protocol, you must also specify the +// ICMP type and code. If the security group rule has a description, you do +// not need to specify the description to revoke the rule. // // [Default VPC] If the values you specify do not match the existing rule's // values, no error is returned, and the output describes the security group // rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source -// security group. For the TCP and UDP protocols, you must also specify the -// destination port or range of ports. For the ICMP protocol, you must also -// specify the ICMP type and code. If the security group rule has a description, -// you do not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -40102,22 +40704,23 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // RevokeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Removes the specified ingress rules from a security group. To remove a rule, -// the values that you specify (for example, ports) must match the existing -// rule's values exactly. +// Removes the specified inbound (ingress) rules from a security group. // -// [EC2-Classic , default VPC] If the values you specify do not match the existing +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and source (CIDR range, security group, or prefix list). +// For the TCP and UDP protocols, you must also specify the destination port +// or range of ports. For the ICMP protocol, you must also specify the ICMP +// type and code. If the security group rule has a description, you do not need +// to specify the description to revoke the rule. +// +// [EC2-Classic, default VPC] If the values you specify do not match the existing // rule's values, no error is returned, and the output describes the security // group rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the CIDR range or source security -// group. For the TCP and UDP protocols, you must also specify the destination -// port or range of ports. For the ICMP protocol, you must also specify the -// ICMP type and code. If the security group rule has a description, you do -// not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -40841,11 +41444,7 @@ func (c *EC2) StartInstancesRequest(input *StartInstancesInput) (req *request.Re // released and you are not billed for instance usage. However, your root partition // Amazon EBS volume remains and continues to persist your data, and you are // charged for Amazon EBS volume usage. You can restart your instance at any -// time. Every time you start your Windows instance, Amazon EC2 charges you -// for a full instance hour. If you stop and restart your Windows instance, -// a new instance hour begins and Amazon EC2 charges you for another full instance -// hour even if you are still within the same 60-minute period when it was stopped. -// Every time you start your Linux instance, Amazon EC2 charges a one-minute +// time. Every time you start your instance, Amazon EC2 charges a one-minute // minimum for instance usage, and thereafter charges per second for instance // usage. // @@ -41099,12 +41698,8 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // We don't charge usage for a stopped instance, or data transfer fees; however, // your root partition Amazon EBS volume remains and continues to persist your // data, and you are charged for Amazon EBS volume usage. Every time you start -// your Windows instance, Amazon EC2 charges you for a full instance hour. If -// you stop and restart your Windows instance, a new instance hour begins and -// Amazon EC2 charges you for another full instance hour even if you are still -// within the same 60-minute period when it was stopped. Every time you start -// your Linux instance, Amazon EC2 charges a one-minute minimum for instance -// usage, and thereafter charges per second for instance usage. +// your instance, Amazon EC2 charges a one-minute minimum for instance usage, +// and thereafter charges per second for instance usage. // // You can't stop or hibernate instance store-backed instances. You can't use // the Stop action to hibernate Spot Instances, but you can specify that Amazon @@ -41288,6 +41883,36 @@ func (c *EC2) TerminateInstancesRequest(input *TerminateInstancesInput) (req *re // If you specify multiple instances and the request fails (for example, because // of a single incorrect instance ID), none of the instances are terminated. // +// If you terminate multiple instances across multiple Availability Zones, and +// one or more of the specified instances are enabled for termination protection, +// the request fails with the following results: +// +// * The specified instances that are in the same Availability Zone as the +// protected instance are not terminated. +// +// * The specified instances that are in different Availability Zones, where +// no other specified instances are protected, are successfully terminated. +// +// For example, say you have the following instances: +// +// * Instance A: us-east-1a; Not protected +// +// * Instance B: us-east-1a; Not protected +// +// * Instance C: us-east-1b; Protected +// +// * Instance D: us-east-1b; not protected +// +// If you attempt to terminate all of these instances in the same request, the +// request reports failure with the following results: +// +// * Instance A and Instance B are successfully terminated because none of +// the specified instances in us-east-1a are enabled for termination protection. +// +// * Instance C and Instance D fail to terminate because at least one of +// the specified instances in us-east-1b (Instance C) is enabled for termination +// protection. +// // Terminated instances remain visible after termination (for approximately // one hour). // @@ -41607,11 +42232,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // // [VPC only] Updates the description of an egress (outbound) security group // rule. You can replace an existing description, or add a description to a -// rule that did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// rule that did not have one previously. You can remove a description for a +// security group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -41687,11 +42309,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsIngressRequest(input *UpdateSec // // Updates the description of an ingress (inbound) security group rule. You // can replace an existing description, or add a description to a rule that -// did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// did not have one previously. You can remove a description for a security +// group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -41771,7 +42390,7 @@ func (c *EC2) WithdrawByoipCidrRequest(input *WithdrawByoipCidrInput) (req *requ // specify different address ranges each time. // // It can take a few minutes before traffic to the specified addresses stops -// routing to AWS because of BGP propagation delays. +// routing to Amazon Web Services because of BGP propagation delays. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -42461,7 +43080,7 @@ type Address struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // The ID of the AWS account that owns the network interface. + // The ID of the account that owns the network interface. NetworkInterfaceOwnerId *string `locationName:"networkInterfaceOwnerId" type:"string"` // The private IP address associated with the Elastic IP address. @@ -42797,8 +43416,8 @@ func (s *AllocateAddressInput) SetTagSpecifications(v []*TagSpecification) *Allo type AllocateAddressOutput struct { _ struct{} `type:"structure"` - // [EC2-VPC] The ID that AWS assigns to represent the allocation of the Elastic - // IP address for use with instances in a VPC. + // [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation + // of the Elastic IP address for use with instances in a VPC. AllocationId *string `locationName:"allocationId" type:"string"` // The carrier IP address. This option is only available for network interfaces @@ -44238,7 +44857,7 @@ type AssociateEnclaveCertificateIamRoleOutput struct { // private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn. CertificateS3ObjectKey *string `locationName:"certificateS3ObjectKey" type:"string"` - // The ID of the AWS KMS CMK used to encrypt the private key of the certificate. + // The ID of the KMS key used to encrypt the private key of the certificate. EncryptionKmsKeyId *string `locationName:"encryptionKmsKeyId" type:"string"` } @@ -44694,6 +45313,132 @@ func (s *AssociateTransitGatewayRouteTableOutput) SetAssociation(v *TransitGatew return s } +type AssociateTrunkInterfaceInput struct { + _ struct{} `type:"structure"` + + // The ID of the branch network interface. + // + // BranchInterfaceId is a required field + BranchInterfaceId *string `type:"string" required:"true"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The application key. This applies to the GRE protocol. + GreKey *int64 `type:"integer"` + + // The ID of the trunk network interface. + // + // TrunkInterfaceId is a required field + TrunkInterfaceId *string `type:"string" required:"true"` + + // The ID of the VLAN. This applies to the VLAN protocol. + VlanId *int64 `type:"integer"` +} + +// String returns the string representation +func (s AssociateTrunkInterfaceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateTrunkInterfaceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateTrunkInterfaceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateTrunkInterfaceInput"} + if s.BranchInterfaceId == nil { + invalidParams.Add(request.NewErrParamRequired("BranchInterfaceId")) + } + if s.TrunkInterfaceId == nil { + invalidParams.Add(request.NewErrParamRequired("TrunkInterfaceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBranchInterfaceId sets the BranchInterfaceId field's value. +func (s *AssociateTrunkInterfaceInput) SetBranchInterfaceId(v string) *AssociateTrunkInterfaceInput { + s.BranchInterfaceId = &v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *AssociateTrunkInterfaceInput) SetClientToken(v string) *AssociateTrunkInterfaceInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *AssociateTrunkInterfaceInput) SetDryRun(v bool) *AssociateTrunkInterfaceInput { + s.DryRun = &v + return s +} + +// SetGreKey sets the GreKey field's value. +func (s *AssociateTrunkInterfaceInput) SetGreKey(v int64) *AssociateTrunkInterfaceInput { + s.GreKey = &v + return s +} + +// SetTrunkInterfaceId sets the TrunkInterfaceId field's value. +func (s *AssociateTrunkInterfaceInput) SetTrunkInterfaceId(v string) *AssociateTrunkInterfaceInput { + s.TrunkInterfaceId = &v + return s +} + +// SetVlanId sets the VlanId field's value. +func (s *AssociateTrunkInterfaceInput) SetVlanId(v int64) *AssociateTrunkInterfaceInput { + s.VlanId = &v + return s +} + +type AssociateTrunkInterfaceOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the association between the trunk network interface and + // branch network interface. + InterfaceAssociation *TrunkInterfaceAssociation `locationName:"interfaceAssociation" type:"structure"` +} + +// String returns the string representation +func (s AssociateTrunkInterfaceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateTrunkInterfaceOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *AssociateTrunkInterfaceOutput) SetClientToken(v string) *AssociateTrunkInterfaceOutput { + s.ClientToken = &v + return s +} + +// SetInterfaceAssociation sets the InterfaceAssociation field's value. +func (s *AssociateTrunkInterfaceOutput) SetInterfaceAssociation(v *TrunkInterfaceAssociation) *AssociateTrunkInterfaceOutput { + s.InterfaceAssociation = v + return s +} + type AssociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` @@ -45774,6 +46519,9 @@ type AuthorizeSecurityGroupEgressInput struct { // group. SourceSecurityGroupOwnerId *string `locationName:"sourceSecurityGroupOwnerId" type:"string"` + // The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify the port. ToPort *int64 `locationName:"toPort" type:"integer"` } @@ -45849,6 +46597,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetSourceSecurityGroupOwnerId(v stri return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupEgressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupEgressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurityGroupEgressInput { s.ToPort = &v @@ -45857,6 +46611,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurit type AuthorizeSecurityGroupEgressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the outbound (egress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -45869,6 +46629,18 @@ func (s AuthorizeSecurityGroupEgressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetReturn(v bool) *AuthorizeSecurityGroupEgressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupEgressOutput { + s.SecurityGroupRules = v + return s +} + type AuthorizeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` @@ -45926,14 +46698,18 @@ type AuthorizeSecurityGroupIngressInput struct { // be in the same VPC. SourceSecurityGroupName *string `type:"string"` - // [nondefault VPC] The AWS account ID for the source security group, if the - // source security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // Creates rules that grant full ICMP, UDP, and TCP access. To create a rule - // with a specific IP protocol and port range, use a set of IP permissions instead. + // [nondefault VPC] The Amazon Web Services account ID for the source security + // group, if the source security group is in a different account. You can't + // specify this parameter in combination with the following parameters: the + // CIDR IP address range, the IP protocol, the start of the port range, and + // the end of the port range. Creates rules that grant full ICMP, UDP, and TCP + // access. To create a rule with a specific IP protocol and port range, use + // a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` + // [VPC Only] The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The end of port range for the TCP and UDP protocols, or an ICMP code number. // For the ICMP code number, use -1 to specify all codes. If you specify all // ICMP types, you must specify all codes. @@ -46007,6 +46783,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetSourceSecurityGroupOwnerId(v str return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupIngressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupIngressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecurityGroupIngressInput { s.ToPort = &v @@ -46015,6 +46797,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecuri type AuthorizeSecurityGroupIngressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the inbound (ingress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -46027,6 +46815,18 @@ func (s AuthorizeSecurityGroupIngressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetReturn(v bool) *AuthorizeSecurityGroupIngressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupIngressOutput { + s.SecurityGroupRules = v + return s +} + // Describes Availability Zones, Local Zones, and Wavelength Zones. type AvailabilityZone struct { _ struct{} `type:"structure"` @@ -46519,7 +47319,7 @@ func (s *BundleTaskError) SetMessage(v string) *BundleTaskError { } // Information about an address range that is provisioned for use with your -// AWS resources through bring your own IP addresses (BYOIP). +// Amazon Web Services resources through bring your own IP addresses (BYOIP). type ByoipCidr struct { _ struct{} `type:"structure"` @@ -47378,7 +48178,11 @@ type CapacityReservation struct { // The type of instance for which the Capacity Reservation reserves capacity. InstanceType *string `locationName:"instanceType" type:"string"` - // The ID of the AWS account that owns the Capacity Reservation. + // The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation + // was created. + OutpostArn *string `locationName:"outpostArn" type:"string"` + + // The ID of the account that owns the Capacity Reservation. OwnerId *string `locationName:"ownerId" type:"string"` // The date and time at which the Capacity Reservation was started. @@ -47412,10 +48216,10 @@ type CapacityReservation struct { // can have one of the following tenancy settings: // // * default - The Capacity Reservation is created on hardware that is shared - // with other AWS accounts. + // with other accounts. // // * dedicated - The Capacity Reservation is created on single-tenant hardware - // that is dedicated to a single AWS account. + // that is dedicated to a single account. Tenancy *string `locationName:"tenancy" type:"string" enum:"CapacityReservationTenancy"` // The total number of instances for which the Capacity Reservation reserves @@ -47511,6 +48315,12 @@ func (s *CapacityReservation) SetInstanceType(v string) *CapacityReservation { return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *CapacityReservation) SetOutpostArn(v string) *CapacityReservation { + s.OutpostArn = &v + return s +} + // SetOwnerId sets the OwnerId field's value. func (s *CapacityReservation) SetOwnerId(v string) *CapacityReservation { s.OwnerId = &v @@ -47554,7 +48364,7 @@ type CapacityReservationGroup struct { // The ARN of the resource group. GroupArn *string `locationName:"groupArn" type:"string"` - // The ID of the AWS account that owns the resource group. + // The ID of the account that owns the resource group. OwnerId *string `locationName:"ownerId" type:"string"` } @@ -47942,9 +48752,8 @@ func (s *CertificateAuthenticationRequest) SetClientRootCertificateChainArn(v st } // Provides authorization for Amazon to bring a specific IP address range to -// a specific AWS account using bring your own IP addresses (BYOIP). For more -// information, see Prepare to Bring Your Address Range to Your AWS Account -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip) +// a specific account using bring your own IP addresses (BYOIP). For more information, +// see Configuring your BYOIP address range (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip) // in the Amazon Elastic Compute Cloud User Guide. type CidrAuthorizationContext struct { _ struct{} `type:"structure"` @@ -49234,7 +50043,7 @@ func (s *ConfirmProductInstanceInput) SetProductCode(v string) *ConfirmProductIn type ConfirmProductInstanceOutput struct { _ struct{} `type:"structure"` - // The AWS account ID of the instance owner. This is only present if the product + // The account ID of the instance owner. This is only present if the product // code is attached to the instance. OwnerId *string `locationName:"ownerId" type:"string"` @@ -50177,6 +50986,10 @@ type CreateCapacityReservationInput struct { // InstanceType is a required field InstanceType *string `type:"string" required:"true"` + // The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity + // Reservation. + OutpostArn *string `type:"string"` + // The tags to apply to the Capacity Reservation during launch. TagSpecifications []*TagSpecification `locationNameList:"item" type:"list"` @@ -50184,10 +50997,10 @@ type CreateCapacityReservationInput struct { // can have one of the following tenancy settings: // // * default - The Capacity Reservation is created on hardware that is shared - // with other AWS accounts. + // with other accounts. // // * dedicated - The Capacity Reservation is created on single-tenant hardware - // that is dedicated to a single AWS account. + // that is dedicated to a single account. Tenancy *string `type:"string" enum:"CapacityReservationTenancy"` } @@ -50292,6 +51105,12 @@ func (s *CreateCapacityReservationInput) SetInstanceType(v string) *CreateCapaci return s } +// SetOutpostArn sets the OutpostArn field's value. +func (s *CreateCapacityReservationInput) SetOutpostArn(v string) *CreateCapacityReservationInput { + s.OutpostArn = &v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateCapacityReservationInput) SetTagSpecifications(v []*TagSpecification) *CreateCapacityReservationInput { s.TagSpecifications = v @@ -51318,6 +52137,9 @@ type CreateFleetInput struct { // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` + // Reserved. + Context *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -51346,10 +52168,15 @@ type CreateFleetInput struct { // Describes the configuration of Spot Instances in an EC2 Fleet. SpotOptions *SpotOptionsRequest `type:"structure"` - // The key-value pair for tagging the EC2 Fleet request on creation. The value - // for ResourceType must be fleet, otherwise the fleet request fails. To tag - // instances at launch, specify the tags in the launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template). - // For information about tagging after launch, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // The key-value pair for tagging the EC2 Fleet request on creation. For more + // information, see Tagging your resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). + // + // If the fleet type is instant, specify a resource type of fleet to tag the + // fleet or instance to tag the instances at launch. + // + // If the fleet type is maintain or request, specify a resource type of fleet + // to tag the fleet. You cannot specify a resource type of instance. To tag + // instances at launch, specify the tags in a launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The number of units to request. @@ -51361,7 +52188,7 @@ type CreateFleetInput struct { // expires. TerminateInstancesWithExpiration *bool `type:"boolean"` - // The type of request. The default value is maintain. + // The fleet type. The default value is maintain. // // * maintain - The EC2 Fleet places an asynchronous request for your desired // capacity, and continues to maintain your desired Spot capacity by replenishing @@ -51437,6 +52264,12 @@ func (s *CreateFleetInput) SetClientToken(v string) *CreateFleetInput { return s } +// SetContext sets the Context field's value. +func (s *CreateFleetInput) SetContext(v string) *CreateFleetInput { + s.Context = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateFleetInput) SetDryRun(v bool) *CreateFleetInput { s.DryRun = &v @@ -51576,14 +52409,14 @@ type CreateFleetOutput struct { _ struct{} `type:"structure"` // Information about the instances that could not be launched by the fleet. - // Valid only when Type is set to instant. + // Supported only for fleets of type instant. Errors []*CreateFleetError `locationName:"errorSet" locationNameList:"item" type:"list"` // The ID of the EC2 Fleet. FleetId *string `locationName:"fleetId" type:"string"` - // Information about the instances that were launched by the fleet. Valid only - // when Type is set to instant. + // Information about the instances that were launched by the fleet. Supported + // only for fleets of type instant. Instances []*CreateFleetInstance `locationName:"fleetInstanceSet" locationNameList:"item" type:"list"` } @@ -53046,12 +53879,11 @@ func (s *CreateManagedPrefixListOutput) SetPrefixList(v *ManagedPrefixList) *Cre type CreateNatGatewayInput struct { _ struct{} `type:"structure"` - // The allocation ID of an Elastic IP address to associate with the NAT gateway. - // If the Elastic IP address is associated with another resource, you must first - // disassociate it. - // - // AllocationId is a required field - AllocationId *string `type:"string" required:"true"` + // [Public NAT gateways only] The allocation ID of an Elastic IP address to + // associate with the NAT gateway. You cannot specify an Elastic IP address + // with a private NAT gateway. If the Elastic IP address is associated with + // another resource, you must first disassociate it. + AllocationId *string `type:"string"` // Unique, case-sensitive identifier that you provide to ensure the idempotency // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). @@ -53059,6 +53891,10 @@ type CreateNatGatewayInput struct { // Constraint: Maximum 64 ASCII characters. ClientToken *string `type:"string" idempotencyToken:"true"` + // Indicates whether the NAT gateway supports public or private connectivity. + // The default is public connectivity. + ConnectivityType *string `type:"string" enum:"ConnectivityType"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -53087,9 +53923,6 @@ func (s CreateNatGatewayInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateNatGatewayInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateNatGatewayInput"} - if s.AllocationId == nil { - invalidParams.Add(request.NewErrParamRequired("AllocationId")) - } if s.SubnetId == nil { invalidParams.Add(request.NewErrParamRequired("SubnetId")) } @@ -53112,6 +53945,12 @@ func (s *CreateNatGatewayInput) SetClientToken(v string) *CreateNatGatewayInput return s } +// SetConnectivityType sets the ConnectivityType field's value. +func (s *CreateNatGatewayInput) SetConnectivityType(v string) *CreateNatGatewayInput { + s.ConnectivityType = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateNatGatewayInput) SetDryRun(v bool) *CreateNatGatewayInput { s.DryRun = &v @@ -53570,6 +54409,10 @@ func (s *CreateNetworkInsightsPathOutput) SetNetworkInsightsPath(v *NetworkInsig type CreateNetworkInterfaceInput struct { _ struct{} `type:"structure"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + // A description for the network interface. Description *string `locationName:"description" type:"string"` @@ -53584,7 +54427,10 @@ type CreateNetworkInterfaceInput struct { // Indicates the type of network interface. To create an Elastic Fabric Adapter // (EFA), specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon Elastic Compute Cloud User Guide. To create a trunk network + // interface, specify efa. For more information, see Network interface trunking + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eni-trunking.html) in + // the Amazon Elastic Compute Cloud User Guide. InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` // The number of IPv6 addresses to assign to a network interface. Amazon EC2 @@ -53651,6 +54497,12 @@ func (s *CreateNetworkInterfaceInput) Validate() error { return nil } +// SetClientToken sets the ClientToken field's value. +func (s *CreateNetworkInterfaceInput) SetClientToken(v string) *CreateNetworkInterfaceInput { + s.ClientToken = &v + return s +} + // SetDescription sets the Description field's value. func (s *CreateNetworkInterfaceInput) SetDescription(v string) *CreateNetworkInterfaceInput { s.Description = &v @@ -53721,6 +54573,10 @@ func (s *CreateNetworkInterfaceInput) SetTagSpecifications(v []*TagSpecification type CreateNetworkInterfaceOutput struct { _ struct{} `type:"structure"` + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + ClientToken *string `locationName:"clientToken" type:"string"` + // Information about the network interface. NetworkInterface *NetworkInterface `locationName:"networkInterface" type:"structure"` } @@ -53735,6 +54591,12 @@ func (s CreateNetworkInterfaceOutput) GoString() string { return s.String() } +// SetClientToken sets the ClientToken field's value. +func (s *CreateNetworkInterfaceOutput) SetClientToken(v string) *CreateNetworkInterfaceOutput { + s.ClientToken = &v + return s +} + // SetNetworkInterface sets the NetworkInterface field's value. func (s *CreateNetworkInterfaceOutput) SetNetworkInterface(v *NetworkInterface) *CreateNetworkInterfaceOutput { s.NetworkInterface = v @@ -53745,10 +54607,10 @@ func (s *CreateNetworkInterfaceOutput) SetNetworkInterface(v *NetworkInterface) type CreateNetworkInterfacePermissionInput struct { _ struct{} `type:"structure"` - // The AWS account ID. + // The account ID. AwsAccountId *string `type:"string"` - // The AWS service. Currently not supported. + // The Amazon Web Service. Currently not supported. AwsService *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -63171,12 +64033,12 @@ type DescribeAddressesInput struct { // if any. // // * network-border-group - A unique set of Availability Zones, Local Zones, - // or Wavelength Zones from where AWS advertises IP addresses. + // or Wavelength Zones from where Amazon Web Services advertises IP addresses. // // * network-interface-id - [EC2-VPC] The ID of the network interface that // the address is associated with, if any. // - // * network-interface-owner-id - The AWS account ID of the owner. + // * network-interface-owner-id - The account ID of the owner. // // * private-ip-address - [EC2-VPC] The private IP address associated with // the Elastic IP address. @@ -63642,7 +64504,7 @@ type DescribeCapacityReservationsInput struct { // * instance-type - The type of instance for which the Capacity Reservation // reserves capacity. // - // * owner-id - The ID of the AWS account that owns the Capacity Reservation. + // * owner-id - The ID of the account that owns the Capacity Reservation. // // * availability-zone-id - The Availability Zone ID of the Capacity Reservation. // @@ -63654,8 +64516,11 @@ type DescribeCapacityReservationsInput struct { // * tenancy - Indicates the tenancy of the Capacity Reservation. A Capacity // Reservation can have one of the following tenancy settings: default - // The Capacity Reservation is created on hardware that is shared with other - // AWS accounts. dedicated - The Capacity Reservation is created on single-tenant - // hardware that is dedicated to a single AWS account. + // accounts. dedicated - The Capacity Reservation is created on single-tenant + // hardware that is dedicated to a single account. + // + // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost on which + // the Capacity Reservation was created. // // * state - The current state of the Capacity Reservation. A Capacity Reservation // can be in one of the following states: active- The Capacity Reservation @@ -67391,6 +68256,14 @@ type DescribeImagesInput struct { // Default: Describes all images available to you. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` + // If true, all deprecated AMIs are included in the response. If false, no deprecated + // AMIs are included in the response. If no value is specified, the default + // value is false. + // + // If you are the AMI owner, all deprecated AMIs appear in the response regardless + // of the value (true or false) that you set for this parameter. + IncludeDeprecated *bool `type:"boolean"` + // Scopes the results to images with the specified owners. You can specify a // combination of AWS account IDs, self, amazon, and aws-marketplace. If you // omit this parameter, the results include all images for which you have launch @@ -67432,6 +68305,12 @@ func (s *DescribeImagesInput) SetImageIds(v []*string) *DescribeImagesInput { return s } +// SetIncludeDeprecated sets the IncludeDeprecated field's value. +func (s *DescribeImagesInput) SetIncludeDeprecated(v bool) *DescribeImagesInput { + s.IncludeDeprecated = &v + return s +} + // SetOwners sets the Owners field's value. func (s *DescribeImagesInput) SetOwners(v []*string) *DescribeImagesInput { s.Owners = v @@ -67738,8 +68617,8 @@ type DescribeInstanceAttributeOutput struct { // Indicates whether enhanced networking with ENA is enabled. EnaSupport *AttributeBooleanValue `locationName:"enaSupport" type:"structure"` - // To enable the instance for AWS Nitro Enclaves, set this parameter to true; - // otherwise, set it to false. + // To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter + // to true; otherwise, set it to false. EnclaveOptions *EnclaveOptions `locationName:"enclaveOptions" type:"structure"` // The security groups associated with the instance. @@ -68731,7 +69610,7 @@ type DescribeInstancesInput struct { // * network-interface.requester-id - The requester ID for the network interface. // // * network-interface.requester-managed - Indicates whether the network - // interface is being managed by AWS. + // interface is being managed by Amazon Web Services. // // * network-interface.status - The status of the network interface (available) // | in-use). @@ -68748,7 +69627,7 @@ type DescribeInstancesInput struct { // // * outpost-arn - The Amazon Resource Name (ARN) of the Outpost. // - // * owner-id - The AWS account ID of the instance owner. + // * owner-id - The account ID of the instance owner. // // * placement-group-name - The name of the placement group for the instance. // @@ -68773,7 +69652,7 @@ type DescribeInstancesInput struct { // Similar to the state-reason-code filter. // // * requester-id - The ID of the entity that launched the instance on your - // behalf (for example, AWS Management Console, Auto Scaling, and so on). + // behalf (for example, Management Console, Auto Scaling, and so on). // // * reservation-id - The ID of the instance's reservation. A reservation // ID is created any time you launch an instance. A reservation ID has a @@ -69186,7 +70065,7 @@ type DescribeKeyPairsInput struct { // The key pair names. // - // Default: Describes all your key pairs. + // Default: Describes all of your key pairs. KeyNames []*string `locationName:"KeyName" locationNameList:"KeyName" type:"list"` // The IDs of the key pairs. @@ -71179,9 +72058,9 @@ type DescribeNetworkInterfacePermissionsInput struct { // * network-interface-permission.network-interface-id - The ID of the network // interface. // - // * network-interface-permission.aws-account-id - The AWS account ID. + // * network-interface-permission.aws-account-id - The account ID. // - // * network-interface-permission.aws-service - The AWS service. + // * network-interface-permission.aws-service - The Amazon Web Service. // // * network-interface-permission.permission - The type of permission (INSTANCE-ATTACH // | EIP-ASSOCIATE). @@ -71354,19 +72233,19 @@ type DescribeNetworkInterfacesInput struct { // // * network-interface-id - The ID of the network interface. // - // * owner-id - The AWS account ID of the network interface owner. + // * owner-id - The account ID of the network interface owner. // // * private-ip-address - The private IPv4 address or addresses of the network // interface. // // * private-dns-name - The private DNS name of the network interface (IPv4). // - // * requester-id - The alias or AWS account ID of the principal or service - // that created the network interface. + // * requester-id - The alias or account ID of the principal or service that + // created the network interface. // // * requester-managed - Indicates whether the network interface is being - // managed by an AWS service (for example, AWS Management Console, Auto Scaling, - // and so on). + // managed by an Amazon Web Service (for example, Management Console, Auto + // Scaling, and so on). // // * source-dest-check - Indicates whether the network interface performs // source/destination checking. A value of true means checking is enabled, @@ -72426,8 +73305,8 @@ type DescribeReservedInstancesOfferingsInput struct { // // * marketplace - Set to true to show only Reserved Instance Marketplace // offerings. When this filter is not used, which is the default behavior, - // all offerings from both AWS and the Reserved Instance Marketplace are - // listed. + // all offerings from both Amazon Web Services and the Reserved Instance + // Marketplace are listed. // // * product-description - The Reserved Instance product platform description. // Instances that include (Amazon VPC) in the product platform description @@ -73195,6 +74074,127 @@ func (s *DescribeSecurityGroupReferencesOutput) SetSecurityGroupReferenceSet(v [ return s } +type DescribeSecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * group-id - The ID of the security group. + // + // * security-group-rule-id - The ID of the security group rule. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another request with the returned NextToken value. + // This value can be between 5 and 1000. If this parameter is not specified, + // then all results are returned. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecurityGroupRulesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeSecurityGroupRulesInput) SetDryRun(v bool) *DescribeSecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeSecurityGroupRulesInput) SetFilters(v []*Filter) *DescribeSecurityGroupRulesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeSecurityGroupRulesInput) SetMaxResults(v int64) *DescribeSecurityGroupRulesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesInput) SetNextToken(v string) *DescribeSecurityGroupRulesInput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *DescribeSecurityGroupRulesInput) SetSecurityGroupRuleIds(v []*string) *DescribeSecurityGroupRulesInput { + s.SecurityGroupRuleIds = v + return s +} + +type DescribeSecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about security group rules. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesOutput) SetNextToken(v string) *DescribeSecurityGroupRulesOutput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *DescribeSecurityGroupRulesOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *DescribeSecurityGroupRulesOutput { + s.SecurityGroupRules = v + return s +} + type DescribeSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -73234,8 +74234,8 @@ type DescribeSecurityGroupsInput struct { // * egress.ip-permission.to-port - For an outbound rule, the end of port // range for the TCP and UDP protocols, or an ICMP code. // - // * egress.ip-permission.user-id - The ID of an AWS account that has been - // referenced in an outbound security group rule. + // * egress.ip-permission.user-id - The ID of an Amazon Web Services account + // that has been referenced in an outbound security group rule. // // * group-id - The ID of the security group. // @@ -73265,10 +74265,11 @@ type DescribeSecurityGroupsInput struct { // * ip-permission.to-port - For an inbound rule, the end of port range for // the TCP and UDP protocols, or an ICMP code. // - // * ip-permission.user-id - The ID of an AWS account that has been referenced - // in an inbound security group rule. + // * ip-permission.user-id - The ID of an Amazon Web Services account that + // has been referenced in an inbound security group rule. // - // * owner-id - The AWS account ID of the owner of the security group. + // * owner-id - The Amazon Web Services account ID of the owner of the security + // group. // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -73286,7 +74287,7 @@ type DescribeSecurityGroupsInput struct { // The IDs of the security groups. Required for security groups in a nondefault // VPC. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // [EC2-Classic and default VPC only] The names of the security groups. You @@ -73294,7 +74295,7 @@ type DescribeSecurityGroupsInput struct { // security groups in a nondefault VPC, use the group-name filter to describe // security groups by name. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupNames []*string `locationName:"GroupName" locationNameList:"GroupName" type:"list"` // The maximum number of results to return in a single call. To retrieve the @@ -76305,6 +77306,120 @@ func (s *DescribeTransitGatewaysOutput) SetTransitGateways(v []*TransitGateway) return s } +type DescribeTrunkInterfaceAssociationsInput struct { + _ struct{} `type:"structure"` + + // The IDs of the associations. + AssociationIds []*string `locationName:"AssociationId" locationNameList:"item" type:"list"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * gre-key - The ID of a trunk interface association. + // + // * interface-protocol - The interface protocol. Valid values are VLAN and + // GRE. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeTrunkInterfaceAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrunkInterfaceAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTrunkInterfaceAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrunkInterfaceAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationIds sets the AssociationIds field's value. +func (s *DescribeTrunkInterfaceAssociationsInput) SetAssociationIds(v []*string) *DescribeTrunkInterfaceAssociationsInput { + s.AssociationIds = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTrunkInterfaceAssociationsInput) SetDryRun(v bool) *DescribeTrunkInterfaceAssociationsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTrunkInterfaceAssociationsInput) SetFilters(v []*Filter) *DescribeTrunkInterfaceAssociationsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTrunkInterfaceAssociationsInput) SetMaxResults(v int64) *DescribeTrunkInterfaceAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrunkInterfaceAssociationsInput) SetNextToken(v string) *DescribeTrunkInterfaceAssociationsInput { + s.NextToken = &v + return s +} + +type DescribeTrunkInterfaceAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Information about the trunk associations. + InterfaceAssociations []*TrunkInterfaceAssociation `locationName:"interfaceAssociationSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeTrunkInterfaceAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrunkInterfaceAssociationsOutput) GoString() string { + return s.String() +} + +// SetInterfaceAssociations sets the InterfaceAssociations field's value. +func (s *DescribeTrunkInterfaceAssociationsOutput) SetInterfaceAssociations(v []*TrunkInterfaceAssociation) *DescribeTrunkInterfaceAssociationsOutput { + s.InterfaceAssociations = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrunkInterfaceAssociationsOutput) SetNextToken(v string) *DescribeTrunkInterfaceAssociationsOutput { + s.NextToken = &v + return s +} + type DescribeVolumeAttributeInput struct { _ struct{} `type:"structure"` @@ -79226,6 +80341,79 @@ func (s *DisableFastSnapshotRestoresOutput) SetUnsuccessful(v []*DisableFastSnap return s } +type DisableImageDeprecationInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableImageDeprecationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableImageDeprecationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableImageDeprecationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableImageDeprecationInput"} + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableImageDeprecationInput) SetDryRun(v bool) *DisableImageDeprecationInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *DisableImageDeprecationInput) SetImageId(v string) *DisableImageDeprecationInput { + s.ImageId = &v + return s +} + +type DisableImageDeprecationOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s DisableImageDeprecationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableImageDeprecationOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *DisableImageDeprecationOutput) SetReturn(v bool) *DisableImageDeprecationOutput { + s.Return = &v + return s +} + type DisableSerialConsoleAccessInput struct { _ struct{} `type:"structure"` @@ -80158,6 +81346,99 @@ func (s *DisassociateTransitGatewayRouteTableOutput) SetAssociation(v *TransitGa return s } +type DisassociateTrunkInterfaceInput struct { + _ struct{} `type:"structure"` + + // The ID ofthe association + // + // AssociationId is a required field + AssociationId *string `type:"string" required:"true"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s DisassociateTrunkInterfaceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateTrunkInterfaceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateTrunkInterfaceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateTrunkInterfaceInput"} + if s.AssociationId == nil { + invalidParams.Add(request.NewErrParamRequired("AssociationId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationId sets the AssociationId field's value. +func (s *DisassociateTrunkInterfaceInput) SetAssociationId(v string) *DisassociateTrunkInterfaceInput { + s.AssociationId = &v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *DisassociateTrunkInterfaceInput) SetClientToken(v string) *DisassociateTrunkInterfaceInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DisassociateTrunkInterfaceInput) SetDryRun(v bool) *DisassociateTrunkInterfaceInput { + s.DryRun = &v + return s +} + +type DisassociateTrunkInterfaceOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s DisassociateTrunkInterfaceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateTrunkInterfaceOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *DisassociateTrunkInterfaceOutput) SetClientToken(v string) *DisassociateTrunkInterfaceOutput { + s.ClientToken = &v + return s +} + +// SetReturn sets the Return field's value. +func (s *DisassociateTrunkInterfaceOutput) SetReturn(v bool) *DisassociateTrunkInterfaceOutput { + s.Return = &v + return s +} + type DisassociateVpcCidrBlockInput struct { _ struct{} `type:"structure"` @@ -81705,6 +82986,98 @@ func (s *EnableFastSnapshotRestoresOutput) SetUnsuccessful(v []*EnableFastSnapsh return s } +type EnableImageDeprecationInput struct { + _ struct{} `type:"structure"` + + // The date and time to deprecate the AMI, in UTC, in the following format: + // YYYY-MM-DDTHH:MM:SSZ. If you specify a value for seconds, Amazon EC2 rounds + // the seconds to the nearest minute. + // + // You can’t specify a date in the past. The upper limit for DeprecateAt is + // 10 years from now. + // + // DeprecateAt is a required field + DeprecateAt *time.Time `type:"timestamp" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AMI. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableImageDeprecationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableImageDeprecationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableImageDeprecationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableImageDeprecationInput"} + if s.DeprecateAt == nil { + invalidParams.Add(request.NewErrParamRequired("DeprecateAt")) + } + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeprecateAt sets the DeprecateAt field's value. +func (s *EnableImageDeprecationInput) SetDeprecateAt(v time.Time) *EnableImageDeprecationInput { + s.DeprecateAt = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableImageDeprecationInput) SetDryRun(v bool) *EnableImageDeprecationInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *EnableImageDeprecationInput) SetImageId(v string) *EnableImageDeprecationInput { + s.ImageId = &v + return s +} + +type EnableImageDeprecationOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, it returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s EnableImageDeprecationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableImageDeprecationOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *EnableImageDeprecationOutput) SetReturn(v bool) *EnableImageDeprecationOutput { + s.Return = &v + return s +} + type EnableSerialConsoleAccessInput struct { _ struct{} `type:"structure"` @@ -82108,12 +83481,13 @@ func (s *EnableVpcClassicLinkOutput) SetReturn(v bool) *EnableVpcClassicLinkOutp return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. type EnclaveOptions struct { _ struct{} `type:"structure"` - // If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; - // otherwise, it is not enabled for AWS Nitro Enclaves. + // If this parameter is set to true, the instance is enabled for Amazon Web + // Services Nitro Enclaves; otherwise, it is not enabled for Amazon Web Services + // Nitro Enclaves. Enabled *bool `locationName:"enabled" type:"boolean"` } @@ -82133,13 +83507,14 @@ func (s *EnclaveOptions) SetEnabled(v bool) *EnclaveOptions { return s } -// Indicates whether the instance is enabled for AWS Nitro Enclaves. For more -// information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) -// in the AWS Nitro Enclaves User Guide. +// Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. +// For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) +// in the Amazon Web Services Nitro Enclaves User Guide. type EnclaveOptionsRequest struct { _ struct{} `type:"structure"` - // To enable the instance for AWS Nitro Enclaves, set this parameter to true. + // To enable the instance for Amazon Web Services Nitro Enclaves, set this parameter + // to true. Enabled *bool `type:"boolean"` } @@ -83699,6 +85074,9 @@ type FleetData struct { // Constraints: Maximum 64 ASCII characters ClientToken *string `locationName:"clientToken" type:"string"` + // Reserved. + Context *string `locationName:"context" type:"string"` + // The creation date and time of the EC2 Fleet. CreateTime *time.Time `locationName:"createTime" type:"timestamp"` @@ -83799,6 +85177,12 @@ func (s *FleetData) SetClientToken(v string) *FleetData { return s } +// SetContext sets the Context field's value. +func (s *FleetData) SetContext(v string) *FleetData { + s.Context = &v + return s +} + // SetCreateTime sets the CreateTime field's value. func (s *FleetData) SetCreateTime(v time.Time) *FleetData { s.CreateTime = &v @@ -87673,7 +89057,7 @@ type Host struct { // is true, the host is in a host resource group; otherwise, it is not. MemberOfServiceLinkedResourceGroup *bool `locationName:"memberOfServiceLinkedResourceGroup" type:"boolean"` - // The ID of the AWS account that owns the Dedicated Host. + // The ID of the account that owns the Dedicated Host. OwnerId *string `locationName:"ownerId" type:"string"` // The time that the Dedicated Host was released. @@ -87808,7 +89192,7 @@ type HostInstance struct { // The instance type (for example, m3.medium) of the running instance. InstanceType *string `locationName:"instanceType" type:"string"` - // The ID of the AWS account that owns the instance. + // The ID of the account that owns the instance. OwnerId *string `locationName:"ownerId" type:"string"` } @@ -88393,6 +89777,11 @@ type Image struct { // The date and time the image was created. CreationDate *string `locationName:"creationDate" type:"string"` + // The date and time to deprecate the AMI, in UTC, in the following format: + // YYYY-MM-DDTHH:MM:SSZ. If you specified a value for seconds, Amazon EC2 rounds + // the seconds to the nearest minute. + DeprecationTime *string `locationName:"deprecationTime" type:"string"` + // The description of the AMI that was provided during image creation. Description *string `locationName:"description" type:"string"` @@ -88512,6 +89901,12 @@ func (s *Image) SetCreationDate(v string) *Image { return s } +// SetDeprecationTime sets the DeprecationTime field's value. +func (s *Image) SetDeprecationTime(v string) *Image { + s.DeprecationTime = &v + return s +} + // SetDescription sets the Description field's value. func (s *Image) SetDescription(v string) *Image { s.Description = &v @@ -89795,7 +91190,7 @@ type ImportKeyPairOutput struct { // The MD5 public key fingerprint as specified in section 4 of RFC 4716. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` - // The key pair name you provided. + // The key pair name that you provided. KeyName *string `locationName:"keyName" type:"string"` // The ID of the resulting key pair. @@ -90363,7 +91758,7 @@ type Instance struct { // Specifies whether enhanced networking with ENA is enabled. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. EnclaveOptions *EnclaveOptions `locationName:"enclaveOptions" type:"structure"` // Indicates whether the instance is enabled for hibernation. @@ -91369,7 +92764,7 @@ type InstanceNetworkInterface struct { // Describes the type of network interface. // - // Valid values: interface | efa + // Valid values: interface | efa | trunk InterfaceType *string `locationName:"interfaceType" type:"string"` // One or more IPv6 addresses associated with the network interface. @@ -91381,7 +92776,7 @@ type InstanceNetworkInterface struct { // The ID of the network interface. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // The ID of the AWS account that created the network interface. + // The ID of the account that created the network interface. OwnerId *string `locationName:"ownerId" type:"string"` // The private DNS name. @@ -91640,7 +93035,8 @@ type InstanceNetworkInterfaceSpecification struct { // // You can only assign a carrier IP address to a network interface that is in // a subnet in a Wavelength Zone. For more information about carrier IP addresses, - // see Carrier IP addresses in the AWS Wavelength Developer Guide. + // see Carrier IP addresses in the Amazon Web Services Wavelength Developer + // Guide. AssociateCarrierIpAddress *bool `type:"boolean"` // Indicates whether to assign a public IPv4 address to an instance you launch @@ -91676,8 +93072,6 @@ type InstanceNetworkInterfaceSpecification struct { // see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) // in the Amazon Elastic Compute Cloud User Guide. // - // If you are not creating an EFA, specify interface or omit this parameter. - // // Valid values: interface | efa InterfaceType *string `type:"string"` @@ -92606,10 +94000,10 @@ func (s *InstanceTypeOffering) SetLocationType(v string) *InstanceTypeOffering { type InstanceUsage struct { _ struct{} `type:"structure"` - // The ID of the AWS account that is making use of the Capacity Reservation. + // The ID of the account that is making use of the Capacity Reservation. AccountId *string `locationName:"accountId" type:"string"` - // The number of instances the AWS account currently has in the Capacity Reservation. + // The number of instances the account currently has in the Capacity Reservation. UsedInstanceCount *int64 `locationName:"usedInstanceCount" type:"integer"` } @@ -92802,7 +94196,7 @@ type IpPermission struct { // types, you must specify all codes. ToPort *int64 `locationName:"toPort" type:"integer"` - // The security group and AWS account ID pairs. + // The security group and Amazon Web Services account ID pairs. UserIdGroupPairs []*UserIdGroupPair `locationName:"groups" locationNameList:"item" type:"list"` } @@ -93047,9 +94441,9 @@ type KeyPairInfo struct { _ struct{} `type:"structure"` // If you used CreateKeyPair to create the key pair, this is the SHA-1 digest - // of the DER encoded private key. If you used ImportKeyPair to provide AWS - // the public key, this is the MD5 public key fingerprint as specified in section - // 4 of RFC4716. + // of the DER encoded private key. If you used ImportKeyPair to provide Amazon + // Web Services the public key, this is the MD5 public key fingerprint as specified + // in section 4 of RFC4716. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` // The name of the key pair. @@ -97017,6 +98411,9 @@ func (s *ModifyEbsDefaultKmsKeyIdOutput) SetKmsKeyId(v string) *ModifyEbsDefault type ModifyFleetInput struct { _ struct{} `type:"structure"` + // Reserved. + Context *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -97078,6 +98475,12 @@ func (s *ModifyFleetInput) Validate() error { return nil } +// SetContext sets the Context field's value. +func (s *ModifyFleetInput) SetContext(v string) *ModifyFleetInput { + s.Context = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyFleetInput) SetDryRun(v bool) *ModifyFleetInput { s.DryRun = &v @@ -97800,9 +99203,9 @@ type ModifyInstanceAttributeInput struct { SriovNetSupport *AttributeValue `locationName:"sriovNetSupport" type:"structure"` // Changes the instance's user data to the specified value. If you are using - // an AWS SDK or command line tool, base64-encoding is performed for you, and - // you can load the text from a file. Otherwise, you must provide base64-encoded - // text. + // an Amazon Web Services SDK or command line tool, base64-encoding is performed + // for you, and you can load the text from a file. Otherwise, you must provide + // base64-encoded text. UserData *BlobAttributeValue `locationName:"userData" type:"structure"` // A new value for the attribute. Use only with the kernel, ramdisk, userData, @@ -98904,6 +100307,93 @@ func (s *ModifyReservedInstancesOutput) SetReservedInstancesModificationId(v str return s } +type ModifySecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the security group. + // + // GroupId is a required field + GroupId *string `type:"string" required:"true"` + + // Information about the security group properties to update. + // + // SecurityGroupRules is a required field + SecurityGroupRules []*SecurityGroupRuleUpdate `locationName:"SecurityGroupRule" locationNameList:"item" type:"list" required:"true"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifySecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifySecurityGroupRulesInput"} + if s.GroupId == nil { + invalidParams.Add(request.NewErrParamRequired("GroupId")) + } + if s.SecurityGroupRules == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityGroupRules")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifySecurityGroupRulesInput) SetDryRun(v bool) *ModifySecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *ModifySecurityGroupRulesInput) SetGroupId(v string) *ModifySecurityGroupRulesInput { + s.GroupId = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *ModifySecurityGroupRulesInput) SetSecurityGroupRules(v []*SecurityGroupRuleUpdate) *ModifySecurityGroupRulesInput { + s.SecurityGroupRules = v + return s +} + +type ModifySecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ModifySecurityGroupRulesOutput) SetReturn(v bool) *ModifySecurityGroupRulesOutput { + s.Return = &v + return s +} + type ModifySnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -99018,6 +100508,9 @@ func (s ModifySnapshotAttributeOutput) GoString() string { type ModifySpotFleetRequestInput struct { _ struct{} `type:"structure"` + // Reserved. + Context *string `type:"string"` + // Indicates whether running Spot Instances should be terminated if the target // capacity of the Spot Fleet request is decreased below the current size of // the Spot Fleet. @@ -99074,6 +100567,12 @@ func (s *ModifySpotFleetRequestInput) Validate() error { return nil } +// SetContext sets the Context field's value. +func (s *ModifySpotFleetRequestInput) SetContext(v string) *ModifySpotFleetRequestInput { + s.Context = &v + return s +} + // SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value. func (s *ModifySpotFleetRequestInput) SetExcessCapacityTerminationPolicy(v string) *ModifySpotFleetRequestInput { s.ExcessCapacityTerminationPolicy = &v @@ -101954,6 +103453,9 @@ func (s *MovingAddressStatus) SetPublicIp(v string) *MovingAddressStatus { type NatGateway struct { _ struct{} `type:"structure"` + // Indicates whether the NAT gateway supports public or private connectivity. + ConnectivityType *string `locationName:"connectivityType" type:"string" enum:"ConnectivityType"` + // The date and time the NAT gateway was created. CreateTime *time.Time `locationName:"createTime" type:"timestamp"` @@ -102038,6 +103540,12 @@ func (s NatGateway) GoString() string { return s.String() } +// SetConnectivityType sets the ConnectivityType field's value. +func (s *NatGateway) SetConnectivityType(v string) *NatGateway { + s.ConnectivityType = &v + return s +} + // SetCreateTime sets the CreateTime field's value. func (s *NatGateway) SetCreateTime(v time.Time) *NatGateway { s.CreateTime = &v @@ -102108,17 +103616,18 @@ func (s *NatGateway) SetVpcId(v string) *NatGateway { type NatGatewayAddress struct { _ struct{} `type:"structure"` - // The allocation ID of the Elastic IP address that's associated with the NAT - // gateway. + // [Public NAT gateway only] The allocation ID of the Elastic IP address that's + // associated with the NAT gateway. AllocationId *string `locationName:"allocationId" type:"string"` // The ID of the network interface associated with the NAT gateway. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` - // The private IP address associated with the Elastic IP address. + // The private IP address associated with the NAT gateway. PrivateIp *string `locationName:"privateIp" type:"string"` - // The Elastic IP address associated with the NAT gateway. + // [Public NAT gateway only] The Elastic IP address associated with the NAT + // gateway. PublicIp *string `locationName:"publicIp" type:"string"` } @@ -102795,7 +104304,7 @@ type NetworkInterface struct { // The Amazon Resource Name (ARN) of the Outpost. OutpostArn *string `locationName:"outpostArn" type:"string"` - // The AWS account ID of the owner of the network interface. + // The account ID of the owner of the network interface. OwnerId *string `locationName:"ownerId" type:"string"` // The private DNS name. @@ -102807,11 +104316,11 @@ type NetworkInterface struct { // The private IPv4 addresses associated with the network interface. PrivateIpAddresses []*NetworkInterfacePrivateIpAddress `locationName:"privateIpAddressesSet" locationNameList:"item" type:"list"` - // The alias or AWS account ID of the principal or service that created the - // network interface. + // The alias or account ID of the principal or service that created the network + // interface. RequesterId *string `locationName:"requesterId" type:"string"` - // Indicates whether the network interface is being managed by AWS. + // Indicates whether the network interface is being managed by Amazon Web Services. RequesterManaged *bool `locationName:"requesterManaged" type:"boolean"` // Indicates whether source/destination checking is enabled. @@ -103068,7 +104577,7 @@ type NetworkInterfaceAttachment struct { // The ID of the instance. InstanceId *string `locationName:"instanceId" type:"string"` - // The AWS account ID of the owner of the instance. + // The account ID of the owner of the instance. InstanceOwnerId *string `locationName:"instanceOwnerId" type:"string"` // The index of the network card. @@ -103197,10 +104706,10 @@ func (s *NetworkInterfaceIpv6Address) SetIpv6Address(v string) *NetworkInterface type NetworkInterfacePermission struct { _ struct{} `type:"structure"` - // The AWS account ID. + // The account ID. AwsAccountId *string `locationName:"awsAccountId" type:"string"` - // The AWS service. + // The Amazon Web Service. AwsService *string `locationName:"awsService" type:"string"` // The ID of the network interface. @@ -104445,11 +105954,11 @@ func (s *PortRange) SetTo(v int64) *PortRange { return s } -// Describes prefixes for AWS services. +// Describes prefixes for Amazon Web Services services. type PrefixList struct { _ struct{} `type:"structure"` - // The IP address range of the AWS service. + // The IP address range of the Amazon Web Service. Cidrs []*string `locationName:"cidrSet" locationNameList:"item" type:"list"` // The ID of the prefix. @@ -104993,6 +106502,9 @@ type ProvisionByoipCidrInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // Reserved. + MultiRegion *bool `type:"boolean"` + // The tags to apply to the address pool. PoolTagSpecifications []*TagSpecification `locationName:"PoolTagSpecification" locationNameList:"item" type:"list"` @@ -105055,6 +106567,12 @@ func (s *ProvisionByoipCidrInput) SetDryRun(v bool) *ProvisionByoipCidrInput { return s } +// SetMultiRegion sets the MultiRegion field's value. +func (s *ProvisionByoipCidrInput) SetMultiRegion(v bool) *ProvisionByoipCidrInput { + s.MultiRegion = &v + return s +} + // SetPoolTagSpecifications sets the PoolTagSpecifications field's value. func (s *ProvisionByoipCidrInput) SetPoolTagSpecifications(v []*TagSpecification) *ProvisionByoipCidrInput { s.PoolTagSpecifications = v @@ -105213,7 +106731,7 @@ type PublicIpv4Pool struct { // The name of the location from which the address pool is advertised. A network // border group is a unique set of Availability Zones or Local Zones from where - // AWS advertises public IP addresses. + // Amazon Web Services advertises public IP addresses. NetworkBorderGroup *string `locationName:"networkBorderGroup" type:"string"` // The address ranges. @@ -105723,7 +107241,10 @@ func (s *PurchaseReservedInstancesOfferingInput) SetReservedInstancesOfferingId( type PurchaseReservedInstancesOfferingOutput struct { _ struct{} `type:"structure"` - // The IDs of the purchased Reserved Instances. + // The IDs of the purchased Reserved Instances. If your purchase crosses into + // a discounted pricing tier, the final Reserved Instances IDs might change. + // For more information, see Crossing pricing tiers (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-reserved-instances-application.html#crossing-pricing-tiers) + // in the Amazon Elastic Compute Cloud User Guide. ReservedInstancesId *string `locationName:"reservedInstancesId" type:"string"` } @@ -105938,6 +107459,66 @@ func (s *RecurringCharge) SetFrequency(v string) *RecurringCharge { return s } +// Describes the security group that is referenced in the security group rule. +type ReferencedSecurityGroup struct { + _ struct{} `type:"structure"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The status of a VPC peering connection, if applicable. + PeeringStatus *string `locationName:"peeringStatus" type:"string"` + + // The account ID. + UserId *string `locationName:"userId" type:"string"` + + // The ID of the VPC. + VpcId *string `locationName:"vpcId" type:"string"` + + // The ID of the VPC peering connection. + VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` +} + +// String returns the string representation +func (s ReferencedSecurityGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReferencedSecurityGroup) GoString() string { + return s.String() +} + +// SetGroupId sets the GroupId field's value. +func (s *ReferencedSecurityGroup) SetGroupId(v string) *ReferencedSecurityGroup { + s.GroupId = &v + return s +} + +// SetPeeringStatus sets the PeeringStatus field's value. +func (s *ReferencedSecurityGroup) SetPeeringStatus(v string) *ReferencedSecurityGroup { + s.PeeringStatus = &v + return s +} + +// SetUserId sets the UserId field's value. +func (s *ReferencedSecurityGroup) SetUserId(v string) *ReferencedSecurityGroup { + s.UserId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *ReferencedSecurityGroup) SetVpcId(v string) *ReferencedSecurityGroup { + s.VpcId = &v + return s +} + +// SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. +func (s *ReferencedSecurityGroup) SetVpcPeeringConnectionId(v string) *ReferencedSecurityGroup { + s.VpcPeeringConnectionId = &v + return s +} + // Describes a Region. type Region struct { _ struct{} `type:"structure"` @@ -108415,20 +109996,7 @@ type RequestSpotInstancesInput struct { // Default: Instances are launched in any available Availability Zone. AvailabilityZoneGroup *string `locationName:"availabilityZoneGroup" type:"string"` - // The required duration for the Spot Instances (also known as Spot blocks), - // in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, - // or 360). - // - // The duration period starts as soon as your Spot Instance receives its instance - // ID. At the end of the duration period, Amazon EC2 marks the Spot Instance - // for termination and provides a Spot Instance termination notice, which gives - // the instance a two-minute warning before it terminates. - // - // You can't specify an Availability Zone group or a launch group if you specify - // a duration. - // - // New accounts or accounts with no previous billing history with AWS are not - // eligible for Spot Instances with a defined duration (also known as Spot blocks). + // Deprecated. BlockDurationMinutes *int64 `locationName:"blockDurationMinutes" type:"integer"` // Unique, case-sensitive identifier that you provide to ensure the idempotency @@ -108826,11 +110394,11 @@ type Reservation struct { // The instances. Instances []*Instance `locationName:"instancesSet" locationNameList:"item" type:"list"` - // The ID of the AWS account that owns the reservation. + // The ID of the account that owns the reservation. OwnerId *string `locationName:"ownerId" type:"string"` // The ID of the requester that launched the instances on your behalf (for example, - // AWS Management Console or Auto Scaling). + // Management Console or Auto Scaling). RequesterId *string `locationName:"requesterId" type:"string"` // The ID of the reservation. @@ -109519,8 +111087,8 @@ type ReservedInstancesOffering struct { InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // Indicates whether the offering is available through the Reserved Instance - // Marketplace (resale) or AWS. If it's a Reserved Instance Marketplace offering, - // this is true. + // Marketplace (resale) or Amazon Web Services. If it's a Reserved Instance + // Marketplace offering, this is true. Marketplace *bool `locationName:"marketplace" type:"boolean"` // If convertible it can be exchanged for Reserved Instances of the same or @@ -110801,6 +112369,9 @@ type RevokeSecurityGroupEgressInput struct { // number. IpProtocol *string `locationName:"ipProtocol" type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify a destination security // group. SourceSecurityGroupName *string `locationName:"sourceSecurityGroupName" type:"string"` @@ -110872,6 +112443,12 @@ func (s *RevokeSecurityGroupEgressInput) SetIpProtocol(v string) *RevokeSecurity return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupEgressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupEgressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupEgressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupEgressInput { s.SourceSecurityGroupName = &v @@ -110957,6 +112534,9 @@ type RevokeSecurityGroupIngressInput struct { // Use -1 to specify all. IpProtocol *string `type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // [EC2-Classic, default VPC] The name of the source security group. You can't // specify this parameter in combination with the following parameters: the // CIDR IP address range, the start of the port range, the IP protocol, and @@ -110965,12 +112545,12 @@ type RevokeSecurityGroupIngressInput struct { // use a set of IP permissions instead. SourceSecurityGroupName *string `type:"string"` - // [EC2-Classic] The AWS account ID of the source security group, if the source - // security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // To revoke a specific rule for an IP protocol and port range, use a set of - // IP permissions instead. + // [EC2-Classic] The Amazon Web Services account ID of the source security group, + // if the source security group is in a different account. You can't specify + // this parameter in combination with the following parameters: the CIDR IP + // address range, the IP protocol, the start of the port range, and the end + // of the port range. To revoke a specific rule for an IP protocol and port + // range, use a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` // The end of port range for the TCP and UDP protocols, or an ICMP code number. @@ -111030,6 +112610,12 @@ func (s *RevokeSecurityGroupIngressInput) SetIpProtocol(v string) *RevokeSecurit return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupIngressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupIngressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupIngressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupIngressInput { s.SourceSecurityGroupName = &v @@ -111496,18 +113082,20 @@ type RunInstancesInput struct { // You cannot specify accelerators from different generations in the same request. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` - // Indicates whether the instance is enabled for AWS Nitro Enclaves. For more - // information, see What is AWS Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) - // in the AWS Nitro Enclaves User Guide. + // Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + // For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + // in the Amazon Web Services Nitro Enclaves User Guide. // - // You can't enable AWS Nitro Enclaves and hibernation on the same instance. + // You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + // same instance. EnclaveOptions *EnclaveOptionsRequest `type:"structure"` // Indicates whether an instance is enabled for hibernation. For more information, // see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon EC2 User Guide. // - // You can't enable hibernation and AWS Nitro Enclaves on the same instance. + // You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + // same instance. HibernationOptions *HibernationOptionsRequest `type:"structure"` // The name or Amazon Resource Name (ARN) of an IAM instance profile. @@ -111629,8 +113217,8 @@ type RunInstancesInput struct { // The ID of the RAM disk to select. Some kernels require additional drivers // at launch. Check the kernel requirements for information about whether you - // need to specify a RAM disk. To find kernel requirements, go to the AWS Resource - // Center and search for the kernel ID. + // need to specify a RAM disk. To find kernel requirements, go to the Amazon + // Web Services Resource Center and search for the kernel ID. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) @@ -113604,7 +115192,7 @@ func (s *SearchTransitGatewayRoutesOutput) SetRoutes(v []*TransitGatewayRoute) * return s } -// Describes a security group +// Describes a security group. type SecurityGroup struct { _ struct{} `type:"structure"` @@ -113623,7 +115211,7 @@ type SecurityGroup struct { // [VPC only] The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` - // The AWS account ID of the owner of the security group. + // The Amazon Web Services account ID of the owner of the security group. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the security group. @@ -113766,6 +115354,325 @@ func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGr return s } +// Describes a security group rule. +type SecurityGroupRule struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. + CidrIpv4 *string `locationName:"cidrIpv4" type:"string"` + + // The IPv6 CIDR range. + CidrIpv6 *string `locationName:"cidrIpv6" type:"string"` + + // The security group rule description. + Description *string `locationName:"description" type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The ID of the account that owns the security group. + GroupOwnerId *string `locationName:"groupOwnerId" type:"string"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `locationName:"ipProtocol" type:"string"` + + // Indicates whether the security group rule is an outbound rule. + IsEgress *bool `locationName:"isEgress" type:"boolean"` + + // The ID of the prefix list. + PrefixListId *string `locationName:"prefixListId" type:"string"` + + // Describes the security group that is referenced in the rule. + ReferencedGroupInfo *ReferencedSecurityGroup `locationName:"referencedGroupInfo" type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `locationName:"securityGroupRuleId" type:"string"` + + // The tags applied to the security group rule. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRule) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRule) SetCidrIpv4(v string) *SecurityGroupRule { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRule) SetCidrIpv6(v string) *SecurityGroupRule { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRule) SetDescription(v string) *SecurityGroupRule { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRule) SetFromPort(v int64) *SecurityGroupRule { + s.FromPort = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *SecurityGroupRule) SetGroupId(v string) *SecurityGroupRule { + s.GroupId = &v + return s +} + +// SetGroupOwnerId sets the GroupOwnerId field's value. +func (s *SecurityGroupRule) SetGroupOwnerId(v string) *SecurityGroupRule { + s.GroupOwnerId = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRule) SetIpProtocol(v string) *SecurityGroupRule { + s.IpProtocol = &v + return s +} + +// SetIsEgress sets the IsEgress field's value. +func (s *SecurityGroupRule) SetIsEgress(v bool) *SecurityGroupRule { + s.IsEgress = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRule) SetPrefixListId(v string) *SecurityGroupRule { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupInfo sets the ReferencedGroupInfo field's value. +func (s *SecurityGroupRule) SetReferencedGroupInfo(v *ReferencedSecurityGroup) *SecurityGroupRule { + s.ReferencedGroupInfo = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRule) SetSecurityGroupRuleId(v string) *SecurityGroupRule { + s.SecurityGroupRuleId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecurityGroupRule) SetTags(v []*Tag) *SecurityGroupRule { + s.Tags = v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRule) SetToPort(v int64) *SecurityGroupRule { + s.ToPort = &v + return s +} + +// Describes the description of a security group rule. +// +// You can use this when you want to update the security group rule description +// for either an inbound or outbound rule. +type SecurityGroupRuleDescription struct { + _ struct{} `type:"structure"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleDescription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleDescription) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleDescription) SetDescription(v string) *SecurityGroupRuleDescription { + s.Description = &v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleDescription) SetSecurityGroupRuleId(v string) *SecurityGroupRuleDescription { + s.SecurityGroupRuleId = &v + return s +} + +// Describes a security group rule. +// +// You must specify exactly one of the following parameters, based on the rule +// type: +// +// * CidrIpv4 +// +// * CidrIpv6 +// +// * PrefixListId +// +// * ReferencedGroupId +// +// When you modify a rule, you cannot change the rule type. For example, if +// the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new +// IPv4 address range. +type SecurityGroupRuleRequest struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix + // length. + CidrIpv4 *string `type:"string"` + + // The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix + // length. + CidrIpv6 *string `type:"string"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `type:"integer"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `type:"string"` + + // The ID of the prefix list. + PrefixListId *string `type:"string"` + + // The ID of the security group that is referenced in the security group rule. + ReferencedGroupId *string `type:"string"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRuleRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleRequest) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv4(v string) *SecurityGroupRuleRequest { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv6(v string) *SecurityGroupRuleRequest { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleRequest) SetDescription(v string) *SecurityGroupRuleRequest { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRuleRequest) SetFromPort(v int64) *SecurityGroupRuleRequest { + s.FromPort = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRuleRequest) SetIpProtocol(v string) *SecurityGroupRuleRequest { + s.IpProtocol = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRuleRequest) SetPrefixListId(v string) *SecurityGroupRuleRequest { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupId sets the ReferencedGroupId field's value. +func (s *SecurityGroupRuleRequest) SetReferencedGroupId(v string) *SecurityGroupRuleRequest { + s.ReferencedGroupId = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRuleRequest) SetToPort(v int64) *SecurityGroupRuleRequest { + s.ToPort = &v + return s +} + +// Describes an update to a security group rule. +type SecurityGroupRuleUpdate struct { + _ struct{} `type:"structure"` + + // Information about the security group rule. + SecurityGroupRule *SecurityGroupRuleRequest `type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleUpdate) GoString() string { + return s.String() +} + +// SetSecurityGroupRule sets the SecurityGroupRule field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRule(v *SecurityGroupRuleRequest) *SecurityGroupRuleUpdate { + s.SecurityGroupRule = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRuleId(v string) *SecurityGroupRuleUpdate { + s.SecurityGroupRuleId = &v + return s +} + type SendDiagnosticInterruptInput struct { _ struct{} `type:"structure"` @@ -114819,7 +116726,7 @@ type SpotDatafeedSubscription struct { // The fault codes for the Spot Instance request, if any. Fault *SpotInstanceStateFault `locationName:"fault" type:"structure"` - // The AWS account ID of the account. + // The account ID of the account. OwnerId *string `locationName:"ownerId" type:"string"` // The prefix for the data feed files. @@ -114925,8 +116832,8 @@ type SpotFleetLaunchSpecification struct { // The ID of the RAM disk. Some kernels require additional drivers at launch. // Check the kernel requirements for information about whether you need to specify - // a RAM disk. To find kernel requirements, refer to the AWS Resource Center - // and search for the kernel ID. + // a RAM disk. To find kernel requirements, refer to the Amazon Web Services + // Resource Center and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` // One or more security groups. When requesting instances in a VPC, you must @@ -115209,6 +117116,9 @@ type SpotFleetRequestConfigData struct { // see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` + // Reserved. + Context *string `locationName:"context" type:"string"` + // Indicates whether running Spot Instances should be terminated if you decrease // the target capacity of the Spot Fleet request below the current size of the // Spot Fleet. @@ -115218,7 +117128,7 @@ type SpotFleetRequestConfigData struct { // capacity. You cannot set this value. FulfilledCapacity *float64 `locationName:"fulfilledCapacity" type:"double"` - // The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) + // The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) // role that grants the Spot Fleet the permission to request, launch, terminate, // and tag instances on your behalf. For more information, see Spot Fleet prerequisites // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites) @@ -115237,6 +117147,15 @@ type SpotFleetRequestConfigData struct { // Valid only when Spot AllocationStrategy is set to lowest-price. Spot Fleet // selects the cheapest Spot pools and evenly allocates your target Spot capacity // across the number of Spot pools that you specify. + // + // Note that Spot Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, Spot Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` // The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, @@ -115405,6 +117324,12 @@ func (s *SpotFleetRequestConfigData) SetClientToken(v string) *SpotFleetRequestC return s } +// SetContext sets the Context field's value. +func (s *SpotFleetRequestConfigData) SetContext(v string) *SpotFleetRequestConfigData { + s.Context = &v + return s +} + // SetExcessCapacityTerminationPolicy sets the ExcessCapacityTerminationPolicy field's value. func (s *SpotFleetRequestConfigData) SetExcessCapacityTerminationPolicy(v string) *SpotFleetRequestConfigData { s.ExcessCapacityTerminationPolicy = &v @@ -115576,8 +117501,7 @@ func (s *SpotFleetTagSpecification) SetTags(v []*Tag) *SpotFleetTagSpecification type SpotInstanceRequest struct { _ struct{} `type:"structure"` - // If you specified a duration and your Spot Instance request was fulfilled, - // this is the fixed hourly price in effect for the Spot Instance while it runs. + // Deprecated. ActualBlockHourlyPrice *string `locationName:"actualBlockHourlyPrice" type:"string"` // The Availability Zone group. If you specify the same Availability Zone group @@ -115585,7 +117509,7 @@ type SpotInstanceRequest struct { // Availability Zone. AvailabilityZoneGroup *string `locationName:"availabilityZoneGroup" type:"string"` - // The duration for the Spot Instance, in minutes. + // Deprecated. BlockDurationMinutes *int64 `locationName:"blockDurationMinutes" type:"integer"` // The date and time when the Spot Instance request was created, in UTC format @@ -115895,8 +117819,9 @@ type SpotMarketOptions struct { // You can't specify an Availability Zone group or a launch group if you specify // a duration. // - // New accounts or accounts with no previous billing history with AWS are not - // eligible for Spot Instances with a defined duration (also known as Spot blocks). + // New accounts or accounts with no previous billing history with Amazon Web + // Services are not eligible for Spot Instances with a defined duration (also + // known as Spot blocks). BlockDurationMinutes *int64 `type:"integer"` // The behavior when a Spot Instance is interrupted. The default is terminate. @@ -115996,6 +117921,15 @@ type SpotOptions struct { // Valid only when AllocationStrategy is set to lowest-price. EC2 Fleet selects // the cheapest Spot pools and evenly allocates your target Spot capacity across // the number of Spot pools that you specify. + // + // Note that EC2 Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, EC2 Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` // The strategies for managing your workloads on your Spot Instances that will @@ -116109,6 +118043,15 @@ type SpotOptionsRequest struct { // Valid only when Spot AllocationStrategy is set to lowest-price. EC2 Fleet // selects the cheapest Spot pools and evenly allocates your target Spot capacity // across the number of Spot pools that you specify. + // + // Note that EC2 Fleet attempts to draw Spot Instances from the number of pools + // that you specify on a best effort basis. If a pool runs out of Spot capacity + // before fulfilling your target capacity, EC2 Fleet will continue to fulfill + // your request by drawing from the next cheapest pool. To ensure that your + // target capacity is met, you might receive Spot Instances from more than the + // number of pools that you specified. Similarly, if most of the pools have + // no Spot capacity, you might receive your full target capacity from fewer + // than the number of pools that you specified. InstancePoolsToUseCount *int64 `type:"integer"` // The strategies for managing your Spot Instances that are at an elevated risk @@ -120599,6 +122542,85 @@ func (s *TransitGatewayVpcAttachmentOptions) SetIpv6Support(v string) *TransitGa return s } +// Information about an association between a branch network interface with +// a trunk network interface. +type TrunkInterfaceAssociation struct { + _ struct{} `type:"structure"` + + // The ID of the association. + AssociationId *string `locationName:"associationId" type:"string"` + + // The ID of the branch network interface. + BranchInterfaceId *string `locationName:"branchInterfaceId" type:"string"` + + // The application key when you use the GRE protocol. + GreKey *int64 `locationName:"greKey" type:"integer"` + + // The interface protocol. Valid values are VLAN and GRE. + InterfaceProtocol *string `locationName:"interfaceProtocol" type:"string" enum:"InterfaceProtocolType"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the trunk network interface. + TrunkInterfaceId *string `locationName:"trunkInterfaceId" type:"string"` + + // The ID of the VLAN when you use the VLAN protocol. + VlanId *int64 `locationName:"vlanId" type:"integer"` +} + +// String returns the string representation +func (s TrunkInterfaceAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrunkInterfaceAssociation) GoString() string { + return s.String() +} + +// SetAssociationId sets the AssociationId field's value. +func (s *TrunkInterfaceAssociation) SetAssociationId(v string) *TrunkInterfaceAssociation { + s.AssociationId = &v + return s +} + +// SetBranchInterfaceId sets the BranchInterfaceId field's value. +func (s *TrunkInterfaceAssociation) SetBranchInterfaceId(v string) *TrunkInterfaceAssociation { + s.BranchInterfaceId = &v + return s +} + +// SetGreKey sets the GreKey field's value. +func (s *TrunkInterfaceAssociation) SetGreKey(v int64) *TrunkInterfaceAssociation { + s.GreKey = &v + return s +} + +// SetInterfaceProtocol sets the InterfaceProtocol field's value. +func (s *TrunkInterfaceAssociation) SetInterfaceProtocol(v string) *TrunkInterfaceAssociation { + s.InterfaceProtocol = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TrunkInterfaceAssociation) SetTags(v []*Tag) *TrunkInterfaceAssociation { + s.Tags = v + return s +} + +// SetTrunkInterfaceId sets the TrunkInterfaceId field's value. +func (s *TrunkInterfaceAssociation) SetTrunkInterfaceId(v string) *TrunkInterfaceAssociation { + s.TrunkInterfaceId = &v + return s +} + +// SetVlanId sets the VlanId field's value. +func (s *TrunkInterfaceAssociation) SetVlanId(v int64) *TrunkInterfaceAssociation { + s.VlanId = &v + return s +} + // The VPN tunnel options. type TunnelOption struct { _ struct{} `type:"structure"` @@ -121169,10 +123191,13 @@ type UpdateSecurityGroupRuleDescriptionsEgressInput struct { // security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either the + // IP permissions or the description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // The description for the egress security group rules. You must specify either + // the description or the IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -121185,19 +123210,6 @@ func (s UpdateSecurityGroupRuleDescriptionsEgressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsEgressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsEgressInput { s.DryRun = &v @@ -121222,6 +123234,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetIpPermissions(v []*I return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsEgressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsEgressOutput struct { _ struct{} `type:"structure"` @@ -121263,10 +123281,13 @@ type UpdateSecurityGroupRuleDescriptionsIngressInput struct { // either the security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either IP + // permissions or a description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // [VPC only] The description for the ingress security group rules. You must + // specify either a description or IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -121279,19 +123300,6 @@ func (s UpdateSecurityGroupRuleDescriptionsIngressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsIngressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsIngressInput { s.DryRun = &v @@ -121316,6 +123324,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetIpPermissions(v []* return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsIngressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsIngressOutput struct { _ struct{} `type:"structure"` @@ -121431,7 +123445,7 @@ func (s *UserData) SetData(v string) *UserData { return s } -// Describes a security group and AWS account ID pair. +// Describes a security group and Amazon Web Services account ID pair. type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -121456,14 +123470,14 @@ type UserIdGroupPair struct { // The status of a VPC peering connection, if applicable. PeeringStatus *string `locationName:"peeringStatus" type:"string"` - // The ID of an AWS account. + // The ID of an Amazon Web Services account. // // For a referenced security group in another VPC, the account ID of the referenced // security group is returned in the response. If the referenced security group // is deleted, this value is not returned. // // [EC2-Classic] Required when adding or removing rules that reference a security - // group in another AWS account. + // group in another Amazon Web Services account. UserId *string `locationName:"userId" type:"string"` // The ID of the VPC for the referenced security group, if applicable. @@ -124923,6 +126937,22 @@ func ConnectionNotificationType_Values() []string { } } +const ( + // ConnectivityTypePrivate is a ConnectivityType enum value + ConnectivityTypePrivate = "private" + + // ConnectivityTypePublic is a ConnectivityType enum value + ConnectivityTypePublic = "public" +) + +// ConnectivityType_Values returns all elements of the ConnectivityType enum +func ConnectivityType_Values() []string { + return []string{ + ConnectivityTypePrivate, + ConnectivityTypePublic, + } +} + const ( // ContainerFormatOva is a ContainerFormat enum value ContainerFormatOva = "ova" @@ -127097,6 +129127,18 @@ const ( // InstanceTypeZ1dMetal is a InstanceType enum value InstanceTypeZ1dMetal = "z1d.metal" + // InstanceTypeU6tb156xlarge is a InstanceType enum value + InstanceTypeU6tb156xlarge = "u-6tb1.56xlarge" + + // InstanceTypeU6tb1112xlarge is a InstanceType enum value + InstanceTypeU6tb1112xlarge = "u-6tb1.112xlarge" + + // InstanceTypeU9tb1112xlarge is a InstanceType enum value + InstanceTypeU9tb1112xlarge = "u-9tb1.112xlarge" + + // InstanceTypeU12tb1112xlarge is a InstanceType enum value + InstanceTypeU12tb1112xlarge = "u-12tb1.112xlarge" + // InstanceTypeU6tb1Metal is a InstanceType enum value InstanceTypeU6tb1Metal = "u-6tb1.metal" @@ -127154,6 +129196,9 @@ const ( // InstanceTypeM5dn24xlarge is a InstanceType enum value InstanceTypeM5dn24xlarge = "m5dn.24xlarge" + // InstanceTypeM5dnMetal is a InstanceType enum value + InstanceTypeM5dnMetal = "m5dn.metal" + // InstanceTypeM5nLarge is a InstanceType enum value InstanceTypeM5nLarge = "m5n.large" @@ -127178,6 +129223,9 @@ const ( // InstanceTypeM5n24xlarge is a InstanceType enum value InstanceTypeM5n24xlarge = "m5n.24xlarge" + // InstanceTypeM5nMetal is a InstanceType enum value + InstanceTypeM5nMetal = "m5n.metal" + // InstanceTypeR5dnLarge is a InstanceType enum value InstanceTypeR5dnLarge = "r5dn.large" @@ -127202,6 +129250,9 @@ const ( // InstanceTypeR5dn24xlarge is a InstanceType enum value InstanceTypeR5dn24xlarge = "r5dn.24xlarge" + // InstanceTypeR5dnMetal is a InstanceType enum value + InstanceTypeR5dnMetal = "r5dn.metal" + // InstanceTypeR5nLarge is a InstanceType enum value InstanceTypeR5nLarge = "r5n.large" @@ -127226,6 +129277,9 @@ const ( // InstanceTypeR5n24xlarge is a InstanceType enum value InstanceTypeR5n24xlarge = "r5n.24xlarge" + // InstanceTypeR5nMetal is a InstanceType enum value + InstanceTypeR5nMetal = "r5n.metal" + // InstanceTypeInf1Xlarge is a InstanceType enum value InstanceTypeInf1Xlarge = "inf1.xlarge" @@ -127649,6 +129703,10 @@ func InstanceType_Values() []string { InstanceTypeZ1d6xlarge, InstanceTypeZ1d12xlarge, InstanceTypeZ1dMetal, + InstanceTypeU6tb156xlarge, + InstanceTypeU6tb1112xlarge, + InstanceTypeU9tb1112xlarge, + InstanceTypeU12tb1112xlarge, InstanceTypeU6tb1Metal, InstanceTypeU9tb1Metal, InstanceTypeU12tb1Metal, @@ -127668,6 +129726,7 @@ func InstanceType_Values() []string { InstanceTypeM5dn12xlarge, InstanceTypeM5dn16xlarge, InstanceTypeM5dn24xlarge, + InstanceTypeM5dnMetal, InstanceTypeM5nLarge, InstanceTypeM5nXlarge, InstanceTypeM5n2xlarge, @@ -127676,6 +129735,7 @@ func InstanceType_Values() []string { InstanceTypeM5n12xlarge, InstanceTypeM5n16xlarge, InstanceTypeM5n24xlarge, + InstanceTypeM5nMetal, InstanceTypeR5dnLarge, InstanceTypeR5dnXlarge, InstanceTypeR5dn2xlarge, @@ -127684,6 +129744,7 @@ func InstanceType_Values() []string { InstanceTypeR5dn12xlarge, InstanceTypeR5dn16xlarge, InstanceTypeR5dn24xlarge, + InstanceTypeR5dnMetal, InstanceTypeR5nLarge, InstanceTypeR5nXlarge, InstanceTypeR5n2xlarge, @@ -127692,6 +129753,7 @@ func InstanceType_Values() []string { InstanceTypeR5n12xlarge, InstanceTypeR5n16xlarge, InstanceTypeR5n24xlarge, + InstanceTypeR5nMetal, InstanceTypeInf1Xlarge, InstanceTypeInf12xlarge, InstanceTypeInf16xlarge, @@ -127759,6 +129821,22 @@ func InterfacePermissionType_Values() []string { } } +const ( + // InterfaceProtocolTypeVlan is a InterfaceProtocolType enum value + InterfaceProtocolTypeVlan = "VLAN" + + // InterfaceProtocolTypeGre is a InterfaceProtocolType enum value + InterfaceProtocolTypeGre = "GRE" +) + +// InterfaceProtocolType_Values returns all elements of the InterfaceProtocolType enum +func InterfaceProtocolType_Values() []string { + return []string{ + InterfaceProtocolTypeVlan, + InterfaceProtocolTypeGre, + } +} + const ( // Ipv6SupportValueEnable is a Ipv6SupportValue enum value Ipv6SupportValueEnable = "enable" @@ -128138,12 +130216,20 @@ func NetworkInterfaceAttribute_Values() []string { const ( // NetworkInterfaceCreationTypeEfa is a NetworkInterfaceCreationType enum value NetworkInterfaceCreationTypeEfa = "efa" + + // NetworkInterfaceCreationTypeBranch is a NetworkInterfaceCreationType enum value + NetworkInterfaceCreationTypeBranch = "branch" + + // NetworkInterfaceCreationTypeTrunk is a NetworkInterfaceCreationType enum value + NetworkInterfaceCreationTypeTrunk = "trunk" ) // NetworkInterfaceCreationType_Values returns all elements of the NetworkInterfaceCreationType enum func NetworkInterfaceCreationType_Values() []string { return []string{ NetworkInterfaceCreationTypeEfa, + NetworkInterfaceCreationTypeBranch, + NetworkInterfaceCreationTypeTrunk, } } @@ -128208,6 +130294,9 @@ const ( // NetworkInterfaceTypeEfa is a NetworkInterfaceType enum value NetworkInterfaceTypeEfa = "efa" + + // NetworkInterfaceTypeTrunk is a NetworkInterfaceType enum value + NetworkInterfaceTypeTrunk = "trunk" ) // NetworkInterfaceType_Values returns all elements of the NetworkInterfaceType enum @@ -128216,6 +130305,7 @@ func NetworkInterfaceType_Values() []string { NetworkInterfaceTypeInterface, NetworkInterfaceTypeNatGateway, NetworkInterfaceTypeEfa, + NetworkInterfaceTypeTrunk, } } @@ -128871,6 +130961,9 @@ const ( // ResourceTypeSecurityGroup is a ResourceType enum value ResourceTypeSecurityGroup = "security-group" + // ResourceTypeSecurityGroupRule is a ResourceType enum value + ResourceTypeSecurityGroupRule = "security-group-rule" + // ResourceTypeSnapshot is a ResourceType enum value ResourceTypeSnapshot = "snapshot" @@ -128958,6 +131051,7 @@ func ResourceType_Values() []string { ResourceTypeReservedInstances, ResourceTypeRouteTable, ResourceTypeSecurityGroup, + ResourceTypeSecurityGroupRule, ResourceTypeSnapshot, ResourceTypeSpotFleetRequest, ResourceTypeSpotInstancesRequest, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index 6580b52919..a242fbe3f0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -144,6 +144,10 @@ type EC2API interface { AssociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.AssociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.AssociateTransitGatewayRouteTableOutput, error) AssociateTransitGatewayRouteTableRequest(*ec2.AssociateTransitGatewayRouteTableInput) (*request.Request, *ec2.AssociateTransitGatewayRouteTableOutput) + AssociateTrunkInterface(*ec2.AssociateTrunkInterfaceInput) (*ec2.AssociateTrunkInterfaceOutput, error) + AssociateTrunkInterfaceWithContext(aws.Context, *ec2.AssociateTrunkInterfaceInput, ...request.Option) (*ec2.AssociateTrunkInterfaceOutput, error) + AssociateTrunkInterfaceRequest(*ec2.AssociateTrunkInterfaceInput) (*request.Request, *ec2.AssociateTrunkInterfaceOutput) + AssociateVpcCidrBlock(*ec2.AssociateVpcCidrBlockInput) (*ec2.AssociateVpcCidrBlockOutput, error) AssociateVpcCidrBlockWithContext(aws.Context, *ec2.AssociateVpcCidrBlockInput, ...request.Option) (*ec2.AssociateVpcCidrBlockOutput, error) AssociateVpcCidrBlockRequest(*ec2.AssociateVpcCidrBlockInput) (*request.Request, *ec2.AssociateVpcCidrBlockOutput) @@ -1208,6 +1212,13 @@ type EC2API interface { DescribeSecurityGroupReferencesWithContext(aws.Context, *ec2.DescribeSecurityGroupReferencesInput, ...request.Option) (*ec2.DescribeSecurityGroupReferencesOutput, error) DescribeSecurityGroupReferencesRequest(*ec2.DescribeSecurityGroupReferencesInput) (*request.Request, *ec2.DescribeSecurityGroupReferencesOutput) + DescribeSecurityGroupRules(*ec2.DescribeSecurityGroupRulesInput) (*ec2.DescribeSecurityGroupRulesOutput, error) + DescribeSecurityGroupRulesWithContext(aws.Context, *ec2.DescribeSecurityGroupRulesInput, ...request.Option) (*ec2.DescribeSecurityGroupRulesOutput, error) + DescribeSecurityGroupRulesRequest(*ec2.DescribeSecurityGroupRulesInput) (*request.Request, *ec2.DescribeSecurityGroupRulesOutput) + + DescribeSecurityGroupRulesPages(*ec2.DescribeSecurityGroupRulesInput, func(*ec2.DescribeSecurityGroupRulesOutput, bool) bool) error + DescribeSecurityGroupRulesPagesWithContext(aws.Context, *ec2.DescribeSecurityGroupRulesInput, func(*ec2.DescribeSecurityGroupRulesOutput, bool) bool, ...request.Option) error + DescribeSecurityGroups(*ec2.DescribeSecurityGroupsInput) (*ec2.DescribeSecurityGroupsOutput, error) DescribeSecurityGroupsWithContext(aws.Context, *ec2.DescribeSecurityGroupsInput, ...request.Option) (*ec2.DescribeSecurityGroupsOutput, error) DescribeSecurityGroupsRequest(*ec2.DescribeSecurityGroupsInput) (*request.Request, *ec2.DescribeSecurityGroupsOutput) @@ -1364,6 +1375,10 @@ type EC2API interface { DescribeTransitGatewaysPages(*ec2.DescribeTransitGatewaysInput, func(*ec2.DescribeTransitGatewaysOutput, bool) bool) error DescribeTransitGatewaysPagesWithContext(aws.Context, *ec2.DescribeTransitGatewaysInput, func(*ec2.DescribeTransitGatewaysOutput, bool) bool, ...request.Option) error + DescribeTrunkInterfaceAssociations(*ec2.DescribeTrunkInterfaceAssociationsInput) (*ec2.DescribeTrunkInterfaceAssociationsOutput, error) + DescribeTrunkInterfaceAssociationsWithContext(aws.Context, *ec2.DescribeTrunkInterfaceAssociationsInput, ...request.Option) (*ec2.DescribeTrunkInterfaceAssociationsOutput, error) + DescribeTrunkInterfaceAssociationsRequest(*ec2.DescribeTrunkInterfaceAssociationsInput) (*request.Request, *ec2.DescribeTrunkInterfaceAssociationsOutput) + DescribeVolumeAttribute(*ec2.DescribeVolumeAttributeInput) (*ec2.DescribeVolumeAttributeOutput, error) DescribeVolumeAttributeWithContext(aws.Context, *ec2.DescribeVolumeAttributeInput, ...request.Option) (*ec2.DescribeVolumeAttributeOutput, error) DescribeVolumeAttributeRequest(*ec2.DescribeVolumeAttributeInput) (*request.Request, *ec2.DescribeVolumeAttributeOutput) @@ -1493,6 +1508,10 @@ type EC2API interface { DisableFastSnapshotRestoresWithContext(aws.Context, *ec2.DisableFastSnapshotRestoresInput, ...request.Option) (*ec2.DisableFastSnapshotRestoresOutput, error) DisableFastSnapshotRestoresRequest(*ec2.DisableFastSnapshotRestoresInput) (*request.Request, *ec2.DisableFastSnapshotRestoresOutput) + DisableImageDeprecation(*ec2.DisableImageDeprecationInput) (*ec2.DisableImageDeprecationOutput, error) + DisableImageDeprecationWithContext(aws.Context, *ec2.DisableImageDeprecationInput, ...request.Option) (*ec2.DisableImageDeprecationOutput, error) + DisableImageDeprecationRequest(*ec2.DisableImageDeprecationInput) (*request.Request, *ec2.DisableImageDeprecationOutput) + DisableSerialConsoleAccess(*ec2.DisableSerialConsoleAccessInput) (*ec2.DisableSerialConsoleAccessOutput, error) DisableSerialConsoleAccessWithContext(aws.Context, *ec2.DisableSerialConsoleAccessInput, ...request.Option) (*ec2.DisableSerialConsoleAccessOutput, error) DisableSerialConsoleAccessRequest(*ec2.DisableSerialConsoleAccessInput) (*request.Request, *ec2.DisableSerialConsoleAccessOutput) @@ -1545,6 +1564,10 @@ type EC2API interface { DisassociateTransitGatewayRouteTableWithContext(aws.Context, *ec2.DisassociateTransitGatewayRouteTableInput, ...request.Option) (*ec2.DisassociateTransitGatewayRouteTableOutput, error) DisassociateTransitGatewayRouteTableRequest(*ec2.DisassociateTransitGatewayRouteTableInput) (*request.Request, *ec2.DisassociateTransitGatewayRouteTableOutput) + DisassociateTrunkInterface(*ec2.DisassociateTrunkInterfaceInput) (*ec2.DisassociateTrunkInterfaceOutput, error) + DisassociateTrunkInterfaceWithContext(aws.Context, *ec2.DisassociateTrunkInterfaceInput, ...request.Option) (*ec2.DisassociateTrunkInterfaceOutput, error) + DisassociateTrunkInterfaceRequest(*ec2.DisassociateTrunkInterfaceInput) (*request.Request, *ec2.DisassociateTrunkInterfaceOutput) + DisassociateVpcCidrBlock(*ec2.DisassociateVpcCidrBlockInput) (*ec2.DisassociateVpcCidrBlockOutput, error) DisassociateVpcCidrBlockWithContext(aws.Context, *ec2.DisassociateVpcCidrBlockInput, ...request.Option) (*ec2.DisassociateVpcCidrBlockOutput, error) DisassociateVpcCidrBlockRequest(*ec2.DisassociateVpcCidrBlockInput) (*request.Request, *ec2.DisassociateVpcCidrBlockOutput) @@ -1557,6 +1580,10 @@ type EC2API interface { EnableFastSnapshotRestoresWithContext(aws.Context, *ec2.EnableFastSnapshotRestoresInput, ...request.Option) (*ec2.EnableFastSnapshotRestoresOutput, error) EnableFastSnapshotRestoresRequest(*ec2.EnableFastSnapshotRestoresInput) (*request.Request, *ec2.EnableFastSnapshotRestoresOutput) + EnableImageDeprecation(*ec2.EnableImageDeprecationInput) (*ec2.EnableImageDeprecationOutput, error) + EnableImageDeprecationWithContext(aws.Context, *ec2.EnableImageDeprecationInput, ...request.Option) (*ec2.EnableImageDeprecationOutput, error) + EnableImageDeprecationRequest(*ec2.EnableImageDeprecationInput) (*request.Request, *ec2.EnableImageDeprecationOutput) + EnableSerialConsoleAccess(*ec2.EnableSerialConsoleAccessInput) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessWithContext(aws.Context, *ec2.EnableSerialConsoleAccessInput, ...request.Option) (*ec2.EnableSerialConsoleAccessOutput, error) EnableSerialConsoleAccessRequest(*ec2.EnableSerialConsoleAccessInput) (*request.Request, *ec2.EnableSerialConsoleAccessOutput) @@ -1828,6 +1855,10 @@ type EC2API interface { ModifyReservedInstancesWithContext(aws.Context, *ec2.ModifyReservedInstancesInput, ...request.Option) (*ec2.ModifyReservedInstancesOutput, error) ModifyReservedInstancesRequest(*ec2.ModifyReservedInstancesInput) (*request.Request, *ec2.ModifyReservedInstancesOutput) + ModifySecurityGroupRules(*ec2.ModifySecurityGroupRulesInput) (*ec2.ModifySecurityGroupRulesOutput, error) + ModifySecurityGroupRulesWithContext(aws.Context, *ec2.ModifySecurityGroupRulesInput, ...request.Option) (*ec2.ModifySecurityGroupRulesOutput, error) + ModifySecurityGroupRulesRequest(*ec2.ModifySecurityGroupRulesInput) (*request.Request, *ec2.ModifySecurityGroupRulesOutput) + ModifySnapshotAttribute(*ec2.ModifySnapshotAttributeInput) (*ec2.ModifySnapshotAttributeOutput, error) ModifySnapshotAttributeWithContext(aws.Context, *ec2.ModifySnapshotAttributeInput, ...request.Option) (*ec2.ModifySnapshotAttributeOutput, error) ModifySnapshotAttributeRequest(*ec2.ModifySnapshotAttributeInput) (*request.Request, *ec2.ModifySnapshotAttributeOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go index 3df9030e94..7fc722fb07 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go @@ -417,7 +417,8 @@ func (c *ELBV2) CreateLoadBalancerRequest(input *CreateLoadBalancerInput) (req * // A load balancer with the specified name already exists. // // * ErrCodeTooManyLoadBalancersException "TooManyLoadBalancers" -// You've reached the limit on the number of load balancers for your AWS account. +// You've reached the limit on the number of load balancers for your Amazon +// Web Services account. // // * ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" // The requested configuration is not valid. @@ -540,7 +541,8 @@ func (c *ELBV2) CreateRuleRequest(input *CreateRuleInput) (req *request.Request, // The specified priority is in use. // // * ErrCodeTooManyTargetGroupsException "TooManyTargetGroups" -// You've reached the limit on the number of target groups for your AWS account. +// You've reached the limit on the number of target groups for your Amazon Web +// Services account. // // * ErrCodeTooManyRulesException "TooManyRules" // You've reached the limit on the number of rules per load balancer. @@ -676,7 +678,8 @@ func (c *ELBV2) CreateTargetGroupRequest(input *CreateTargetGroupInput) (req *re // A target group with the specified name already exists. // // * ErrCodeTooManyTargetGroupsException "TooManyTargetGroups" -// You've reached the limit on the number of target groups for your AWS account. +// You've reached the limit on the number of target groups for your Amazon Web +// Services account. // // * ErrCodeInvalidConfigurationRequestException "InvalidConfigurationRequest" // The requested configuration is not valid. @@ -1184,8 +1187,8 @@ func (c *ELBV2) DescribeAccountLimitsRequest(input *DescribeAccountLimitsInput) // DescribeAccountLimits API operation for Elastic Load Balancing. // -// Describes the current Elastic Load Balancing resource limits for your AWS -// account. +// Describes the current Elastic Load Balancing resource limits for your Amazon +// Web Services account. // // For more information, see the following: // @@ -4683,7 +4686,7 @@ type CreateTargetGroupInput struct { // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. // // [GRPC protocol version] The path of a custom health check method with the - // format /package.service/method. The default is /AWS.ALB/healthcheck. + // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. HealthCheckPath *string `min:"1" type:"string"` // The port the load balancer uses when performing health checks on targets. @@ -6365,7 +6368,8 @@ func (s *HttpRequestMethodConditionConfig) SetValues(v []*string) *HttpRequestMe return s } -// Information about an Elastic Load Balancing resource limit for your AWS account. +// Information about an Elastic Load Balancing resource limit for your Amazon +// Web Services account. type Limit struct { _ struct{} `type:"structure"` @@ -6763,7 +6767,8 @@ type LoadBalancerAttribute struct { // // * waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load // balancer to route requests to targets if it is unable to forward the request - // to AWS WAF. The value is true or false. The default is false. + // to Amazon Web Services WAF. The value is true or false. The default is + // false. // // The following attribute is supported by Network Load Balancers and Gateway // Load Balancers: @@ -7286,16 +7291,19 @@ type ModifyTargetGroupInput struct { // [HTTP1 or HTTP2 protocol version] The ping path. The default is /. // // [GRPC protocol version] The path of a custom health check method with the - // format /package.service/method. The default is /AWS.ALB/healthcheck. + // format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck. HealthCheckPath *string `min:"1" type:"string"` // The port the load balancer uses when performing health checks on targets. HealthCheckPort *string `type:"string"` // The protocol the load balancer uses when performing health checks on targets. - // The TCP protocol is supported for health checks only if the protocol of the - // target group is TCP, TLS, UDP, or TCP_UDP. The GENEVE, TLS, UDP, and TCP_UDP - // protocols are not supported for health checks. + // For Application Load Balancers, the default is HTTP. For Network Load Balancers + // and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported + // for health checks if the protocol of the target group is HTTP or HTTPS. It + // is supported for health checks only if the protocol of the target group is + // TCP, TLS, UDP, or TCP_UDP. The GENEVE, TLS, UDP, and TCP_UDP protocols are + // not supported for health checks. // // With Network Load Balancers, you can't modify this setting. HealthCheckProtocol *string `type:"string" enum:"ProtocolEnum"` @@ -8982,8 +8990,9 @@ type TargetGroupAttribute struct { // default is 0 seconds (disabled). // // * stickiness.app_cookie.cookie_name - Indicates the name of the application-based - // cookie. Names that start with the following names are not allowed: AWSALB, - // AWSALBAPP, and AWSALBTG. They're reserved for use by the load balancer. + // cookie. Names that start with the following prefixes are not allowed: + // AWSALB, AWSALBAPP, and AWSALBTG; they're reserved for use by the load + // balancer. // // * stickiness.app_cookie.duration_seconds - The time period, in seconds, // during which requests from a client should be routed to the same target. diff --git a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go index 3a9ab86f1b..7ac5a2ff96 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elbv2/errors.go @@ -183,7 +183,8 @@ const ( // ErrCodeTooManyLoadBalancersException for service response error code // "TooManyLoadBalancers". // - // You've reached the limit on the number of load balancers for your AWS account. + // You've reached the limit on the number of load balancers for your Amazon + // Web Services account. ErrCodeTooManyLoadBalancersException = "TooManyLoadBalancers" // ErrCodeTooManyRegistrationsForTargetIdException for service response error code @@ -208,7 +209,8 @@ const ( // ErrCodeTooManyTargetGroupsException for service response error code // "TooManyTargetGroups". // - // You've reached the limit on the number of target groups for your AWS account. + // You've reached the limit on the number of target groups for your Amazon Web + // Services account. ErrCodeTooManyTargetGroupsException = "TooManyTargetGroups" // ErrCodeTooManyTargetsException for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go index e83771867b..009e69f36c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/eventbridge/api.go @@ -1358,6 +1358,10 @@ func (c *EventBridge) DeleteRuleRequest(input *DeleteRuleInput) (req *request.Re // When you delete a rule, incoming events might continue to match to the deleted // rule. Allow a short period of time for changes to take effect. // +// If you call delete rule multiple times for the same rule, all calls will +// succeed. When you call delete rule for a non-existent custom eventbus, ResourceNotFoundException +// is returned. +// // Managed rules are rules created and managed by another AWS service on your // behalf. These rules are created by those other AWS services to support functionality // in those services. You can delete these rules using the Force option, but @@ -3763,43 +3767,55 @@ func (c *EventBridge) PutTargetsRequest(input *PutTargetsInput) (req *request.Re // // You can configure the following as targets for Events: // -// * EC2 instances +// * API destination (https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html) // -// * SSM Run Command +// * Amazon API Gateway REST API endpoints // -// * SSM Automation +// * API Gateway // -// * AWS Lambda functions +// * AWS Batch job queue // -// * Data streams in Amazon Kinesis Data Streams +// * CloudWatch Logs group // -// * Data delivery streams in Amazon Kinesis Data Firehose +// * CodeBuild project +// +// * CodePineline +// +// * Amazon EC2 CreateSnapshot API call +// +// * Amazon EC2 RebootInstances API call +// +// * Amazon EC2 StopInstances API call +// +// * Amazon EC2 TerminateInstances API call // // * Amazon ECS tasks // -// * AWS Step Functions state machines +// * Event bus in a different AWS account or Region. You can use an event +// bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, +// or Europe (Ireland) eu-west-1 Regions as a target for a rule. // -// * AWS Batch jobs +// * Firehose delivery stream (Kinesis Data Firehose) // -// * AWS CodeBuild projects +// * Inspector assessment template (Amazon Inspector) // -// * Pipelines in AWS CodePipeline +// * Kinesis stream (Kinesis Data Stream) // -// * Amazon Inspector assessment templates +// * AWS Lambda function // -// * Amazon SNS topics +// * Redshift clusters (Data API statement execution) // -// * Amazon SQS queues, including FIFO queues +// * Amazon SNS topic // -// * The default event bus of another AWS account +// * Amazon SQS queues (includes FIFO queues // -// * Amazon API Gateway REST APIs +// * SSM Automation // -// * Redshift Clusters to invoke Data API ExecuteStatement on +// * SSM OpsItem // -// * Custom/SaaS HTTPS APIs via EventBridge API Destinations +// * SSM Run Command // -// * Amazon SageMaker Model Building Pipelines +// * Step Functions state machines // // Creating rules with built-in targets is supported only in the AWS Management // Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances @@ -4461,7 +4477,7 @@ func (c *EventBridge) UntagResourceRequest(input *UntagResourceInput) (req *requ // UntagResource API operation for Amazon EventBridge. // // Removes one or more tags from the specified EventBridge resource. In Amazon -// EventBridge (CloudWatch Events, rules and event buses can be tagged. +// EventBridge (CloudWatch Events), rules and event buses can be tagged. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5300,6 +5316,73 @@ func (s *CancelReplayOutput) SetStateReason(v string) *CancelReplayOutput { return s } +// The details of a capacity provider strategy. To learn more, see CapacityProviderStrategyItem +// (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CapacityProviderStrategyItem.html) +// in the Amazon ECS API Reference. +type CapacityProviderStrategyItem struct { + _ struct{} `type:"structure"` + + // The base value designates how many tasks, at a minimum, to run on the specified + // capacity provider. Only one capacity provider in a capacity provider strategy + // can have a base defined. If no value is specified, the default value of 0 + // is used. + Base *int64 `locationName:"base" type:"integer"` + + // The short name of the capacity provider. + // + // CapacityProvider is a required field + CapacityProvider *string `locationName:"capacityProvider" min:"1" type:"string" required:"true"` + + // The weight value designates the relative percentage of the total number of + // tasks launched that should use the specified capacity provider. The weight + // value is taken into consideration after the base value, if defined, is satisfied. + Weight *int64 `locationName:"weight" type:"integer"` +} + +// String returns the string representation +func (s CapacityProviderStrategyItem) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CapacityProviderStrategyItem) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CapacityProviderStrategyItem) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CapacityProviderStrategyItem"} + if s.CapacityProvider == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityProvider")) + } + if s.CapacityProvider != nil && len(*s.CapacityProvider) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CapacityProvider", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBase sets the Base field's value. +func (s *CapacityProviderStrategyItem) SetBase(v int64) *CapacityProviderStrategyItem { + s.Base = &v + return s +} + +// SetCapacityProvider sets the CapacityProvider field's value. +func (s *CapacityProviderStrategyItem) SetCapacityProvider(v string) *CapacityProviderStrategyItem { + s.CapacityProvider = &v + return s +} + +// SetWeight sets the Weight field's value. +func (s *CapacityProviderStrategyItem) SetWeight(v int64) *CapacityProviderStrategyItem { + s.Weight = &v + return s +} + // There is concurrent modification on a rule, target, archive, or replay. type ConcurrentModificationException struct { _ struct{} `type:"structure"` @@ -8576,6 +8659,23 @@ func (s DisableRuleOutput) GoString() string { type EcsParameters struct { _ struct{} `type:"structure"` + // The capacity provider strategy to use for the task. + // + // If a capacityProviderStrategy is specified, the launchType parameter must + // be omitted. If no capacityProviderStrategy or launchType is specified, the + // defaultCapacityProviderStrategy for the cluster is used. + CapacityProviderStrategy []*CapacityProviderStrategyItem `type:"list"` + + // Specifies whether to enable Amazon ECS managed tags for the task. For more + // information, see Tagging Your Amazon ECS Resources (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) + // in the Amazon Elastic Container Service Developer Guide. + EnableECSManagedTags *bool `type:"boolean"` + + // Whether or not to enable the execute command functionality for the containers + // in this task. If true, this enables execute command functionality on all + // containers in the task. + EnableExecuteCommand *bool `type:"boolean"` + // Specifies an ECS task group for the task. The maximum length is 255 characters. Group *string `type:"string"` @@ -8596,6 +8696,15 @@ type EcsParameters struct { // the awsvpc network mode, the task fails. NetworkConfiguration *NetworkConfiguration `type:"structure"` + // An array of placement constraint objects to use for the task. You can specify + // up to 10 constraints per task (including constraints in the task definition + // and those specified at runtime). + PlacementConstraints []*PlacementConstraint `type:"list"` + + // The placement strategy objects to use for the task. You can specify a maximum + // of five strategy rules per task. + PlacementStrategy []*PlacementStrategy `type:"list"` + // Specifies the platform version for the task. Specify only the numeric portion // of the platform version, such as 1.1.0. // @@ -8604,6 +8713,21 @@ type EcsParameters struct { // in the Amazon Elastic Container Service Developer Guide. PlatformVersion *string `type:"string"` + // Specifies whether to propagate the tags from the task definition to the task. + // If no value is specified, the tags are not propagated. Tags can only be propagated + // to the task during task creation. To add tags to a task after task creation, + // use the TagResource API action. + PropagateTags *string `type:"string" enum:"PropagateTags"` + + // The reference ID to use for the task. + ReferenceId *string `type:"string"` + + // The metadata that you apply to the task to help you categorize and organize + // them. Each tag consists of a key and an optional value, both of which you + // define. To learn more, see RunTask (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html#ECS-RunTask-request-tags) + // in the Amazon ECS API Reference. + Tags []*Tag `type:"list"` + // The number of tasks to create based on TaskDefinition. The default is 1. TaskCount *int64 `min:"1" type:"integer"` @@ -8636,11 +8760,31 @@ func (s *EcsParameters) Validate() error { if s.TaskDefinitionArn != nil && len(*s.TaskDefinitionArn) < 1 { invalidParams.Add(request.NewErrParamMinLen("TaskDefinitionArn", 1)) } + if s.CapacityProviderStrategy != nil { + for i, v := range s.CapacityProviderStrategy { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CapacityProviderStrategy", i), err.(request.ErrInvalidParams)) + } + } + } if s.NetworkConfiguration != nil { if err := s.NetworkConfiguration.Validate(); err != nil { invalidParams.AddNested("NetworkConfiguration", err.(request.ErrInvalidParams)) } } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -8648,6 +8792,24 @@ func (s *EcsParameters) Validate() error { return nil } +// SetCapacityProviderStrategy sets the CapacityProviderStrategy field's value. +func (s *EcsParameters) SetCapacityProviderStrategy(v []*CapacityProviderStrategyItem) *EcsParameters { + s.CapacityProviderStrategy = v + return s +} + +// SetEnableECSManagedTags sets the EnableECSManagedTags field's value. +func (s *EcsParameters) SetEnableECSManagedTags(v bool) *EcsParameters { + s.EnableECSManagedTags = &v + return s +} + +// SetEnableExecuteCommand sets the EnableExecuteCommand field's value. +func (s *EcsParameters) SetEnableExecuteCommand(v bool) *EcsParameters { + s.EnableExecuteCommand = &v + return s +} + // SetGroup sets the Group field's value. func (s *EcsParameters) SetGroup(v string) *EcsParameters { s.Group = &v @@ -8666,12 +8828,42 @@ func (s *EcsParameters) SetNetworkConfiguration(v *NetworkConfiguration) *EcsPar return s } +// SetPlacementConstraints sets the PlacementConstraints field's value. +func (s *EcsParameters) SetPlacementConstraints(v []*PlacementConstraint) *EcsParameters { + s.PlacementConstraints = v + return s +} + +// SetPlacementStrategy sets the PlacementStrategy field's value. +func (s *EcsParameters) SetPlacementStrategy(v []*PlacementStrategy) *EcsParameters { + s.PlacementStrategy = v + return s +} + // SetPlatformVersion sets the PlatformVersion field's value. func (s *EcsParameters) SetPlatformVersion(v string) *EcsParameters { s.PlatformVersion = &v return s } +// SetPropagateTags sets the PropagateTags field's value. +func (s *EcsParameters) SetPropagateTags(v string) *EcsParameters { + s.PropagateTags = &v + return s +} + +// SetReferenceId sets the ReferenceId field's value. +func (s *EcsParameters) SetReferenceId(v string) *EcsParameters { + s.ReferenceId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *EcsParameters) SetTags(v []*Tag) *EcsParameters { + s.Tags = v + return s +} + // SetTaskCount sets the TaskCount field's value. func (s *EcsParameters) SetTaskCount(v int64) *EcsParameters { s.TaskCount = &v @@ -8753,11 +8945,10 @@ func (s EnableRuleOutput) GoString() string { } // An event bus receives events from a source and routes them to rules associated -// with that event bus. Your account's default event bus receives rules from -// AWS services. A custom event bus can receive rules from AWS services as well -// as your custom applications and services. A partner event bus receives events -// from an event source created by an SaaS partner. These events come from the -// partners services or applications. +// with that event bus. Your account's default event bus receives events from +// AWS services. A custom event bus can receive events from your custom applications +// and services. A partner event bus receives events from an event source created +// by an SaaS partner. These events come from the partners services or applications. type EventBus struct { _ struct{} `type:"structure"` @@ -10829,6 +11020,92 @@ func (s *PartnerEventSourceAccount) SetState(v string) *PartnerEventSourceAccoun return s } +// An object representing a constraint on task placement. To learn more, see +// Task Placement Constraints (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html) +// in the Amazon Elastic Container Service Developer Guide. +type PlacementConstraint struct { + _ struct{} `type:"structure"` + + // A cluster query language expression to apply to the constraint. You cannot + // specify an expression if the constraint type is distinctInstance. To learn + // more, see Cluster Query Language (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) + // in the Amazon Elastic Container Service Developer Guide. + Expression *string `locationName:"expression" type:"string"` + + // The type of constraint. Use distinctInstance to ensure that each task in + // a particular group is running on a different container instance. Use memberOf + // to restrict the selection to a group of valid candidates. + Type *string `locationName:"type" type:"string" enum:"PlacementConstraintType"` +} + +// String returns the string representation +func (s PlacementConstraint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PlacementConstraint) GoString() string { + return s.String() +} + +// SetExpression sets the Expression field's value. +func (s *PlacementConstraint) SetExpression(v string) *PlacementConstraint { + s.Expression = &v + return s +} + +// SetType sets the Type field's value. +func (s *PlacementConstraint) SetType(v string) *PlacementConstraint { + s.Type = &v + return s +} + +// The task placement strategy for a task or service. To learn more, see Task +// Placement Strategies (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html) +// in the Amazon Elastic Container Service Developer Guide. +type PlacementStrategy struct { + _ struct{} `type:"structure"` + + // The field to apply the placement strategy against. For the spread placement + // strategy, valid values are instanceId (or host, which has the same effect), + // or any platform or custom attribute that is applied to a container instance, + // such as attribute:ecs.availability-zone. For the binpack placement strategy, + // valid values are cpu and memory. For the random placement strategy, this + // field is not used. + Field *string `locationName:"field" type:"string"` + + // The type of placement strategy. The random placement strategy randomly places + // tasks on available candidates. The spread placement strategy spreads placement + // across available candidates evenly based on the field parameter. The binpack + // strategy places tasks on available candidates that have the least available + // amount of the resource that is specified with the field parameter. For example, + // if you binpack on memory, a task is placed on the instance with the least + // amount of remaining memory (but still enough to run the task). + Type *string `locationName:"type" type:"string" enum:"PlacementStrategyType"` +} + +// String returns the string representation +func (s PlacementStrategy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PlacementStrategy) GoString() string { + return s.String() +} + +// SetField sets the Field field's value. +func (s *PlacementStrategy) SetField(v string) *PlacementStrategy { + s.Field = &v + return s +} + +// SetType sets the Type field's value. +func (s *PlacementStrategy) SetType(v string) *PlacementStrategy { + s.Type = &v + return s +} + // The event bus policy is too long. For more information, see the limits. type PolicyLengthExceededException struct { _ struct{} `type:"structure"` @@ -14399,6 +14676,54 @@ func LaunchType_Values() []string { } } +const ( + // PlacementConstraintTypeDistinctInstance is a PlacementConstraintType enum value + PlacementConstraintTypeDistinctInstance = "distinctInstance" + + // PlacementConstraintTypeMemberOf is a PlacementConstraintType enum value + PlacementConstraintTypeMemberOf = "memberOf" +) + +// PlacementConstraintType_Values returns all elements of the PlacementConstraintType enum +func PlacementConstraintType_Values() []string { + return []string{ + PlacementConstraintTypeDistinctInstance, + PlacementConstraintTypeMemberOf, + } +} + +const ( + // PlacementStrategyTypeRandom is a PlacementStrategyType enum value + PlacementStrategyTypeRandom = "random" + + // PlacementStrategyTypeSpread is a PlacementStrategyType enum value + PlacementStrategyTypeSpread = "spread" + + // PlacementStrategyTypeBinpack is a PlacementStrategyType enum value + PlacementStrategyTypeBinpack = "binpack" +) + +// PlacementStrategyType_Values returns all elements of the PlacementStrategyType enum +func PlacementStrategyType_Values() []string { + return []string{ + PlacementStrategyTypeRandom, + PlacementStrategyTypeSpread, + PlacementStrategyTypeBinpack, + } +} + +const ( + // PropagateTagsTaskDefinition is a PropagateTags enum value + PropagateTagsTaskDefinition = "TASK_DEFINITION" +) + +// PropagateTags_Values returns all elements of the PropagateTags enum +func PropagateTags_Values() []string { + return []string{ + PropagateTagsTaskDefinition, + } +} + const ( // ReplayStateStarting is a ReplayState enum value ReplayStateStarting = "STARTING" diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 60b726d061..f3ed7f565d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -82,7 +82,8 @@ func (c *IAM) AddClientIDToOpenIDConnectProviderRequest(input *AddClientIDToOpen // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -158,8 +159,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // Adds the specified IAM role to the specified instance profile. An instance // profile can contain only one role, and this quota cannot be increased. You // can remove the existing role and then add a different role to an instance -// profile. You must then wait for the change to appear across all of AWS because -// of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency). +// profile. You must then wait for the change to appear across all of Amazon +// Web Services because of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency). // To force the change, you must disassociate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html) // and then associate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html), // or you can stop your instance and then restart it. @@ -189,7 +190,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -284,7 +286,8 @@ func (c *IAM) AddUserToGroupRequest(input *AddUserToGroupInput) (req *request.Re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -384,15 +387,16 @@ func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -496,7 +500,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -509,8 +514,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // request the change through that service. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -610,15 +615,16 @@ func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -692,13 +698,13 @@ func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Re // ChangePassword API operation for AWS Identity and Access Management. // // Changes the password of the IAM user who is calling this operation. This -// operation can be performed using the AWS CLI, the AWS API, or the My Security -// Credentials page in the AWS Management Console. The AWS account root user -// password is not affected by this operation. +// operation can be performed using the CLI, the Amazon Web Services API, or +// the My Security Credentials page in the Management Console. The account root +// user password is not affected by this operation. // -// Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the Users page -// in the IAM console to change the password for any IAM user. For more information -// about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) +// Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the +// Users page in the IAM console to change the password for any IAM user. For +// more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -719,7 +725,8 @@ func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable" // The request was rejected because it referenced an entity that is temporarily @@ -801,20 +808,21 @@ func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request. // CreateAccessKey API operation for AWS Identity and Access Management. // -// Creates a new AWS secret access key and corresponding AWS access key ID for -// the specified user. The default status for new keys is Active. +// Creates a new Amazon Web Services secret access key and corresponding Amazon +// Web Services access key ID for the specified user. The default status for +// new keys is Active. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials. This is true even if the AWS -// account has no associated users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials. This is true +// even if the account has no associated users. // // For information about quotas on the number of keys you can create, see IAM // and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. // -// To ensure the security of your AWS account, the secret access key is accessible +// To ensure the security of your account, the secret access key is accessible // only during key and user creation. You must save the key (for example, in // a text file) if you want to be able to access it again. If a secret key is // lost, you can delete the access keys for the associated user and then create @@ -834,7 +842,8 @@ func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -907,8 +916,8 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // CreateAccountAlias API operation for AWS Identity and Access Management. // -// Creates an alias for your AWS account. For information about using an AWS -// account alias, see Using an alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Creates an alias for your account. For information about using an account +// alias, see Using an alias for your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -925,7 +934,8 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1013,7 +1023,8 @@ func (c *IAM) CreateGroupRequest(input *CreateGroupInput) (req *request.Request, // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -1120,7 +1131,8 @@ func (c *IAM) CreateInstanceProfileRequest(input *CreateInstanceProfileInput) (r // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1198,12 +1210,12 @@ func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *re // CreateLoginProfile API operation for AWS Identity and Access Management. // // Creates a password for the specified IAM user. A password allows an IAM user -// to access AWS services through the AWS Management Console. +// to access Amazon Web Services services through the Management Console. // -// You can use the AWS CLI, the AWS API, or the Users page in the IAM console -// to create a password for any IAM user. Use ChangePassword to update your -// own existing password in the My Security Credentials page in the AWS Management -// Console. +// You can use the CLI, the Amazon Web Services API, or the Users page in the +// IAM console to create a password for any IAM user. Use ChangePassword to +// update your own existing password in the My Security Credentials page in +// the Management Console. // // For more information about managing passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. @@ -1230,7 +1242,8 @@ func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1307,20 +1320,28 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // // The OIDC provider that you create with this operation can be used as a principal // in a role's trust policy. Such a policy establishes a trust relationship -// between AWS and the OIDC provider. +// between Amazon Web Services and the OIDC provider. +// +// If you are using an OIDC identity provider from Google, Facebook, or Amazon +// Cognito, you don't need to create a separate IAM identity provider. These +// OIDC identity providers are already built-in to Amazon Web Services and are +// available for your use. Instead, you can move directly to creating new roles +// using your identity provider. To learn more, see Creating a role for web +// identity or OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) +// in the IAM User Guide. // // When you create the IAM OIDC provider, you specify the following: // // * The URL of the OIDC identity provider (IdP) to trust // // * A list of client IDs (also known as audiences) that identify the application -// or applications that are allowed to authenticate using the OIDC provider +// or applications allowed to authenticate using the OIDC provider // // * A list of thumbprints of one or more server certificates that the IdP // uses // // You get all of this information from the OIDC IdP that you want to use to -// access AWS. +// access Amazon Web Services. // // The trust for the OIDC provider is derived from the IAM provider that this // operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider @@ -1344,7 +1365,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1421,7 +1443,7 @@ func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Reques // CreatePolicy API operation for AWS Identity and Access Management. // -// Creates a new managed policy for your AWS account. +// Creates a new managed policy for your account. // // This operation creates a policy version with a version identifier of v1 and // sets v1 as the policy's default version. For more information about policy @@ -1450,7 +1472,8 @@ func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -1570,7 +1593,8 @@ func (c *IAM) CreatePolicyVersionRequest(input *CreatePolicyVersionInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1642,8 +1666,8 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // CreateRole API operation for AWS Identity and Access Management. // -// Creates a new role for your AWS account. For more information about roles, -// see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// Creates a new role for your account. For more information about roles, see +// IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). // For information about quotas for role names and the number of roles you can // create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. @@ -1658,7 +1682,8 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -1753,8 +1778,8 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // The SAML provider resource that you create with this operation can be used // as a principal in an IAM role's trust policy. Such a policy can enable federated // users who sign in using the SAML IdP to assume the role. You can create an -// IAM role that supports Web-based single sign-on (SSO) to the AWS Management -// Console or one that supports API access to AWS. +// IAM role that supports Web-based single sign-on (SSO) to the Management Console +// or one that supports API access to Amazon Web Services. // // When you create the SAML provider resource, you upload a SAML metadata document // that you get from your IdP. That document includes the issuer's name, expiration @@ -1766,7 +1791,7 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // For more information, see Enabling SAML 2.0 federated users to access the -// AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) +// Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) // and About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // in the IAM User Guide. // @@ -1788,7 +1813,8 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1865,17 +1891,17 @@ func (c *IAM) CreateServiceLinkedRoleRequest(input *CreateServiceLinkedRoleInput // CreateServiceLinkedRole API operation for AWS Identity and Access Management. // -// Creates an IAM role that is linked to a specific AWS service. The service -// controls the attached policies and when the role can be deleted. This helps -// ensure that the service is not broken by an unexpectedly changed or deleted -// role, which could put your AWS resources into an unknown state. Allowing -// the service to control the role helps improve service stability and proper -// cleanup when a service and its role are no longer needed. For more information, -// see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) +// Creates an IAM role that is linked to a specific Amazon Web Services service. +// The service controls the attached policies and when the role can be deleted. +// This helps ensure that the service is not broken by an unexpectedly changed +// or deleted role, which could put your Amazon Web Services resources into +// an unknown state. Allowing the service to control the role helps improve +// service stability and proper cleanup when a service and its role are no longer +// needed. For more information, see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) // in the IAM User Guide. // // To attach a policy to this service-linked role, you must make the request -// using the AWS service that depends on this role. +// using the Amazon Web Services service that depends on this role. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1891,7 +1917,8 @@ func (c *IAM) CreateServiceLinkedRoleRequest(input *CreateServiceLinkedRoleInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -1974,13 +2001,14 @@ func (c *IAM) CreateServiceSpecificCredentialRequest(input *CreateServiceSpecifi // You can have a maximum of two sets of service-specific credentials for each // supported service per user. // -// You can create service-specific credentials for AWS CodeCommit and Amazon -// Keyspaces (for Apache Cassandra). +// You can create service-specific credentials for CodeCommit and Amazon Keyspaces +// (for Apache Cassandra). // // You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential. // // For more information about service-specific credentials, see Using IAM with -// AWS CodeCommit: Git credentials, SSH keys, and AWS access keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html) +// CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1993,7 +2021,8 @@ func (c *IAM) CreateServiceSpecificCredentialRequest(input *CreateServiceSpecifi // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -2068,7 +2097,7 @@ func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, o // CreateUser API operation for AWS Identity and Access Management. // -// Creates a new IAM user for your AWS account. +// Creates a new IAM user for your account. // // For information about quotas for the number of IAM users you can create, // see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) @@ -2084,7 +2113,8 @@ func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -2173,10 +2203,10 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // CreateVirtualMFADevice API operation for AWS Identity and Access Management. // -// Creates a new virtual MFA device for the AWS account. After creating the -// virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. -// For more information about creating and working with virtual MFA devices, -// see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) +// Creates a new virtual MFA device for the account. After creating the virtual +// MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more +// information about creating and working with virtual MFA devices, see Using +// a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) // in the IAM User Guide. // // For information about the maximum number of MFA devices you can create, see @@ -2185,9 +2215,9 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // // The seed information contained in the QR code and the Base32 string should // be treated like any other secret access information. In other words, protect -// the seed information as you would your AWS access keys or your passwords. -// After you provision your virtual device, you should ensure that the information -// is destroyed following secure procedures. +// the seed information as you would your Amazon Web Services access keys or +// your passwords. After you provision your virtual device, you should ensure +// that the information is destroyed following secure procedures. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2199,7 +2229,8 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -2312,7 +2343,8 @@ func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2388,10 +2420,10 @@ func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request. // Deletes the access key pair associated with the specified IAM user. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials even if the account +// has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2407,7 +2439,8 @@ func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2480,8 +2513,8 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // DeleteAccountAlias API operation for AWS Identity and Access Management. // -// Deletes the specified AWS account alias. For information about using an AWS -// account alias, see Using an alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Deletes the specified account alias. For information about using an Amazon +// Web Services account alias, see Using an alias for your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2498,7 +2531,8 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2571,7 +2605,7 @@ func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPol // DeleteAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Deletes the password policy for the AWS account. There are no parameters. +// Deletes the password policy for the account. There are no parameters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2587,7 +2621,8 @@ func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPol // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2681,7 +2716,8 @@ func (c *IAM) DeleteGroupRequest(input *DeleteGroupInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2776,7 +2812,8 @@ func (c *IAM) DeleteGroupPolicyRequest(input *DeleteGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2878,7 +2915,8 @@ func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (r // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2952,17 +2990,18 @@ func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *re // DeleteLoginProfile API operation for AWS Identity and Access Management. // // Deletes the password for the specified IAM user, which terminates the user's -// ability to access AWS services through the AWS Management Console. +// ability to access Amazon Web Services services through the Management Console. // -// You can use the AWS CLI, the AWS API, or the Users page in the IAM console -// to delete a password for any IAM user. You can use ChangePassword to update, -// but not delete, your own password in the My Security Credentials page in -// the AWS Management Console. +// You can use the CLI, the Amazon Web Services API, or the Users page in the +// IAM console to delete a password for any IAM user. You can use ChangePassword +// to update, but not delete, your own password in the My Security Credentials +// page in the Management Console. // -// Deleting a user's password does not prevent a user from accessing AWS through -// the command line interface or the API. To prevent all user access, you must -// also either make any access keys inactive or delete them. For more information -// about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. +// Deleting a user's password does not prevent a user from accessing Amazon +// Web Services through the command line interface or the API. To prevent all +// user access, you must also either make any access keys inactive or delete +// them. For more information about making keys inactive or deleting them, see +// UpdateAccessKey and DeleteAccessKey. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2984,7 +3023,8 @@ func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -3191,7 +3231,8 @@ func (c *IAM) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -3296,7 +3337,8 @@ func (c *IAM) DeletePolicyVersionRequest(input *DeletePolicyVersionInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -3403,7 +3445,8 @@ func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, o // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -3604,7 +3647,8 @@ func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -3706,7 +3750,8 @@ func (c *IAM) DeleteSAMLProviderRequest(input *DeleteSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -3786,10 +3831,10 @@ func (c *IAM) DeleteSSHPublicKeyRequest(input *DeleteSSHPublicKeyInput) (req *re // Deletes the specified SSH public key. // // The SSH public key deleted by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3874,8 +3919,8 @@ func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // If you are using a server certificate with Elastic Load Balancing, deleting // the certificate could have implications for your application. If Elastic @@ -3905,7 +3950,8 @@ func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -3991,11 +4037,11 @@ func (c *IAM) DeleteServiceLinkedRoleRequest(input *DeleteServiceLinkedRoleInput // the service-linked role, you must first remove those resources from the linked // service and then submit the deletion request again. Resources are specific // to the service that is linked to the role. For more information about removing -// resources from a service, see the AWS documentation (http://docs.aws.amazon.com/) +// resources from a service, see the Amazon Web Services documentation (http://docs.aws.amazon.com/) // for your service. // // For more information about service-linked roles, see Roles terms and concepts: -// AWS service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) +// Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4012,7 +4058,8 @@ func (c *IAM) DeleteServiceLinkedRoleRequest(input *DeleteServiceLinkedRoleInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4169,10 +4216,10 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // Deletes a signing certificate associated with the specified IAM user. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated IAM users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials even if the account +// has no associated IAM users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4188,7 +4235,8 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4261,10 +4309,9 @@ func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, o // DeleteUser API operation for AWS Identity and Access Management. // -// Deletes the specified IAM user. Unlike the AWS Management Console, when you -// delete a user programmatically, you must delete the items attached to the -// user manually, or the deletion fails. For more information, see Deleting -// an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli). +// Deletes the specified IAM user. Unlike the Management Console, when you delete +// a user programmatically, you must delete the items attached to the user manually, +// or the deletion fails. For more information, see Deleting an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli). // Before attempting to delete a user, remove the following items: // // * Password (DeleteLoginProfile) @@ -4295,7 +4342,8 @@ func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -4492,7 +4540,8 @@ func (c *IAM) DeleteUserPolicyRequest(input *DeleteUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4588,7 +4637,8 @@ func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4682,7 +4732,8 @@ func (c *IAM) DetachGroupPolicyRequest(input *DetachGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4780,7 +4831,8 @@ func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4884,7 +4936,8 @@ func (c *IAM) DetachUserPolicyRequest(input *DetachUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4989,7 +5042,8 @@ func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -5065,7 +5119,7 @@ func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInp // GenerateCredentialReport API operation for AWS Identity and Access Management. // -// Generates a credential report for the AWS account. For more information about +// Generates a credential report for the account. For more information about // the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. // @@ -5079,7 +5133,8 @@ func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInp // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -5151,16 +5206,16 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management. // -// Generates a report for service last accessed data for AWS Organizations. -// You can generate a report for any entities (organization root, organizational +// Generates a report for service last accessed data for Organizations. You +// can generate a report for any entities (organization root, organizational // unit, or account) or policies in your organization. // -// To call this operation, you must be signed in using your AWS Organizations -// management account credentials. You can use your long-term IAM user or root -// user credentials, or temporary credentials from assuming an IAM role. SCPs -// must be enabled for your organization root. You must have the required IAM -// and AWS Organizations permissions. For more information, see Refining permissions -// using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// To call this operation, you must be signed in using your Organizations management +// account credentials. You can use your long-term IAM user or root user credentials, +// or temporary credentials from assuming an IAM role. SCPs must be enabled +// for your organization root. You must have the required IAM and Organizations +// permissions. For more information, see Refining permissions using service +// last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // // You can generate a service last accessed data report for entities by specifying @@ -5168,7 +5223,7 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // by any service control policies (SCPs) that apply to the entity. // // You can generate a service last accessed data report for a policy by specifying -// an entity's path and an optional AWS Organizations policy ID. This data includes +// an entity's path and an optional Organizations policy ID. This data includes // a list of services that are allowed by the specified SCP. // // For each service in both report types, the data includes the most recent @@ -5178,14 +5233,14 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // -// The data includes all attempts to access AWS, not just the successful ones. -// This includes all attempts that were made using the AWS Management Console, -// the AWS API through any of the SDKs, or any of the command line tools. An -// unexpected entry in the service last accessed data does not mean that an -// account has been compromised, because the request might have been denied. -// Refer to your CloudTrail logs as the authoritative source for information -// about all API calls and whether they were successful or denied access. For -// more information, see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// The data includes all attempts to access Amazon Web Services, not just the +// successful ones. This includes all attempts that were made using the Management +// Console, the Amazon Web Services API through any of the SDKs, or any of the +// command line tools. An unexpected entry in the service last accessed data +// does not mean that an account has been compromised, because the request might +// have been denied. Refer to your CloudTrail logs as the authoritative source +// for information about all API calls and whether they were successful or denied +// access. For more information, see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. // // This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport @@ -5195,8 +5250,8 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // you can retrieve the report. // // To generate a service last accessed data report for entities, specify an -// entity path without specifying the optional AWS Organizations policy ID. -// The type of entity that you specify determines the data returned in the report. +// entity path without specifying the optional Organizations policy ID. The +// type of entity that you specify determines the data returned in the report. // // * Root – When you specify the organizations root as the entity, the // resulting report lists all of the services allowed by SCPs that are attached @@ -5211,9 +5266,9 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // account, because the management account is not limited by SCPs. // // * management account – When you specify the management account, the -// resulting report lists all AWS services, because the management account -// is not limited by SCPs. For each service, the report includes data for -// only the management account. +// resulting report lists all Amazon Web Services services, because the management +// account is not limited by SCPs. For each service, the report includes +// data for only the management account. // // * Account – When you specify another account as the entity, the resulting // report lists all of the services allowed by SCPs that are attached to @@ -5221,7 +5276,7 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // for only the specified account. // // To generate a service last accessed data report for policies, specify an -// entity path and the optional AWS Organizations policy ID. The type of entity +// entity path and the optional Organizations policy ID. The type of entity // that you specify determines the data returned for each service. // // * Root – When you specify the root entity and a policy ID, the resulting @@ -5243,10 +5298,10 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // data. // // * management account – When you specify the management account, the -// resulting report lists all AWS services, because the management account -// is not limited by SCPs. If you specify a policy ID in the CLI or API, -// the policy is ignored. For each service, the report includes data for -// only the management account. +// resulting report lists all Amazon Web Services services, because the management +// account is not limited by SCPs. If you specify a policy ID in the CLI +// or API, the policy is ignored. For each service, the report includes data +// for only the management account. // // * Account – When you specify another account entity and a policy ID, // the resulting report lists all of the services that are allowed by the @@ -5347,20 +5402,21 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management. // // Generates a report that includes details about when an IAM resource (user, -// group, role, or policy) was last used in an attempt to access AWS services. -// Recent activity usually appears within four hours. IAM reports activity for -// the last 365 days, or less if your Region began supporting this feature within -// the last year. For more information, see Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// group, role, or policy) was last used in an attempt to access Amazon Web +// Services services. Recent activity usually appears within four hours. IAM +// reports activity for the last 365 days, or less if your Region began supporting +// this feature within the last year. For more information, see Regions where +// data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). // -// The service last accessed data includes all attempts to access an AWS API, -// not just the successful ones. This includes all attempts that were made using -// the AWS Management Console, the AWS API through any of the SDKs, or any of -// the command line tools. An unexpected entry in the service last accessed -// data does not mean that your account has been compromised, because the request -// might have been denied. Refer to your CloudTrail logs as the authoritative -// source for information about all API calls and whether they were successful -// or denied access. For more information, see Logging IAM events with CloudTrail -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// The service last accessed data includes all attempts to access an Amazon +// Web Services API, not just the successful ones. This includes all attempts +// that were made using the Management Console, the Amazon Web Services API +// through any of the SDKs, or any of the command line tools. An unexpected +// entry in the service last accessed data does not mean that your account has +// been compromised, because the request might have been denied. Refer to your +// CloudTrail logs as the authoritative source for information about all API +// calls and whether they were successful or denied access. For more information, +// see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. // // The GenerateServiceLastAccessedDetails operation returns a JobId. Use this @@ -5368,15 +5424,16 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // your report: // // * GetServiceLastAccessedDetails – Use this operation for users, groups, -// roles, or policies to list every AWS service that the resource could access -// using permissions policies. For each service, the response includes information -// about the most recent access attempt. The JobId returned by GenerateServiceLastAccessedDetail -// must be used by the same role within a session, or by the same user when -// used to call GetServiceLastAccessedDetail. +// roles, or policies to list every Amazon Web Services service that the +// resource could access using permissions policies. For each service, the +// response includes information about the most recent access attempt. The +// JobId returned by GenerateServiceLastAccessedDetail must be used by the +// same role within a session, or by the same user when used to call GetServiceLastAccessedDetail. // // * GetServiceLastAccessedDetailsWithEntities – Use this operation for // groups and policies to list information about the associated entities -// (users or roles) that attempted to access a specific AWS service. +// (users or roles) that attempted to access a specific Amazon Web Services +// service. // // To check the status of the GenerateServiceLastAccessedDetails request, use // the JobId parameter in the same operations and test the JobStatus response @@ -5388,10 +5445,10 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include -// resource-based policies, access control lists, AWS Organizations policies, -// IAM permissions boundaries, and AWS STS assume role policies. It only applies -// permissions policy logic. For more about the evaluation of policy types, -// see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// resource-based policies, access control lists, Organizations policies, IAM +// permissions boundaries, and STS assume role policies. It only applies permissions +// policy logic. For more about the evaluation of policy types, see Evaluating +// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // For more information about service and action last accessed data, see Reducing @@ -5481,9 +5538,9 @@ func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req // GetAccessKeyLastUsed API operation for AWS Identity and Access Management. // // Retrieves information about when the specified access key was last used. -// The information includes the date and time of last use, along with the AWS -// service and Region that were specified in the last request made with that -// key. +// The information includes the date and time of last use, along with the Amazon +// Web Services service and Region that were specified in the last request made +// with that key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5570,9 +5627,9 @@ func (c *IAM) GetAccountAuthorizationDetailsRequest(input *GetAccountAuthorizati // GetAccountAuthorizationDetails API operation for AWS Identity and Access Management. // // Retrieves information about all IAM users, groups, roles, and policies in -// your AWS account, including their relationships to one another. Use this -// operation to obtain a snapshot of the configuration of IAM permissions (users, -// groups, roles, and policies) in your account. +// your Amazon Web Services account, including their relationships to one another. +// Use this operation to obtain a snapshot of the configuration of IAM permissions +// (users, groups, roles, and policies) in your account. // // Policies returned by this operation are URL-encoded compliant with RFC 3986 // (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method @@ -5713,7 +5770,7 @@ func (c *IAM) GetAccountPasswordPolicyRequest(input *GetAccountPasswordPolicyInp // GetAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Retrieves the password policy for the AWS account. This tells you the complexity +// Retrieves the password policy for the account. This tells you the complexity // requirements and mandatory rotation periods for the IAM user passwords in // your account. For more information about using a password policy, see Managing // an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html). @@ -5800,7 +5857,8 @@ func (c *IAM) GetAccountSummaryRequest(input *GetAccountSummaryInput) (req *requ // GetAccountSummary API operation for AWS Identity and Access Management. // -// Retrieves information about IAM entity usage and IAM quotas in the AWS account. +// Retrieves information about IAM entity usage and IAM quotas in the Amazon +// Web Services account. // // For information about IAM quotas, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. @@ -5887,12 +5945,13 @@ func (c *IAM) GetContextKeysForCustomPolicyRequest(input *GetContextKeysForCusto // The policies are supplied as a list of one or more strings. To get the context // keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. Context keys can be evaluated -// by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy -// to understand what key names and values you must supply when you call SimulateCustomPolicy. -// Note that all parameters are shown in unencoded form here for clarity but -// must be URL encoded to be included as a part of a real HTML request. +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. Context keys +// can be evaluated by testing against a value specified in an IAM policy. Use +// GetContextKeysForCustomPolicy to understand what key names and values you +// must supply when you call SimulateCustomPolicy. Note that all parameters +// are shown in unencoded form here for clarity but must be URL encoded to be +// included as a part of a real HTML request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5985,9 +6044,9 @@ func (c *IAM) GetContextKeysForPrincipalPolicyRequest(input *GetContextKeysForPr // to other users. If you do not want users to see other user's permissions, // then consider allowing them to use GetContextKeysForCustomPolicy instead. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. Context keys can be evaluated -// by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. Context keys +// can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy // to understand what key names and values you must supply when you call SimulatePrincipalPolicy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6072,7 +6131,7 @@ func (c *IAM) GetCredentialReportRequest(input *GetCredentialReportInput) (req * // GetCredentialReport API operation for AWS Identity and Access Management. // -// Retrieves a credential report for the AWS account. For more information about +// Retrieves a credential report for the account. For more information about // the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. // @@ -6498,10 +6557,20 @@ func (c *IAM) GetLoginProfileRequest(input *GetLoginProfileInput) (req *request. // GetLoginProfile API operation for AWS Identity and Access Management. // -// Retrieves the user name and password creation date for the specified IAM -// user. If the user has not been assigned a password, the operation returns +// Retrieves the user name for the specified IAM user. A login profile is created +// when you create a password for the user to access the Management Console. +// If the user does not exist or does not have a password, the operation returns // a 404 (NoSuchEntity) error. // +// If you create an IAM user with access to the console, the CreateDate reflects +// the date you created the initial password for the user. +// +// If you create an IAM user with programmatic access, and then later add a +// password for the user to access the Management Console, the CreateDate reflects +// the initial password creation date. A user with programmatic access does +// not have a login profile unless you create a password for the user to access +// the Management Console. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6673,8 +6742,8 @@ func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessR // GetOrganizationsAccessReport API operation for AWS Identity and Access Management. // -// Retrieves the service last accessed data report for AWS Organizations that -// was previously generated using the GenerateOrganizationsAccessReport operation. +// Retrieves the service last accessed data report for Organizations that was +// previously generated using the GenerateOrganizationsAccessReport operation. // This operation retrieves the status of your report job and the report contents. // // Depending on the parameters that you passed when you generated the report, @@ -7271,10 +7340,10 @@ func (c *IAM) GetSSHPublicKeyRequest(input *GetSSHPublicKeyInput) (req *request. // Retrieves the specified SSH public key, including metadata about the key. // // The SSH public key retrieved by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7362,8 +7431,8 @@ func (c *IAM) GetServerCertificateRequest(input *GetServerCertificateInput) (req // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic includes a list of AWS services that can -// use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7450,15 +7519,16 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed // Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails // operation. You can use the JobId parameter in GetServiceLastAccessedDetails // to retrieve the status of your report job. When the report is complete, you -// can retrieve the generated report. The report includes a list of AWS services -// that the resource (user, group, role, or managed policy) can access. +// can retrieve the generated report. The report includes a list of Amazon Web +// Services services that the resource (user, group, role, or managed policy) +// can access. // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include -// resource-based policies, access control lists, AWS Organizations policies, -// IAM permissions boundaries, and AWS STS assume role policies. It only applies -// permissions policy logic. For more about the evaluation of policy types, -// see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// resource-based policies, access control lists, Organizations policies, IAM +// permissions boundaries, and STS assume role policies. It only applies permissions +// policy logic. For more about the evaluation of policy types, see Evaluating +// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // For each service that the resource could access using permissions policies, @@ -7778,7 +7848,8 @@ func (c *IAM) GetUserRequest(input *GetUserInput) (req *request.Request, output // creation date, path, unique ID, and ARN. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID used to sign the request to this operation. +// based on the Amazon Web Services access key ID used to sign the request to +// this operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7975,12 +8046,12 @@ func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Re // the results using the MaxItems and Marker parameters. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // -// To ensure the security of your AWS account, the secret access key is accessible +// To ensure the security of your account, the secret access key is accessible // only during key and user creation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -8123,9 +8194,9 @@ func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *re // ListAccountAliases API operation for AWS Identity and Access Management. // -// Lists the account alias associated with the AWS account (Note: you can have -// only one). For information about using an AWS account alias, see Using an -// alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Lists the account alias associated with the account (Note: you can have only +// one). For information about using an account alias, see Using an alias for +// your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9800,7 +9871,8 @@ func (c *IAM) ListMFADevicesRequest(input *ListMFADevicesInput) (req *request.Re // Lists the MFA devices for an IAM user. If the request includes a IAM user // name, then this operation lists all the MFA devices associated with the specified // user. If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request for this operation. +// based on the Amazon Web Services access key ID signing the request for this +// operation. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -10032,7 +10104,7 @@ func (c *IAM) ListOpenIDConnectProvidersRequest(input *ListOpenIDConnectProvider // ListOpenIDConnectProviders API operation for AWS Identity and Access Management. // // Lists information about the IAM OpenID Connect (OIDC) provider resource objects -// defined in the AWS account. +// defined in the account. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -10123,13 +10195,14 @@ func (c *IAM) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Reques // ListPolicies API operation for AWS Identity and Access Management. // -// Lists all the managed policies that are available in your AWS account, including -// your own customer-defined managed policies and all AWS managed policies. +// Lists all the managed policies that are available in your account, including +// your own customer-defined managed policies and all Amazon Web Services managed +// policies. // // You can filter the list of policies that is returned using the optional OnlyAttached, // Scope, and PathPrefix parameters. For example, to list only the customer -// managed policies in your AWS account, set Scope to Local. To list only AWS -// managed policies, set Scope to AWS. +// managed policies in your Amazon Web Services account, set Scope to Local. +// To list only Amazon Web Services managed policies, set Scope to AWS. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -10277,10 +10350,9 @@ func (c *IAM) ListPoliciesGrantingServiceAccessRequest(input *ListPoliciesGranti // // This operation does not use other policy types when determining whether a // resource could access a service. These other policy types include resource-based -// policies, access control lists, AWS Organizations policies, IAM permissions -// boundaries, and AWS STS assume role policies. It only applies permissions -// policy logic. For more about the evaluation of policy types, see Evaluating -// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// policies, access control lists, Organizations policies, IAM permissions boundaries, +// and STS assume role policies. It only applies permissions policy logic. For +// more about the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // The list of policies returned by the operation depends on the ARN of the @@ -11207,10 +11279,10 @@ func (c *IAM) ListSSHPublicKeysRequest(input *ListSSHPublicKeysInput) (req *requ // IAM user. If none exists, the operation returns an empty list. // // The SSH public keys returned by this operation are used only for authenticating -// the IAM user to an AWS CodeCommit repository. For more information about -// using SSH keys to authenticate to an AWS CodeCommit repository, see Set up -// AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the IAM user to an CodeCommit repository. For more information about using +// SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit +// for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Although each user is limited to a small number of keys, you can still paginate // the results using the MaxItems and Marker parameters. @@ -11350,10 +11422,10 @@ func (c *IAM) ListServerCertificateTagsRequest(input *ListServerCertificateTagsI // tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11451,8 +11523,8 @@ func (c *IAM) ListServerCertificatesRequest(input *ListServerCertificatesInput) // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -11593,9 +11665,9 @@ func (c *IAM) ListServiceSpecificCredentialsRequest(input *ListServiceSpecificCr // the specified IAM user. If none exists, the operation returns an empty list. // The service-specific credentials returned by this operation are used only // for authenticating the IAM user to a specific service. For more information -// about using service-specific credentials to authenticate to an AWS service, -// see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) -// in the AWS CodeCommit User Guide. +// about using service-specific credentials to authenticate to an Amazon Web +// Services service, see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11691,10 +11763,10 @@ func (c *IAM) ListSigningCertificatesRequest(input *ListSigningCertificatesInput // you can still paginate the results using the MaxItems and Marker parameters. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request for this operation. -// This operation works for access keys under the AWS account. Consequently, -// you can use this operation to manage AWS account root user credentials even -// if the AWS account has no associated users. +// based on the Amazon Web Services access key ID used to sign the request for +// this operation. This operation works for access keys under the account. Consequently, +// you can use this operation to manage account root user credentials even if +// the account has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11968,6 +12040,12 @@ func (c *IAM) ListUserTagsRequest(input *ListUserTagsInput) (req *request.Reques Name: opListUserTags, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"Marker"}, + LimitToken: "MaxItems", + TruncationToken: "IsTruncated", + }, } if input == nil { @@ -12024,6 +12102,58 @@ func (c *IAM) ListUserTagsWithContext(ctx aws.Context, input *ListUserTagsInput, return out, req.Send() } +// ListUserTagsPages iterates over the pages of a ListUserTags operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListUserTags method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListUserTags operation. +// pageNum := 0 +// err := client.ListUserTagsPages(params, +// func(page *iam.ListUserTagsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *IAM) ListUserTagsPages(input *ListUserTagsInput, fn func(*ListUserTagsOutput, bool) bool) error { + return c.ListUserTagsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListUserTagsPagesWithContext same as ListUserTagsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) ListUserTagsPagesWithContext(ctx aws.Context, input *ListUserTagsInput, fn func(*ListUserTagsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListUserTagsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListUserTagsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListUserTagsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListUsers = "ListUsers" // ListUsersRequest generates a "aws/request.Request" representing the @@ -12075,8 +12205,8 @@ func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, out // ListUsers API operation for AWS Identity and Access Management. // // Lists the IAM users that have the specified path prefix. If no path prefix -// is specified, the operation returns all users in the AWS account. If there -// are none, the operation returns an empty list. +// is specified, the operation returns all users in the account. If there are +// none, the operation returns an empty list. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -12221,7 +12351,7 @@ func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (r // ListVirtualMFADevices API operation for AWS Identity and Access Management. // -// Lists the virtual MFA devices defined in the AWS account by assignment status. +// Lists the virtual MFA devices defined in the account by assignment status. // If you do not specify an assignment status, the operation returns a list // of all virtual MFA devices. Assignment status can be Assigned, Unassigned, // or Any. @@ -12386,7 +12516,8 @@ func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *request.Re // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -12468,10 +12599,10 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // PutRolePermissionsBoundary API operation for AWS Identity and Access Management. // // Adds or updates the policy that is specified as the IAM role's permissions -// boundary. You can use an AWS managed policy or a customer managed policy -// to set the boundary for a role. Use the boundary to control the maximum permissions -// that the role can have. Setting a permissions boundary is an advanced feature -// that can affect the permissions for the role. +// boundary. You can use an Amazon Web Services managed policy or a customer +// managed policy to set the boundary for a role. Use the boundary to control +// the maximum permissions that the role can have. Setting a permissions boundary +// is an advanced feature that can affect the permissions for the role. // // You cannot set the boundary for a service-linked role. // @@ -12504,8 +12635,8 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // request the change through that service. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -12612,7 +12743,8 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -12700,10 +12832,10 @@ func (c *IAM) PutUserPermissionsBoundaryRequest(input *PutUserPermissionsBoundar // PutUserPermissionsBoundary API operation for AWS Identity and Access Management. // // Adds or updates the policy that is specified as the IAM user's permissions -// boundary. You can use an AWS managed policy or a customer managed policy -// to set the boundary for a user. Use the boundary to control the maximum permissions -// that the user can have. Setting a permissions boundary is an advanced feature -// that can affect the permissions for the user. +// boundary. You can use an Amazon Web Services managed policy or a customer +// managed policy to set the boundary for a user. Use the boundary to control +// the maximum permissions that the user can have. Setting a permissions boundary +// is an advanced feature that can affect the permissions for the user. // // Policies that are used as permissions boundaries do not provide permissions. // You must also attach a permissions policy to the user. To learn how the effective @@ -12728,8 +12860,8 @@ func (c *IAM) PutUserPermissionsBoundaryRequest(input *PutUserPermissionsBoundar // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -12830,7 +12962,8 @@ func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *request.Requ // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -13030,7 +13163,8 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -13125,7 +13259,8 @@ func (c *IAM) RemoveUserFromGroupRequest(input *RemoveUserFromGroupInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13198,9 +13333,9 @@ func (c *IAM) ResetServiceSpecificCredentialRequest(input *ResetServiceSpecificC // ResetServiceSpecificCredential API operation for AWS Identity and Access Management. // // Resets the password for a service-specific credential. The new password is -// AWS generated and cryptographically strong. It cannot be configured by the -// user. Resetting the password immediately invalidates the previous password -// associated with this user. +// Amazon Web Services generated and cryptographically strong. It cannot be +// configured by the user. Resetting the password immediately invalidates the +// previous password associated with this user. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13282,7 +13417,7 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // ResyncMFADevice API operation for AWS Identity and Access Management. // // Synchronizes the specified MFA device with its IAM resource object on the -// AWS servers. +// Amazon Web Services servers. // // For more information about creating and working with virtual MFA devices, // see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) @@ -13306,7 +13441,8 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13408,7 +13544,8 @@ func (c *IAM) SetDefaultPolicyVersionRequest(input *SetDefaultPolicyVersionInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13482,23 +13619,24 @@ func (c *IAM) SetSecurityTokenServicePreferencesRequest(input *SetSecurityTokenS // SetSecurityTokenServicePreferences API operation for AWS Identity and Access Management. // // Sets the specified version of the global endpoint token as the token version -// used for the AWS account. +// used for the account. // -// By default, AWS Security Token Service (STS) is available as a global service, +// By default, Security Token Service (STS) is available as a global service, // and all STS requests go to a single endpoint at https://sts.amazonaws.com. -// AWS recommends using Regional STS endpoints to reduce latency, build in redundancy, -// and increase session token availability. For information about Regional endpoints -// for STS, see AWS AWS Security Token Service endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) -// in the AWS General Reference. +// Amazon Web Services recommends using Regional STS endpoints to reduce latency, +// build in redundancy, and increase session token availability. For information +// about Regional endpoints for STS, see Security Token Service endpoints and +// quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) in the Amazon +// Web Services General Reference. // // If you make an STS call to the global endpoint, the resulting session tokens // might be valid in some Regions but not others. It depends on the version -// that is set in this operation. Version 1 tokens are valid only in AWS Regions +// that is set in this operation. Version 1 tokens are valid only in Regions // that are available by default. These tokens do not work in manually enabled // Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in // all Regions. However, version 2 tokens are longer and might affect systems // where you temporarily store tokens. For information, see Activating and deactivating -// STS in an AWS region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // To view the current session token version, see the GlobalEndpointTokenVersion @@ -13589,8 +13727,9 @@ func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req // SimulateCustomPolicy API operation for AWS Identity and Access Management. // // Simulate how a set of IAM policies and optionally a resource-based policy -// works with a list of API operations and AWS resources to determine the policies' -// effective permissions. The policies are provided as strings. +// works with a list of API operations and Amazon Web Services resources to +// determine the policies' effective permissions. The policies are provided +// as strings. // // The simulation does not perform the API operations; it only checks the authorization // to determine if the simulated policies allow or deny the operations. You @@ -13599,11 +13738,11 @@ func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req // If you want to simulate existing policies that are attached to an IAM user, // group, or role, use SimulatePrincipalPolicy instead. // -// Context keys are variables that are maintained by AWS and its services and -// which provide details about the context of an API query request. You can -// use the Condition element of an IAM policy to evaluate context keys. To get -// the list of context keys that the policies require for correct simulation, -// use GetContextKeysForCustomPolicy. +// Context keys are variables that are maintained by Amazon Web Services and +// its services and which provide details about the context of an API query +// request. You can use the Condition element of an IAM policy to evaluate context +// keys. To get the list of context keys that the policies require for correct +// simulation, use GetContextKeysForCustomPolicy. // // If the output is long, you can use MaxItems and Marker parameters to paginate // the results. @@ -13753,11 +13892,11 @@ func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput // SimulatePrincipalPolicy API operation for AWS Identity and Access Management. // // Simulate how a set of IAM policies attached to an IAM entity works with a -// list of API operations and AWS resources to determine the policies' effective -// permissions. The entity can be an IAM user, group, or role. If you specify -// a user, then the simulation also includes all of the policies that are attached -// to groups that the user belongs to. You can simulate resources that don't -// exist in your account. +// list of API operations and Amazon Web Services resources to determine the +// policies' effective permissions. The entity can be an IAM user, group, or +// role. If you specify a user, then the simulation also includes all of the +// policies that are attached to groups that the user belongs to. You can simulate +// resources that don't exist in your account. // // You can optionally include a list of one or more additional policies specified // as strings to include in the simulation. If you want to simulate only policies @@ -13773,10 +13912,11 @@ func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput // to other users. If you do not want users to see other user's permissions, // then consider allowing them to use SimulateCustomPolicy instead. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. You can use the Condition -// element of an IAM policy to evaluate context keys. To get the list of context -// keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy. +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. You can use +// the Condition element of an IAM policy to evaluate context keys. To get the +// list of context keys that the policies require for correct simulation, use +// GetContextKeysForPrincipalPolicy. // // If the output is long, you can use the MaxItems and Marker parameters to // paginate the results. @@ -13948,9 +14088,9 @@ func (c *IAM) TagInstanceProfileRequest(input *TagInstanceProfileInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13970,7 +14110,8 @@ func (c *IAM) TagInstanceProfileRequest(input *TagInstanceProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14073,9 +14214,9 @@ func (c *IAM) TagMFADeviceRequest(input *TagMFADeviceInput) (req *request.Reques // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14095,7 +14236,8 @@ func (c *IAM) TagMFADeviceRequest(input *TagMFADeviceInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14200,9 +14342,9 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14218,7 +14360,8 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14324,9 +14467,9 @@ func (c *IAM) TagPolicyRequest(input *TagPolicyInput) (req *request.Request, out // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14342,7 +14485,8 @@ func (c *IAM) TagPolicyRequest(input *TagPolicyInput) (req *request.Request, out // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14445,7 +14589,7 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // in the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14453,9 +14597,9 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. @@ -14474,7 +14618,8 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14583,9 +14728,9 @@ func (c *IAM) TagSAMLProviderRequest(input *TagSAMLProviderInput) (req *request. // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14601,7 +14746,8 @@ func (c *IAM) TagSAMLProviderRequest(input *TagSAMLProviderInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14686,10 +14832,10 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // Adds one or more tags to an IAM server certificate. If a tag with the same // key name already exists, then that tag is overwritten with the new value. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // A tag consists of a key name and an associated value. By assigning tags to @@ -14708,7 +14854,7 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // in the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14716,9 +14862,9 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14738,7 +14884,8 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14837,7 +14984,7 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14845,9 +14992,9 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. @@ -14866,7 +15013,8 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -15529,10 +15677,10 @@ func (c *IAM) UntagServerCertificateRequest(input *UntagServerCertificateInput) // about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -15724,10 +15872,10 @@ func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request. // a key rotation workflow. // // If the UserName is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) // in the IAM User Guide. @@ -15746,7 +15894,8 @@ func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -15819,7 +15968,7 @@ func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPol // UpdateAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Updates the password policy settings for the AWS account. +// Updates the password policy settings for the account. // // * This operation does not support partial updates. No parameters are required, // but if you do not specify a parameter, that parameter's value reverts @@ -15850,7 +15999,8 @@ func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPol // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -15946,7 +16096,8 @@ func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -16056,7 +16207,8 @@ func (c *IAM) UpdateGroupRequest(input *UpdateGroupInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16129,10 +16281,10 @@ func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *re // UpdateLoginProfile API operation for AWS Identity and Access Management. // -// Changes the password for the specified IAM user. You can use the AWS CLI, -// the AWS API, or the Users page in the IAM console to change the password -// for any IAM user. Use ChangePassword to change your own password in the My -// Security Credentials page in the AWS Management Console. +// Changes the password for the specified IAM user. You can use the CLI, the +// Amazon Web Services API, or the Users page in the IAM console to change the +// password for any IAM user. Use ChangePassword to change your own password +// in the My Security Credentials page in the Management Console. // // For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. @@ -16161,7 +16313,8 @@ func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16542,7 +16695,8 @@ func (c *IAM) UpdateSAMLProviderRequest(input *UpdateSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16621,10 +16775,10 @@ func (c *IAM) UpdateSSHPublicKeyRequest(input *UpdateSSHPublicKeyInput) (req *re // work flow. // // The SSH public key affected by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16710,8 +16864,8 @@ func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // You should understand the implications of changing a server certificate's // path or name. For more information, see Renaming a server certificate (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts) @@ -16744,7 +16898,8 @@ func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16906,10 +17061,10 @@ func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInp // user's signing certificate as part of a certificate rotation work flow. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16925,7 +17080,8 @@ func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -17025,7 +17181,8 @@ func (c *IAM) UpdateUserRequest(input *UpdateUserInput) (req *request.Request, o // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -17115,10 +17272,10 @@ func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *re // Uploads an SSH public key and associates it with the specified IAM user. // // The SSH public key uploaded by this operation can be used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17130,7 +17287,8 @@ func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *re // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -17214,20 +17372,21 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // UploadServerCertificate API operation for AWS Identity and Access Management. // -// Uploads a server certificate entity for the AWS account. The server certificate +// Uploads a server certificate entity for the account. The server certificate // entity includes a public key certificate, a private key, and an optional // certificate chain, which should all be PEM-encoded. // -// We recommend that you use AWS Certificate Manager (https://docs.aws.amazon.com/acm/) +// We recommend that you use Certificate Manager (https://docs.aws.amazon.com/acm/) // to provision, manage, and deploy your server certificates. With ACM you can -// request a certificate, deploy it to AWS resources, and let ACM handle certificate -// renewals for you. Certificates provided by ACM are free. For more information -// about using ACM, see the AWS Certificate Manager User Guide (https://docs.aws.amazon.com/acm/latest/userguide/). +// request a certificate, deploy it to Amazon Web Services resources, and let +// ACM handle certificate renewals for you. Certificates provided by ACM are +// free. For more information about using ACM, see the Certificate Manager User +// Guide (https://docs.aws.amazon.com/acm/latest/userguide/). // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic includes a list of AWS services that can -// use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // For information about the number of server certificates you can upload, see // IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) @@ -17236,10 +17395,11 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // Because the body of the public key certificate, private key, and the certificate // chain can be large, you should use POST rather than GET when calling UploadServerCertificate. // For information about setting up signatures and authorization through the -// API, see Signing AWS API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) -// in the AWS General Reference. For general information about using the Query -// API with IAM, see Calling the API by making HTTP query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) -// in the IAM User Guide. +// API, see Signing Amazon Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// in the Amazon Web Services General Reference. For general information about +// using the Query API with IAM, see Calling the API by making HTTP query requests +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the +// IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17251,7 +17411,8 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -17345,26 +17506,26 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // UploadSigningCertificate API operation for AWS Identity and Access Management. // // Uploads an X.509 signing certificate and associates it with the specified -// IAM user. Some AWS services require you to use certificates to validate requests -// that are signed with a corresponding private key. When you upload the certificate, -// its default status is Active. +// IAM user. Some Amazon Web Services services require you to use certificates +// to validate requests that are signed with a corresponding private key. When +// you upload the certificate, its default status is Active. // // For information about when you would use an X.509 signing certificate, see // Managing server certificates in IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // If the UserName is not specified, the IAM user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // Because the body of an X.509 certificate can be large, you should use POST // rather than GET when calling UploadSigningCertificate. For information about -// setting up signatures and authorization through the API, see Signing AWS -// API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) -// in the AWS General Reference. For general information about using the Query -// API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) +// setting up signatures and authorization through the API, see Signing Amazon +// Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// in the Amazon Web Services General Reference. For general information about +// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -17377,7 +17538,8 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -17424,10 +17586,10 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload return out, req.Send() } -// An object that contains details about when a principal in the reported AWS -// Organizations entity last attempted to access an AWS service. A principal -// can be an IAM user, an IAM role, or the AWS account root user within the -// reported Organizations entity. +// An object that contains details about when a principal in the reported Organizations +// entity last attempted to access an Amazon Web Services service. A principal +// can be an IAM user, an IAM role, or the Amazon Web Services account root +// user within the reported Organizations entity. // // This data type is a response element in the GetOrganizationsAccessReport // operation. @@ -17436,7 +17598,7 @@ type AccessDetail struct { // The path of the Organizations entity (root, organizational unit, or account) // from which an authenticated principal last attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no principals (IAM users, IAM roles, or root users) // in the reported Organizations entity attempted to access the service within @@ -17445,7 +17607,7 @@ type AccessDetail struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated principal most recently attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no principals in the reported Organizations entity // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -17465,12 +17627,12 @@ type AccessDetail struct { // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -17526,7 +17688,7 @@ func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail { return s } -// Contains information about an AWS access key. +// Contains information about an Amazon Web Services access key. // // This data type is used as a response element in the CreateAccessKey and ListAccessKeys // operations. @@ -17603,8 +17765,8 @@ func (s *AccessKey) SetUserName(v string) *AccessKey { return s } -// Contains information about the last time an AWS access key was used since -// IAM began tracking this information on April 22, 2015. +// Contains information about the last time an Amazon Web Services access key +// was used since IAM began tracking this information on April 22, 2015. // // This data type is used as a response element in the GetAccessKeyLastUsed // operation. @@ -17625,8 +17787,8 @@ type AccessKeyLastUsed struct { // LastUsedDate is a required field LastUsedDate *time.Time `type:"timestamp" required:"true"` - // The AWS Region where this access key was most recently used. The value for - // this field is "N/A" in the following situations: + // The Region where this access key was most recently used. The value for this + // field is "N/A" in the following situations: // // * The user does not have an access key. // @@ -17635,14 +17797,14 @@ type AccessKeyLastUsed struct { // // * There is no sign-in data associated with the user. // - // For more information about AWS Regions, see Regions and endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) + // For more information about Regions, see Regions and endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) // in the Amazon Web Services General Reference. // // Region is a required field Region *string `type:"string" required:"true"` - // The name of the AWS service with which this access key was most recently - // used. The value of this field is "N/A" in the following situations: + // The name of the Amazon Web Services service with which this access key was + // most recently used. The value of this field is "N/A" in the following situations: // // * The user does not have an access key. // @@ -17683,7 +17845,8 @@ func (s *AccessKeyLastUsed) SetServiceName(v string) *AccessKeyLastUsed { return s } -// Contains information about an AWS access key, without its secret key. +// Contains information about an Amazon Web Services access key, without its +// secret key. // // This data type is used as a response element in the ListAccessKeys operation. type AccessKeyMetadata struct { @@ -17987,7 +18150,7 @@ type AttachGroupPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18057,7 +18220,7 @@ type AttachRolePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18136,7 +18299,7 @@ type AttachUserPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18265,10 +18428,11 @@ func (s *AttachedPermissionsBoundary) SetPermissionsBoundaryType(v string) *Atta type AttachedPolicy struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. PolicyArn *string `min:"20" type:"string"` // The friendly name of the attached policy. @@ -18300,7 +18464,7 @@ func (s *AttachedPolicy) SetPolicyName(v string) *AttachedPolicy { type ChangePasswordInput struct { _ struct{} `type:"structure"` - // The new password. The new password must conform to the AWS account's password + // The new password. The new password must conform to the account's password // policy, if one exists. // // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate @@ -18308,9 +18472,9 @@ type ChangePasswordInput struct { // any printable ASCII character from the space (\u0020) through the end of // the ASCII character range (\u00FF). You can also include the tab (\u0009), // line feed (\u000A), and carriage return (\u000D) characters. Any of these - // characters are valid in a password. However, many tools, such as the AWS - // Management Console, might restrict the ability to type certain characters - // because they have special meaning within that tool. + // characters are valid in a password. However, many tools, such as the Management + // Console, might restrict the ability to type certain characters because they + // have special meaning within that tool. // // NewPassword is a required field NewPassword *string `min:"1" type:"string" required:"true" sensitive:"true"` @@ -18795,9 +18959,9 @@ type CreateLoginProfileInput struct { // any printable ASCII character from the space (\u0020) through the end of // the ASCII character range (\u00FF). You can also include the tab (\u0009), // line feed (\u000A), and carriage return (\u000D) characters. Any of these - // characters are valid in a password. However, many tools, such as the AWS - // Management Console, might restrict the ability to type certain characters - // because they have special meaning within that tool. + // characters are valid in a password. However, many tools, such as the Management + // Console, might restrict the ability to type certain characters because they + // have special meaning within that tool. // // Password is a required field Password *string `min:"1" type:"string" required:"true" sensitive:"true"` @@ -18946,9 +19110,9 @@ type CreateOpenIDConnectProviderInput struct { // Typically the URL consists of only a hostname, like https://server.example.org // or https://example.com. // - // You cannot register the same provider multiple times in a single AWS account. + // You cannot register the same provider multiple times in a single account. // If you try to submit a URL that has already been used for an OpenID Connect - // provider in the AWS account, you will get an error. + // provider in the account, you will get an error. // // Url is a required field Url *string `min:"1" type:"string" required:"true"` @@ -19085,11 +19249,20 @@ type CreatePolicyInput struct { // The JSON policy document that you want to use as the content for the new // policy. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // + // To learn more about JSON policy grammar, see Grammar of the IAM JSON policy + // language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) + // in the IAM User Guide. + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -19230,7 +19403,7 @@ type CreatePolicyVersionInput struct { // a new version. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -19238,11 +19411,16 @@ type CreatePolicyVersionInput struct { // The JSON policy document that you want to use as the content for this new // version of the policy. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -19351,8 +19529,8 @@ type CreateRoleInput struct { // assume the role. // // In IAM, you must provide a JSON policy that has been converted to a string. - // However, for AWS CloudFormation templates formatted in YAML, you can provide - // the policy in JSON or YAML format. AWS CloudFormation always converts a YAML + // However, for CloudFormation templates formatted in YAML, you can provide + // the policy in JSON or YAML format. CloudFormation always converts a YAML // policy to JSON format before submitting it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -19379,8 +19557,8 @@ type CreateRoleInput struct { // role. If you do not specify a value for this setting, the default maximum // of one hour is applied. This setting can have a value from 1 hour to 12 hours. // - // Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds - // API parameter or the duration-seconds CLI parameter to request a longer session. + // Anyone who assumes the role from the or API can use the DurationSeconds API + // parameter or the duration-seconds CLI parameter to request a longer session. // The MaxSessionDuration setting determines the maximum duration that can be // requested using the DurationSeconds parameter. If users don't specify a value // for the DurationSeconds parameter, their security credentials are valid for @@ -19681,13 +19859,13 @@ func (s *CreateSAMLProviderOutput) SetTags(v []*Tag) *CreateSAMLProviderOutput { type CreateServiceLinkedRoleInput struct { _ struct{} `type:"structure"` - // The service principal for the AWS service to which this role is attached. - // You use a string similar to a URL but without the http:// in front. For example: - // elasticbeanstalk.amazonaws.com. + // The service principal for the Amazon Web Services service to which this role + // is attached. You use a string similar to a URL but without the http:// in + // front. For example: elasticbeanstalk.amazonaws.com. // // Service principals are unique and case-sensitive. To find the exact service - // principal for your service-linked role, see AWS services that work with IAM - // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) + // principal for your service-linked role, see Amazon Web Services services + // that work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) // in the IAM User Guide. Look for the services that have Yes in the Service-Linked // Role column. Choose the Yes link to view the service-linked role documentation // for that service. @@ -19783,9 +19961,9 @@ func (s *CreateServiceLinkedRoleOutput) SetRole(v *Role) *CreateServiceLinkedRol type CreateServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` - // The name of the AWS service that is to be associated with the credentials. - // The service you specify here is the only service that can be accessed using - // these credentials. + // The name of the Amazon Web Services service that is to be associated with + // the credentials. The service you specify here is the only service that can + // be accessed using these credentials. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` @@ -20688,7 +20866,7 @@ type DeletePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to delete. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -20747,7 +20925,7 @@ type DeletePolicyVersionInput struct { // a version. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21744,7 +21922,7 @@ type DetachGroupPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21814,7 +21992,7 @@ type DetachRolePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21893,7 +22071,7 @@ type DetachUserPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -22100,7 +22278,8 @@ func (s EnableMFADeviceOutput) GoString() string { } // An object that contains details about when the IAM entities (users or roles) -// were last used in an attempt to access the specified AWS service. +// were last used in an attempt to access the specified Amazon Web Services +// service. // // This data type is a response element in the GetServiceLastAccessedDetailsWithEntities // operation. @@ -22113,8 +22292,8 @@ type EntityDetails struct { EntityInfo *EntityInfo `type:"structure" required:"true"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - // when the authenticated entity last attempted to access AWS. AWS does not - // report unauthenticated requests. + // when the authenticated entity last attempted to access Amazon Web Services. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -22149,10 +22328,11 @@ func (s *EntityDetails) SetLastAuthenticated(v time.Time) *EntityDetails { type EntityInfo struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -22286,14 +22466,14 @@ type EvaluationResult struct { // If the simulation evaluates policies within the same account and specifies // all resources (*), then the parameter is not returned. // - // When you make a cross-account request, AWS evaluates the request in the trusting - // account and the trusted account. The request is allowed only if both evaluations - // return true. For more information about how policies are evaluated, see Evaluating - // policies within a single account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). + // When you make a cross-account request, Amazon Web Services evaluates the + // request in the trusting account and the trusted account. The request is allowed + // only if both evaluations return true. For more information about how policies + // are evaluated, see Evaluating policies within a single account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). // - // If an AWS Organizations SCP included in the evaluation denies access, the - // simulation ends. In this case, policy evaluation does not proceed any further - // and this parameter is not returned. + // If an Organizations SCP included in the evaluation denies access, the simulation + // ends. In this case, policy evaluation does not proceed any further and this + // parameter is not returned. EvalDecisionDetails map[string]*string `type:"map"` // The ARN of the resource that the indicated API operation was tested on. @@ -22443,20 +22623,20 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR type GenerateOrganizationsAccessReportInput struct { _ struct{} `type:"structure"` - // The path of the AWS Organizations entity (root, OU, or account). You can - // build an entity path using the known structure of your organization. For - // example, assume that your account ID is 123456789012 and its parent OU ID - // is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and - // your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + // The path of the Organizations entity (root, OU, or account). You can build + // an entity path using the known structure of your organization. For example, + // assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. + // The organization root ID is r-f6g7h8i9j0example and your organization ID + // is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. // // EntityPath is a required field EntityPath *string `min:"19" type:"string" required:"true"` - // The identifier of the AWS Organizations service control policy (SCP). This - // parameter is optional. + // The identifier of the Organizations service control policy (SCP). This parameter + // is optional. // // This ID is used to generate information about when an account principal that - // is limited by the SCP attempted to access an AWS service. + // is limited by the SCP attempted to access an Amazon Web Services service. OrganizationsPolicyId *string `type:"string"` } @@ -22526,7 +22706,7 @@ type GenerateServiceLastAccessedDetailsInput struct { // The ARN of the IAM resource (user, group, role, or managed policy) used to // generate information about when the resource was last used in an attempt - // to access an AWS service. + // to access an Amazon Web Services service. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -22658,7 +22838,7 @@ type GetAccessKeyLastUsedOutput struct { // Contains information about the last time the access key was used. AccessKeyLastUsed *AccessKeyLastUsed `type:"structure"` - // The name of the AWS IAM user that owns this access key. + // The name of the IAM user that owns this access key. UserName *string `min:"1" type:"string"` } @@ -23018,7 +23198,7 @@ type GetContextKeysForPrincipalPolicyInput struct { // a real HTML request. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicySourceArn is a required field PolicySourceArn *string `min:"20" type:"string" required:"true"` @@ -23340,8 +23520,8 @@ type GetGroupPolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -23500,7 +23680,8 @@ func (s *GetLoginProfileInput) SetUserName(v string) *GetLoginProfileInput { type GetLoginProfileOutput struct { _ struct{} `type:"structure"` - // A structure containing the user name and password create date for the user. + // A structure containing the user name and the profile creation date for the + // user. // // LoginProfile is a required field LoginProfile *LoginProfile `type:"structure" required:"true"` @@ -23530,7 +23711,7 @@ type GetOpenIDConnectProviderInput struct { // by using the ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -23577,7 +23758,7 @@ type GetOpenIDConnectProviderOutput struct { ClientIDList []*string `type:"list"` // The date and time when the IAM OIDC provider resource object was created - // in the AWS account. + // in the account. CreateDate *time.Time `type:"timestamp"` // A list of tags that are attached to the specified IAM OIDC provider. The @@ -23847,7 +24028,7 @@ type GetPolicyInput struct { // about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -23916,7 +24097,7 @@ type GetPolicyVersionInput struct { // about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -24141,8 +24322,8 @@ type GetRolePolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -24193,7 +24374,7 @@ type GetSAMLProviderInput struct { // to get information about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -24675,16 +24856,17 @@ type GetServiceLastAccessedDetailsWithEntitiesInput struct { // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` - // The service namespace for an AWS service. Provide the service namespace to - // learn when the IAM entity last attempted to access the specified service. + // The service namespace for an Amazon Web Services service. Provide the service + // namespace to learn when the IAM entity last attempted to access the specified + // service. // // To learn the service namespace for a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the IAM User Guide. Choose the name of the service to view details for // that service. In the first paragraph, find the service prefix. For example, // (service prefix: a4b). For more information about service namespaces, see - // AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -24757,7 +24939,7 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct { // An EntityDetailsList object that contains details about when an IAM entity // (user or role) used group or policy permissions in an attempt to access the - // specified AWS service. + // specified Amazon Web Services service. // // EntityDetailsList is a required field EntityDetailsList []*EntityDetails `type:"list" required:"true"` @@ -24985,10 +25167,11 @@ type GetUserOutput struct { // // You can use password last used information to identify unused credentials // for deletion. For example, you might delete users who did not sign in to - // AWS in the last 90 days. In cases like this, we recommend that you adjust - // your evaluation window to include dates after May 23, 2018. Alternatively, - // if your users use access keys to access AWS programmatically you can refer - // to access key last used information because it is accurate for all dates. + // Amazon Web Services in the last 90 days. In cases like this, we recommend + // that you adjust your evaluation window to include dates after May 23, 2018. + // Alternatively, if your users use access keys to access Amazon Web Services + // programmatically you can refer to access key last used information because + // it is accurate for all dates. // // User is a required field User *User `type:"structure" required:"true"` @@ -25083,8 +25266,8 @@ type GetUserPolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -25220,10 +25403,11 @@ func (s *Group) SetPath(v string) *Group { type GroupDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // A list of the managed policies attached to the group. @@ -25599,8 +25783,8 @@ func (s *ListAccountAliasesInput) SetMaxItems(v int64) *ListAccountAliasesInput type ListAccountAliasesOutput struct { _ struct{} `type:"structure"` - // A list of aliases associated with the account. AWS supports only one alias - // per account. + // A list of aliases associated with the account. Amazon Web Services supports + // only one alias per account. // // AccountAliases is a required field AccountAliases []*string `type:"list" required:"true"` @@ -26133,7 +26317,7 @@ type ListEntitiesForPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -26684,9 +26868,9 @@ type ListInstanceProfileTagsInput struct { // The name of the IAM instance profile whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -26697,16 +26881,15 @@ type ListInstanceProfileTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` } @@ -26764,11 +26947,11 @@ type ListInstanceProfileTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27080,24 +27263,23 @@ type ListMFADeviceTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The unique identifier for the IAM virtual MFA device whose tags you want // to see. For virtual MFA devices, the serial number is the same as the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -27157,11 +27339,11 @@ type ListMFADeviceTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27338,24 +27520,23 @@ type ListOpenIDConnectProviderTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the OpenID Connect (OIDC) identity provider whose tags you want // to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -27415,11 +27596,11 @@ type ListOpenIDConnectProviderTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27481,7 +27662,7 @@ func (s ListOpenIDConnectProvidersInput) GoString() string { type ListOpenIDConnectProvidersOutput struct { _ struct{} `type:"structure"` - // The list of IAM OIDC provider resource objects defined in the AWS account. + // The list of IAM OIDC provider resource objects defined in the account. OpenIDConnectProviderList []*OpenIDConnectProviderListEntry `type:"list"` } @@ -27516,12 +27697,12 @@ type ListPoliciesGrantingServiceAccessEntry struct { // The namespace of the service that was accessed. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. ServiceNamespace *string `min:"1" type:"string"` } @@ -27562,15 +27743,16 @@ type ListPoliciesGrantingServiceAccessInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // The service namespace for the AWS services whose policies you want to list. + // The service namespace for the Amazon Web Services services whose policies + // you want to list. // // To learn the service namespace for a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the IAM User Guide. Choose the name of the service to view details for // that service. In the first paragraph, find the service prefix. For example, // (service prefix: a4b). For more information about service namespaces, see - // AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespaces is a required field ServiceNamespaces []*string `min:"1" type:"list" required:"true"` @@ -27726,8 +27908,8 @@ type ListPoliciesInput struct { // The scope to use for filtering the results. // - // To list only AWS managed policies, set Scope to AWS. To list only the customer - // managed policies in your AWS account, set Scope to Local. + // To list only Amazon Web Services managed policies, set Scope to AWS. To list + // only the customer managed policies in your account, set Scope to Local. // // This parameter is optional. If it is not included, or if it is set to All, // all policies are returned. @@ -27856,23 +28038,22 @@ type ListPolicyTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the IAM customer managed policy whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -27932,11 +28113,11 @@ type ListPolicyTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28002,7 +28183,7 @@ type ListPolicyVersionsInput struct { // The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -28249,16 +28430,15 @@ type ListRoleTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM role for which you want to see the list of tags. @@ -28325,11 +28505,11 @@ type ListRoleTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28511,24 +28691,23 @@ type ListSAMLProviderTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the Security Assertion Markup Language (SAML) identity provider // whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -28588,11 +28767,11 @@ type ListSAMLProviderTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28654,7 +28833,8 @@ func (s ListSAMLProvidersInput) GoString() string { type ListSAMLProvidersOutput struct { _ struct{} `type:"structure"` - // The list of SAML provider resource objects defined in IAM for this AWS account. + // The list of SAML provider resource objects defined in IAM for this Amazon + // Web Services account. SAMLProviderList []*SAMLProviderListEntry `type:"list"` } @@ -28695,8 +28875,8 @@ type ListSSHPublicKeysInput struct { MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM user to list SSH public keys for. If none is specified, - // the UserName field is determined implicitly based on the AWS access key used - // to sign the request. + // the UserName field is determined implicitly based on the Amazon Web Services + // access key used to sign the request. // // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) // a string of characters consisting of upper and lowercase alphanumeric characters @@ -28808,23 +28988,22 @@ type ListServerCertificateTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM server certificate whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -28884,11 +29063,11 @@ type ListServerCertificateTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -29064,8 +29243,9 @@ func (s *ListServerCertificatesOutput) SetServerCertificateMetadataList(v []*Ser type ListServiceSpecificCredentialsInput struct { _ struct{} `type:"structure"` - // Filters the returned results to only those for the specified AWS service. - // If not specified, then AWS returns service-specific credentials for all services. + // Filters the returned results to only those for the specified Amazon Web Services + // service. If not specified, then Amazon Web Services returns service-specific + // credentials for all services. ServiceName *string `type:"string"` // The name of the user whose service-specific credentials you want information @@ -29400,23 +29580,22 @@ type ListUserTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM user whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -29476,11 +29655,11 @@ type ListUserTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -29789,7 +29968,7 @@ type LoginProfile struct { // Specifies whether the user is required to set a new password on next sign-in. PasswordResetRequired *bool `type:"boolean"` - // The name of the user, which can be used for signing in to the AWS Management + // The name of the user, which can be used for signing in to the Management // Console. // // UserName is a required field @@ -29888,10 +30067,11 @@ func (s *MFADevice) SetUserName(v string) *MFADevice { type ManagedPolicyDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The number of principal entities (users, groups, and roles) that the policy @@ -30038,10 +30218,11 @@ func (s *ManagedPolicyDetail) SetUpdateDate(v time.Time) *ManagedPolicyDetail { type OpenIDConnectProviderListEntry struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` } @@ -30248,10 +30429,11 @@ func (s *PermissionsBoundaryDecisionDetail) SetAllowedByPermissionsBoundary(v bo type Policy struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The number of entities (users, groups, and roles) that the policy is attached @@ -30453,10 +30635,11 @@ type PolicyGrantingServiceAccess struct { // in the IAM User Guide. EntityType *string `type:"string" enum:"PolicyOwnerEntityType"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. PolicyArn *string `min:"20" type:"string"` // The policy name. @@ -30761,10 +30944,10 @@ type PutGroupPolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting - // it to IAM. + // CloudFormation always converts a YAML policy to JSON format before submitting + // it to = IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: @@ -30940,9 +31123,9 @@ type PutRolePolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -31128,9 +31311,9 @@ type PutUserPolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -31251,7 +31434,7 @@ type RemoveClientIDFromOpenIDConnectProviderInput struct { // ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -31800,9 +31983,8 @@ type Role struct { Description *string `type:"string"` // The maximum session duration (in seconds) for the specified role. Anyone - // who uses the AWS CLI, or API to assume the role can specify the duration - // using the optional DurationSeconds API parameter or duration-seconds CLI - // parameter. + // who uses the CLI, or API to assume the role can specify the duration using + // the optional DurationSeconds API parameter or duration-seconds CLI parameter. MaxSessionDuration *int64 `min:"3600" type:"integer"` // The path to the role. For more information about paths, see IAM identifiers @@ -31929,10 +32111,11 @@ func (s *Role) SetTags(v []*Tag) *Role { type RoleDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The trust policy that grants permission to assume the role. @@ -32092,7 +32275,7 @@ type RoleLastUsed struct { // in the IAM User Guide. LastUsedDate *time.Time `type:"timestamp"` - // The name of the AWS Region in which the role was last used. + // The name of the Region in which the role was last used. Region *string `type:"string"` } @@ -32220,8 +32403,8 @@ type SSHPublicKey struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status of the SSH public key. Active means that the key can be used for - // authentication with an AWS CodeCommit repository. Inactive means that the - // key cannot be used. + // authentication with an CodeCommit repository. Inactive means that the key + // cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -32294,8 +32477,8 @@ type SSHPublicKeyMetadata struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status of the SSH public key. Active means that the key can be used for - // authentication with an AWS CodeCommit repository. Inactive means that the - // key cannot be used. + // authentication with an CodeCommit repository. Inactive means that the key + // cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -32504,21 +32687,22 @@ type ServiceLastAccessed struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated entity most recently attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). LastAuthenticated *time.Time `type:"timestamp"` // The ARN of the authenticated entity (user or role) that last attempted to - // access the service. AWS does not report unauthenticated requests. + // access the service. Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). LastAuthenticatedEntity *string `min:"20" type:"string"` // The Region from which the authenticated entity (user or role) last attempted - // to access the service. AWS does not report unauthenticated requests. + // to access the service. Amazon Web Services does not report unauthenticated + // requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -32532,12 +32716,12 @@ type ServiceLastAccessed struct { // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -32639,8 +32823,8 @@ type ServiceSpecificCredential struct { // The generated user name for the service-specific credential. This value is // generated by combining the IAM user's name combined with the ID number of - // the AWS account, as in jane-at-123456789012, for example. This value cannot - // be configured by the user. + // the Amazon Web Services account, as in jane-at-123456789012, for example. + // This value cannot be configured by the user. // // ServiceUserName is a required field ServiceUserName *string `min:"17" type:"string" required:"true"` @@ -32799,7 +32983,7 @@ type SetDefaultPolicyVersionInput struct { // want to set. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -32873,12 +33057,12 @@ type SetSecurityTokenServicePreferencesInput struct { _ struct{} `type:"structure"` // The version of the global endpoint token. Version 1 tokens are valid only - // in AWS Regions that are available by default. These tokens do not work in - // manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens - // are valid in all Regions. However, version 2 tokens are longer and might - // affect systems where you temporarily store tokens. + // in Regions that are available by default. These tokens do not work in manually + // enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid + // in all Regions. However, version 2 tokens are longer and might affect systems + // where you temporarily store tokens. // - // For information, see Activating and deactivating STS in an AWS region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // For information, see Activating and deactivating STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // GlobalEndpointTokenVersion is a required field @@ -33050,6 +33234,11 @@ type SimulateCustomPolicyInput struct { // in the IAM User Guide. The policy input is specified as a string that contains // the complete, valid JSON text of a permissions boundary policy. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33073,6 +33262,11 @@ type SimulateCustomPolicyInput struct { // API operations. In other words, do not use policies designed to restrict // what a user can do while using the temporary credentials. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33088,12 +33282,12 @@ type SimulateCustomPolicyInput struct { // PolicyInputList is a required field PolicyInputList []*string `type:"list" required:"true"` - // A list of ARNs of AWS resources to include in the simulation. If this parameter - // is not provided, then the value defaults to * (all resources). Each API in - // the ActionNames parameter is evaluated for each resource in this list. The - // simulation determines the access result (allowed or denied) of each combination - // and reports it in the response. You can simulate resources that don't exist - // in your account. + // A list of ARNs of Amazon Web Services resources to include in the simulation. + // If this parameter is not provided, then the value defaults to * (all resources). + // Each API in the ActionNames parameter is evaluated for each resource in this + // list. The simulation determines the access result (allowed or denied) of + // each combination and reports it in the response. You can simulate resources + // that don't exist in your account. // // The simulation does not automatically retrieve policies for the specified // resources. If you want to include a resource policy in the simulation, then @@ -33103,7 +33297,7 @@ type SimulateCustomPolicyInput struct { // resources included in the simulation or you receive an invalid input error. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. ResourceArns []*string `type:"list"` // Specifies the type of simulation to run. Different API operations that support @@ -33137,7 +33331,7 @@ type SimulateCustomPolicyInput struct { // subnet, volume ResourceHandlingOption *string `min:"1" type:"string"` - // An ARN representing the AWS account ID that specifies the owner of any simulated + // An ARN representing the account ID that specifies the owner of any simulated // resource that does not identify its owner in the resource ARN. Examples of // resource ARNs include an S3 bucket or object. If ResourceOwner is specified, // it is also used as the account owner of any ResourcePolicy included in the @@ -33156,6 +33350,11 @@ type SimulateCustomPolicyInput struct { // Each resource in the simulation is treated as if it had this policy attached. // You can include only one resource-based policy in a simulation. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33365,7 +33564,7 @@ type SimulatePrincipalPolicyInput struct { // policy's Principal element has a value to use in evaluating the policy. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. CallerArn *string `min:"1" type:"string"` // A list of context keys and corresponding values for the simulation to use. @@ -33401,6 +33600,11 @@ type SimulatePrincipalPolicyInput struct { // in the IAM User Guide. The policy input is specified as a string containing // the complete, valid JSON text of a permissions boundary policy. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33437,25 +33641,30 @@ type SimulatePrincipalPolicyInput struct { // If you specify a user, the simulation also includes all policies that are // attached to any groups the user belongs to. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicySourceArn is a required field PolicySourceArn *string `min:"20" type:"string" required:"true"` - // A list of ARNs of AWS resources to include in the simulation. If this parameter - // is not provided, then the value defaults to * (all resources). Each API in - // the ActionNames parameter is evaluated for each resource in this list. The - // simulation determines the access result (allowed or denied) of each combination - // and reports it in the response. You can simulate resources that don't exist - // in your account. + // A list of ARNs of Amazon Web Services resources to include in the simulation. + // If this parameter is not provided, then the value defaults to * (all resources). + // Each API in the ActionNames parameter is evaluated for each resource in this + // list. The simulation determines the access result (allowed or denied) of + // each combination and reports it in the response. You can simulate resources + // that don't exist in your account. // // The simulation does not automatically retrieve policies for the specified // resources. If you want to include a resource policy in the simulation, then // you must include the policy as a string in the ResourcePolicy parameter. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. ResourceArns []*string `type:"list"` // Specifies the type of simulation to run. Different API operations that support @@ -33489,11 +33698,11 @@ type SimulatePrincipalPolicyInput struct { // subnet, volume ResourceHandlingOption *string `min:"1" type:"string"` - // An AWS account ID that specifies the owner of any simulated resource that - // does not identify its owner in the resource ARN. Examples of resource ARNs - // include an S3 bucket or object. If ResourceOwner is specified, it is also - // used as the account owner of any ResourcePolicy included in the simulation. - // If the ResourceOwner parameter is not specified, then the owner of the resources + // An account ID that specifies the owner of any simulated resource that does + // not identify its owner in the resource ARN. Examples of resource ARNs include + // an S3 bucket or object. If ResourceOwner is specified, it is also used as + // the account owner of any ResourcePolicy included in the simulation. If the + // ResourceOwner parameter is not specified, then the owner of the resources // and the resource policy defaults to the account of the identity provided // in CallerArn. This parameter is required only if you specify a resource-based // policy and account that owns the resource is different from the account that @@ -33504,6 +33713,11 @@ type SimulatePrincipalPolicyInput struct { // Each resource in the simulation is treated as if it had this policy attached. // You can include only one resource-based policy in a simulation. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33721,9 +33935,9 @@ type Tag struct { // number associated with the different cost centers in your company. Typically, // many resources have tags with the same key name but with different values. // - // AWS always interprets the tag Value as a single string. If you need to store - // an array, you can store comma-separated values in the string. However, you - // must interpret the value in your code. + // Amazon Web Services always interprets the tag Value as a single string. If + // you need to store an array, you can store comma-separated values in the string. + // However, you must interpret the value in your code. // // Value is a required field Value *string `type:"string" required:"true"` @@ -33775,9 +33989,9 @@ type TagInstanceProfileInput struct { // The name of the IAM instance profile to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -33860,9 +34074,9 @@ type TagMFADeviceInput struct { // The unique identifier for the IAM virtual MFA device to which you want to // add tags. For virtual MFA devices, the serial number is the same as the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -33944,9 +34158,9 @@ type TagOpenIDConnectProviderInput struct { // The ARN of the OIDC identity provider in IAM to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -34028,9 +34242,9 @@ type TagPolicyInput struct { // The ARN of the IAM customer managed policy to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -34196,9 +34410,9 @@ type TagSAMLProviderInput struct { // The ARN of the SAML identity provider in IAM to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -34280,9 +34494,9 @@ type TagServerCertificateInput struct { // The name of the IAM server certificate to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -34370,9 +34584,9 @@ type TagUserInput struct { // The name of the IAM user to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -34455,14 +34669,16 @@ type TrackedActionLastAccessed struct { // are actions that report activity to IAM. ActionName *string `type:"string"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. LastAccessedEntity *string `min:"20" type:"string"` // The Region from which the authenticated entity (user or role) last attempted - // to access the tracked action. AWS does not report unauthenticated requests. + // to access the tracked action. Amazon Web Services does not report unauthenticated + // requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -34470,7 +34686,7 @@ type TrackedActionLastAccessed struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated entity most recently attempted to access the tracked - // service. AWS does not report unauthenticated requests. + // service. Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -34516,9 +34732,9 @@ type UntagInstanceProfileInput struct { // The name of the IAM instance profile from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -34592,9 +34808,9 @@ type UntagMFADeviceInput struct { // to remove tags. For virtual MFA devices, the serial number is the same as // the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -34666,9 +34882,9 @@ type UntagOpenIDConnectProviderInput struct { // The ARN of the OIDC provider in IAM from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -34741,9 +34957,9 @@ type UntagPolicyInput struct { // The ARN of the IAM customer managed policy from which you want to remove // tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -34890,9 +35106,9 @@ type UntagSAMLProviderInput struct { // The ARN of the SAML identity provider in IAM from which you want to remove // tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -34964,9 +35180,9 @@ type UntagServerCertificateInput struct { // The name of the IAM server certificate from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -35044,9 +35260,9 @@ type UntagUserInput struct { // The name of the IAM user from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -35120,8 +35336,8 @@ type UpdateAccessKeyInput struct { AccessKeyId *string `min:"16" type:"string" required:"true"` // The status you want to assign to the secret access key. Active means that - // the key can be used for programmatic calls to AWS, while Inactive means that - // the key cannot be used. + // the key can be used for programmatic calls to Amazon Web Services, while + // Inactive means that the key cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -35201,9 +35417,9 @@ func (s UpdateAccessKeyOutput) GoString() string { type UpdateAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` - // Allows all IAM users in your account to use the AWS Management Console to - // change their own passwords. For more information, see Letting IAM users change - // their own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html) + // Allows all IAM users in your account to use the Management Console to change + // their own passwords. For more information, see Letting IAM users change their + // own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html) // in the IAM User Guide. // // If you do not specify a value for this parameter, then the operation uses @@ -35376,9 +35592,9 @@ type UpdateAssumeRolePolicyInput struct { // The policy that grants an entity permission to assume the role. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -35577,8 +35793,7 @@ type UpdateLoginProfileInput struct { // return (\u000D) // // However, the format can be further restricted by the account administrator - // by setting a password policy on the AWS account. For more information, see - // UpdateAccountPasswordPolicy. + // by setting a password policy on the account. For more information, see UpdateAccountPasswordPolicy. Password *string `min:"1" type:"string" sensitive:"true"` // Allows this new password to be used only once by requiring the specified @@ -35664,7 +35879,7 @@ type UpdateOpenIDConnectProviderThumbprintInput struct { // ARNs by using the ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -35819,7 +36034,7 @@ type UpdateRoleInput struct { // role. If you do not specify a value for this setting, the default maximum // of one hour is applied. This setting can have a value from 1 hour to 12 hours. // - // Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds + // Anyone who assumes the role from the CLI or API can use the DurationSeconds // API parameter or the duration-seconds CLI parameter to request a longer session. // The MaxSessionDuration setting determines the maximum duration that can be // requested using the DurationSeconds parameter. If users don't specify a value @@ -35913,7 +36128,7 @@ type UpdateSAMLProviderInput struct { // The Amazon Resource Name (ARN) of the SAML provider to update. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -36000,7 +36215,7 @@ type UpdateSSHPublicKeyInput struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status to assign to the SSH public key. Active means that the key can - // be used for authentication with an AWS CodeCommit repository. Inactive means + // be used for authentication with an CodeCommit repository. Inactive means // that the key cannot be used. // // Status is a required field @@ -36284,8 +36499,8 @@ type UpdateSigningCertificateInput struct { CertificateId *string `min:"24" type:"string" required:"true"` // The status you want to assign to the certificate. Active means that the certificate - // can be used for programmatic calls to AWS Inactive means that the certificate - // cannot be used. + // can be used for programmatic calls to Amazon Web Services Inactive means + // that the certificate cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -36899,9 +37114,9 @@ type User struct { CreateDate *time.Time `type:"timestamp" required:"true"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - // when the user's password was last used to sign in to an AWS website. For - // a list of AWS websites that capture a user's last sign-in time, see the Credential - // reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) + // when the user's password was last used to sign in to an Amazon Web Services + // website. For a list of Amazon Web Services websites that capture a user's + // last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // topic in the IAM User Guide. If a password is used more than once in a five-minute // span, only the first use is returned in this field. If the field is null // (no value), then it indicates that they never signed in with a password. @@ -37017,10 +37232,11 @@ func (s *User) SetUserName(v string) *User { type UserDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // A list of the managed policies attached to the user. diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/doc.go b/vendor/github.com/aws/aws-sdk-go/service/iam/doc.go index 13f89fa190..c8a978b6ee 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/doc.go @@ -3,12 +3,12 @@ // Package iam provides the client and types for making API // requests to AWS Identity and Access Management. // -// AWS Identity and Access Management (IAM) is a web service for securely controlling -// access to AWS services. With IAM, you can centrally manage users, security -// credentials such as access keys, and permissions that control which AWS resources -// users and applications can access. For more information about IAM, see AWS -// Identity and Access Management (IAM) (http://aws.amazon.com/iam/) and the -// AWS Identity and Access Management User Guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/). +// Identity and Access Management (IAM) is a web service for securely controlling +// access to Amazon Web Services services. With IAM, you can centrally manage +// users, security credentials such as access keys, and permissions that control +// which Amazon Web Services resources users and applications can access. For +// more information about IAM, see Identity and Access Management (IAM) (http://aws.amazon.com/iam/) +// and the Identity and Access Management User Guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/). // // See https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go index 3a4ff5f050..376c9710ee 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go @@ -117,7 +117,8 @@ const ( // "LimitExceeded". // // The request was rejected because it attempted to create resources beyond - // the current AWS account limits. The error message describes the limit exceeded. + // the current Amazon Web Services account limits. The error message describes + // the limit exceeded. ErrCodeLimitExceededException = "LimitExceeded" // ErrCodeMalformedCertificateException for service response error code @@ -158,8 +159,8 @@ const ( // ErrCodePolicyNotAttachableException for service response error code // "PolicyNotAttachable". // - // The request failed because AWS service role policies can only be attached - // to the service-linked role for that service. + // The request failed because Amazon Web Services service role policies can + // only be attached to the service-linked role for that service. ErrCodePolicyNotAttachableException = "PolicyNotAttachable" // ErrCodeReportGenerationLimitExceededException for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go index 8cfb8ad8b8..d19a47ecb4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go @@ -562,6 +562,9 @@ type IAMAPI interface { ListUserTagsWithContext(aws.Context, *iam.ListUserTagsInput, ...request.Option) (*iam.ListUserTagsOutput, error) ListUserTagsRequest(*iam.ListUserTagsInput) (*request.Request, *iam.ListUserTagsOutput) + ListUserTagsPages(*iam.ListUserTagsInput, func(*iam.ListUserTagsOutput, bool) bool) error + ListUserTagsPagesWithContext(aws.Context, *iam.ListUserTagsInput, func(*iam.ListUserTagsOutput, bool) bool, ...request.Option) error + ListUsers(*iam.ListUsersInput) (*iam.ListUsersOutput, error) ListUsersWithContext(aws.Context, *iam.ListUsersInput, ...request.Option) (*iam.ListUsersOutput, error) ListUsersRequest(*iam.ListUsersInput) (*request.Request, *iam.ListUsersOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 0a9db87ab0..1f3b5eae7b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -65,7 +65,7 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -374,17 +374,20 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // -// Creates a friendly name for a customer master key (CMK). You can use an alias -// to identify a CMK in the AWS KMS console, in the DescribeKey operation and -// in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), -// such as Encrypt and GenerateDataKey. +// Creates a friendly name for a customer master key (CMK). // -// You can also change the CMK that's associated with the alias (UpdateAlias) -// or delete the alias (DeleteAlias) at any time. These operations don't affect -// the underlying CMK. +// Adding, deleting, or updating an alias can allow or deny permission to the +// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the AWS Key Management Service Developer Guide. +// +// You can use an alias to identify a CMK in the AWS KMS console, in the DescribeKey +// operation and in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), +// such as Encrypt and GenerateDataKey. You can also change the CMK that's associated +// with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any time. +// These operations don't affect the underlying CMK. // // You can associate the alias with any customer managed CMK in the same AWS -// Region. Each alias is associated with only on CMK at a time, but a CMK can +// Region. Each alias is associated with only one CMK at a time, but a CMK can // have multiple aliases. A valid CMK is required. You can't create an alias // without a CMK. // @@ -397,7 +400,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // use the ListAliases operation. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on an alias in a @@ -715,36 +718,36 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // CreateGrant API operation for AWS Key Management Service. // -// Adds a grant to a customer master key (CMK). The grant allows the grantee -// principal to use the CMK when the conditions specified in the grant are met. -// When setting permissions, grants are an alternative to key policies. +// Adds a grant to a customer master key (CMK). // -// To create a grant that allows a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) -// only when the request includes a particular encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context), -// use the Constraints parameter. For details, see GrantConstraints. +// A grant is a policy instrument that allows AWS principals to use AWS KMS +// customer master keys (CMKs) in cryptographic operations. It also can allow +// them to view a CMK (DescribeKey) and create and manage grants. When authorizing +// access to a CMK, grants are considered along with key policies and IAM policies. +// Grants are often used for temporary permissions because you can create one, +// use its permissions, and delete it without changing your key policies or +// IAM policies. // -// You can create grants on symmetric and asymmetric CMKs. However, if the grant -// allows an operation that the CMK does not support, CreateGrant fails with -// a ValidationException. +// For detailed information about grants, including grant terminology, see Using +// grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide . For examples of working +// with grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // -// * Grants for symmetric CMKs cannot allow operations that are not supported -// for symmetric CMKs, including Sign, Verify, and GetPublicKey. (There are -// limited exceptions to this rule for legacy operations, but you should -// not create a grant for an operation that AWS KMS does not support.) +// The CreateGrant operation returns a GrantToken and a GrantId. // -// * Grants for asymmetric CMKs cannot allow operations that are not supported -// for asymmetric CMKs, including operations that generate data keys (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey) -// or data key pairs (https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair), -// or operations related to automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html), -// imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// or CMKs in custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// * When you create, retire, or revoke a grant, there might be a brief delay, +// usually less than five minutes, until the grant is available throughout +// AWS KMS. This state is known as eventual consistency. Once the grant has +// achieved eventual consistency, the grantee principal can use the permissions +// in the grant without identifying the grant. However, to use the permissions +// in the grant immediately, use the GrantToken that CreateGrant returns. +// For details, see Using a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html) +// in the AWS Key Management Service Developer Guide . // -// * Grants for asymmetric CMKs with a KeyUsage of ENCRYPT_DECRYPT cannot -// allow the Sign or Verify operations. Grants for asymmetric CMKs with a -// KeyUsage of SIGN_VERIFY cannot allow the Encrypt or Decrypt operations. -// -// * Grants for asymmetric CMKs cannot include an encryption context grant -// constraint. An encryption context is not supported on asymmetric CMKs. +// * The CreateGrant operation also returns a GrantId. You can use the GrantId +// and a key identifier to identify the grant in the RetireGrant and RevokeGrant +// operations. To find the grant ID, use the ListGrants or ListRetirableGrants +// operations. // // For information about symmetric and asymmetric CMKs, see Using Symmetric // and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) @@ -753,7 +756,7 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // in the AWS Key Management Service Developer Guide . // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation on a CMK in a different @@ -920,7 +923,29 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // and the default value for KeyUsage, ENCRYPT_DECRYPT, are the only valid values // for symmetric CMKs. // -// Imported Key Material +// Multi-Region primary keys +// +// Imported key material +// +// To create a multi-Region primary key in the local AWS Region, use the MultiRegion +// parameter with a value of True. To create a multi-Region replica key, that +// is, a CMK with the same key ID and key material as a primary key, but in +// a different AWS Region, use the ReplicateKey operation. To change a replica +// key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion +// operation. +// +// This operation supports multi-Region keys, an AWS KMS feature that lets you +// create multiple interoperable CMKs in different AWS Regions. Because these +// CMKs have the same key ID, key material, and other metadata, you can use +// them to encrypt data in one AWS Region and decrypt it in a different AWS +// Region without making a cross-Region call or exposing the plaintext data. +// For more information about multi-Region keys, see Using multi-Region keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the AWS Key Management Service Developer Guide. +// +// You can create symmetric and asymmetric multi-Region keys and multi-Region +// keys with imported key material. You cannot create multi-Region keys in a +// custom key store. // // To import your own key material, begin by creating a symmetric CMK with no // key material. To do this, use the Origin parameter of CreateKey with a value @@ -931,7 +956,14 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // in the AWS Key Management Service Developer Guide . You cannot import the // key material into an asymmetric CMK. // -// Custom Key Stores +// To create a multi-Region primary key with imported key material, use the +// Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion +// parameter with a value of True. To create replicas of the multi-Region primary +// key, use the ReplicateKey operation. For more information about multi-Region +// keys, see Using multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the AWS Key Management Service Developer Guide. +// +// Custom key store // // To create a symmetric CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // use the CustomKeyStoreId parameter to specify the custom key store. You must @@ -939,8 +971,9 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // cluster that is associated with the custom key store must have at least two // active HSMs in different Availability Zones in the AWS Region. // -// You cannot create an asymmetric CMK in a custom key store. For information -// about custom key stores in AWS KMS see Using Custom Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// You cannot create an asymmetric CMK or a multi-Region CMK in a custom key +// store. For information about custom key stores in AWS KMS see Using Custom +// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the AWS Key Management Service Developer Guide . // // Cross-account use: No. You cannot use this operation to create a CMK in a @@ -1166,7 +1199,7 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. You can decrypt a ciphertext using a CMK in a different @@ -1321,6 +1354,10 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // // Deletes the specified alias. // +// Adding, deleting, or updating an alias can allow or deny permission to the +// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the AWS Key Management Service Developer Guide. +// // Because an alias is not a property of a CMK, you can delete and change the // aliases of a CMK without affecting the CMK. Also, aliases do not appear in // the response from the DescribeKey operation. To get the aliases of all CMKs, @@ -1615,7 +1652,7 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // the same key material into the CMK. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -1733,14 +1770,14 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // DescribeCustomKeyStores API operation for AWS Key Management Service. // // Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) -// in the account and region. +// in the account and Region. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // By default, this operation returns information about all custom key stores -// in the account and region. To get only information about a particular custom +// in the account and Region. To get only information about a particular custom // key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter // (but not both). // @@ -1790,6 +1827,10 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // +// * InvalidMarkerException +// The request was rejected because the marker that specifies where pagination +// should next begin is not valid. +// // * InternalException // The request was rejected because an internal exception occurred. The request // can be retried. @@ -2009,12 +2050,12 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // Sets the state of a customer master key (CMK) to disabled. This change temporarily // prevents use of the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // -// For more information about how key state affects the use of a CMK, see How -// Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For more information about how key state affects the use of a CMK, see Key +// state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide . // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -2127,11 +2168,15 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified symmetric customer master key (CMK). // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), +// set the property on the primary key. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -2398,7 +2443,7 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // you to use the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -2516,11 +2561,15 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified symmetric customer master key (CMK). // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), +// set the property on the primary key. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -2697,7 +2746,7 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // * RSA_4096 RSAES_OAEP_SHA_1: 470 bytes RSAES_OAEP_SHA_256: 446 bytes // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -2860,7 +2909,7 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // How to use your data key @@ -3062,7 +3111,7 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -3234,7 +3283,7 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -3418,7 +3467,7 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -3565,9 +3614,8 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // specify the custom key store ID. // -// For more information about entropy and random number generation, see the -// AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf) -// whitepaper. +// For more information about entropy and random number generation, see AWS +// Key Management Service Cryptographic Details (https://docs.aws.amazon.com/kms/latest/cryptographic-details/). // // Required permissions: kms:GenerateRandom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // (IAM policy) @@ -3789,12 +3837,16 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // is enabled for the specified customer master key (CMK). // -// You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported -// key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// The key rotation status for these CMKs is always false. +// You cannot enable automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), +// CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), +// or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). +// To enable or disable automatic rotation of a set of related multi-Region +// keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), +// set the property on the primary key. The key rotation status for these CMKs +// is always false. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * Disabled: The key rotation status does not change when you disable a @@ -3941,7 +3993,7 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // send another GetParametersForImport request. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -4097,7 +4149,7 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // errors, such as using the wrong signing algorithm in a verification operation. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -4280,7 +4332,7 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -5145,6 +5197,10 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // // Related operations: // +// * CreateKey +// +// * ReplicateKey +// // * TagResource // // * UntagResource @@ -5239,8 +5295,10 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // ListRetirableGrants API operation for AWS Key Management Service. // -// Returns all grants in which the specified principal is the RetiringPrincipal -// in the grant. +// Returns information about all grants in the AWS account and Region that have +// the specified retiring principal. For more information about grants, see +// Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide . // // You can specify any principal in your AWS account. The grants that are returned // include grants for CMKs in your AWS account and other AWS accounts. @@ -5542,7 +5600,7 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // does not include configurable fields. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. The source CMK and destination CMK can be in different @@ -5663,6 +5721,198 @@ func (c *KMS) ReEncryptWithContext(ctx aws.Context, input *ReEncryptInput, opts return out, req.Send() } +const opReplicateKey = "ReplicateKey" + +// ReplicateKeyRequest generates a "aws/request.Request" representing the +// client's request for the ReplicateKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ReplicateKey for more information on using the ReplicateKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ReplicateKeyRequest method. +// req, resp := client.ReplicateKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReplicateKey +func (c *KMS) ReplicateKeyRequest(input *ReplicateKeyInput) (req *request.Request, output *ReplicateKeyOutput) { + op := &request.Operation{ + Name: opReplicateKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ReplicateKeyInput{} + } + + output = &ReplicateKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReplicateKey API operation for AWS Key Management Service. +// +// Replicates a multi-Region key into the specified Region. This operation creates +// a multi-Region replica key based on a multi-Region primary key in a different +// Region of the same AWS partition. You can create multiple replicas of a primary +// key, but each must be in a different Region. To create a multi-Region primary +// key, use the CreateKey operation. +// +// This operation supports multi-Region keys, an AWS KMS feature that lets you +// create multiple interoperable CMKs in different AWS Regions. Because these +// CMKs have the same key ID, key material, and other metadata, you can use +// them to encrypt data in one AWS Region and decrypt it in a different AWS +// Region without making a cross-Region call or exposing the plaintext data. +// For more information about multi-Region keys, see Using multi-Region keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the AWS Key Management Service Developer Guide. +// +// A replica key is a fully-functional CMK that can be used independently of +// its primary and peer replica keys. A primary key and its replica keys share +// properties that make them interoperable. They have the same key ID (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id) +// and key material. They also have the same key spec (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec), +// key usage (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage), +// key material origin (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin), +// and automatic key rotation status (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). +// AWS KMS automatically synchronizes these shared properties among related +// multi-Region keys. All other properties of a replica key can differ, including +// its key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), +// tags (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html), +// aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html), +// and key state (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). +// AWS KMS pricing and quotas for CMKs apply to each primary key and replica +// key. +// +// When this operation completes, the new replica key has a transient key state +// of Creating. This key state changes to Enabled (or PendingImport) after a +// few seconds when the process of creating the new replica key is complete. +// While the key state is Creating, you can manage key, but you cannot yet use +// it in cryptographic operations. If you are creating and using the replica +// key programmatically, retry on KMSInvalidStateException or call DescribeKey +// to check its KeyState value before using it. For details about the Creating +// key state, see Key state: Effect on your CMK (kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// The AWS CloudTrail log of a ReplicateKey operation records a ReplicateKey +// operation in the primary key's Region and a CreateKey operation in the replica +// key's Region. +// +// If you replicate a multi-Region primary key with imported key material, the +// replica key is created with no key material. You must import the same key +// material that you imported into the primary key. For details, see Importing +// key material into multi-Region keys (kms/latest/developerguide/multi-region-keys-import.html) +// in the AWS Key Management Service Developer Guide. +// +// To convert a replica key to a primary key, use the UpdatePrimaryRegion operation. +// +// ReplicateKey uses different default values for the KeyPolicy and Tags parameters +// than those used in the AWS KMS console. For details, see the parameter descriptions. +// +// Cross-account use: No. You cannot use this operation to create a CMK in a +// different AWS account. +// +// Required permissions: +// +// * kms:ReplicateKey on the primary CMK (in the primary CMK's Region). Include +// this permission in the primary CMK's key policy. +// +// * kms:CreateKey in an IAM policy in the replica Region. +// +// * To use the Tags parameter, kms:TagResource in an IAM policy in the replica +// Region. +// +// Related operations +// +// * CreateKey +// +// * UpdatePrimaryRegion +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation ReplicateKey for usage and error information. +// +// Returned Error Types: +// * AlreadyExistsException +// The request was rejected because it attempted to create a resource that already +// exists. +// +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * LimitExceededException +// The request was rejected because a quota was exceeded. For more information, +// see Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// in the AWS Key Management Service Developer Guide. +// +// * MalformedPolicyDocumentException +// The request was rejected because the specified policy is not syntactically +// or semantically correct. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * TagException +// The request was rejected because one or more tags are not valid. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReplicateKey +func (c *KMS) ReplicateKey(input *ReplicateKeyInput) (*ReplicateKeyOutput, error) { + req, out := c.ReplicateKeyRequest(input) + return out, req.Send() +} + +// ReplicateKeyWithContext is the same as ReplicateKey with the addition of +// the ability to pass a context and additional request options. +// +// See ReplicateKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) ReplicateKeyWithContext(ctx aws.Context, input *ReplicateKeyInput, opts ...request.Option) (*ReplicateKeyOutput, error) { + req, out := c.ReplicateKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRetireGrant = "RetireGrant" // RetireGrantRequest generates a "aws/request.Request" representing the @@ -5708,29 +5958,28 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // RetireGrant API operation for AWS Key Management Service. // -// Retires a grant. To clean up, you can retire a grant when you're done using -// it. You should revoke a grant when you intend to actively deny operations -// that depend on it. The following are permitted to call this API: +// Deletes a grant. Typically, you retire a grant when you no longer need its +// permissions. To identify the grant to retire, use a grant token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token), +// or both the grant ID and a key identifier (key ID or key ARN) of the customer +// master key (CMK). The CreateGrant operation returns both values. // -// * The AWS account (root user) under which the grant was created +// This operation can be called by the retiring principal for a grant, by the +// grantee principal if the grant allows the RetireGrant operation, and by the +// AWS account (root user) in which the grant is created. It can also be called +// by principals to whom permission for retiring a grant is delegated. For details, +// see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) +// in the AWS Key Management Service Developer Guide. // -// * The RetiringPrincipal, if present in the grant -// -// * The GranteePrincipal, if RetireGrant is an operation specified in the -// grant -// -// You must identify the grant to retire by its grant token or by a combination -// of the grant ID and the Amazon Resource Name (ARN) of the customer master -// key (CMK). A grant token is a unique variable-length base64-encoded string. -// A grant ID is a 64 character unique identifier of a grant. The CreateGrant -// operation returns both. +// For detailed information about grants, including grant terminology, see Using +// grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide . For examples of working +// with grants in several programming languages, see Programming grants (https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html). // // Cross-account use: Yes. You can retire a grant on a CMK in a different AWS // account. // -// Required permissions:: Permission to retire a grant is specified in the grant. -// You cannot control access to this operation in a policy. For more information, -// see Using grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// Required permissions::Permission to retire a grant is determined primarily +// by the grant. For details, see Retiring and revoking grants (https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete) // in the AWS Key Management Service Developer Guide. // // Related operations: @@ -5848,14 +6097,22 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // RevokeGrant API operation for AWS Key Management Service. // -// Revokes the specified grant for the specified customer master key (CMK). -// You can revoke a grant to actively deny operations that depend on it. +// Deletes the specified grant. You revoke a grant to terminate the permissions +// that the grant allows. For more information, see Retiring and revoking grants +// (https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete) +// in the AWS Key Management Service Developer Guide . +// +// When you create, retire, or revoke a grant, there might be a brief delay, +// usually less than five minutes, until the grant is available throughout AWS +// KMS. This state is known as eventual consistency. For details, see Eventual +// consistency (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) +// in the AWS Key Management Service Developer Guide . // // Cross-account use: Yes. To perform this operation on a CMK in a different // AWS account, specify the key ARN in the value of the KeyId parameter. // // Required permissions: kms:RevokeGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// (key policy) +// (key policy). // // Related operations: // @@ -5968,18 +6225,20 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // ScheduleKeyDeletion API operation for AWS Key Management Service. // -// Schedules the deletion of a customer master key (CMK). You may provide a -// waiting period, specified in days, before deletion occurs. If you do not -// provide a waiting period, the default period of 30 days is used. When this -// operation is successful, the key state of the CMK changes to PendingDeletion. +// Schedules the deletion of a customer master key (CMK). By default, AWS KMS +// applies a waiting period of 30 days, but you can specify a waiting period +// of 7-30 days. When this operation is successful, the key state of the CMK +// changes to PendingDeletion and the key can't be used in any cryptographic +// operations. It remains in this state for the duration of the waiting period. // Before the waiting period ends, you can use CancelKeyDeletion to cancel the -// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK -// and all AWS KMS data associated with it, including all aliases that refer -// to it. +// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK, +// its key material, and all AWS KMS data associated with it, including all +// aliases that refer to it. // // Deleting a CMK is a destructive and potentially dangerous operation. When // a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. -// To prevent the use of a CMK without deleting it, use DisableKey. +// (The only exception is a multi-Region replica key.) To prevent the use of +// a CMK without deleting it, use DisableKey. // // If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // when the waiting period expires, ScheduleKeyDeletion deletes the CMK from @@ -5988,19 +6247,29 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // +// You can schedule the deletion of a multi-Region primary key and its replica +// keys at any time. However, AWS KMS will not delete a multi-Region primary +// key with existing replica keys. If you schedule the deletion of a primary +// key with replicas, its key state changes to PendingReplicaDeletion and it +// cannot be replicated or used in cryptographic operations. This status can +// continue indefinitely. When the last of its replicas keys is deleted (not +// just scheduled), the key state of the primary key changes to PendingDeletion +// and its waiting period (PendingWindowInDays) begins. For details, see Deleting +// multi-Region keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) +// in the AWS Key Management Service Developer Guide. +// // For more information about scheduling a CMK for deletion, see Deleting Customer // Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different // AWS account. // -// Required permissions: kms:ScheduleKeyDeletion (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) -// (key policy) +// Required permissions: kms:ScheduleKeyDeletion (key policy) // // Related operations // @@ -6142,7 +6411,7 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // the public key to verify the signature outside of AWS KMS. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -6275,24 +6544,31 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // // Adds or edits tags on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // -// Each tag consists of a tag key and a tag value, both of which are case-sensitive -// strings. The tag value can be an empty (null) string. +// Tagging or untagging a CMK can allow or deny permission to the CMK. For details, +// see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the AWS Key Management Service Developer Guide. // -// To add a tag, specify a new tag key and a tag value. To edit a tag, specify -// an existing tag key and a new tag value. +// Each tag consists of a tag key and a tag value, both of which are case-sensitive +// strings. The tag value can be an empty (null) string. To add a tag, specify +// a new tag key and a tag value. To edit a tag, specify an existing tag key +// and a new tag value. // // You can use this operation to tag a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), // but you cannot tag an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), // an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk), -// or an alias. +// a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept), +// or an alias (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept). // +// You can also add tags to a CMK while creating it (CreateKey) or replicating +// it (ReplicateKey). +// +// For information about using tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // For general information about tags, including the format and syntax, see // Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) -// in the Amazon Web Services General Reference. For information about using -// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// in the Amazon Web Services General Reference. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -6303,10 +6579,14 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // // Related operations // -// * UntagResource +// * CreateKey // // * ListResourceTags // +// * ReplicateKey +// +// * UntagResource +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6413,18 +6693,22 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // Deletes tags from a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // To delete a tag, specify the tag key and the CMK. // +// Tagging or untagging a CMK can allow or deny permission to the CMK. For details, +// see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the AWS Key Management Service Developer Guide. +// // When it succeeds, the UntagResource operation doesn't return any output. // Also, if the specified tag key isn't found on the CMK, it doesn't throw an // exception or return a response. To confirm that the operation worked, use // the ListResourceTags operation. // +// For information about using tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // For general information about tags, including the format and syntax, see // Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) -// in the Amazon Web Services General Reference. For information about using -// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// in the Amazon Web Services General Reference. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -6435,10 +6719,14 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // // Related operations // -// * TagResource +// * CreateKey // // * ListResourceTags // +// * ReplicateKey +// +// * TagResource +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6540,7 +6828,11 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // Associates an existing AWS KMS alias with a different customer master key // (CMK). Each alias is associated with only one CMK at a time, although a CMK // can have multiple aliases. The alias and the CMK must be in the same AWS -// account and region. +// account and Region. +// +// Adding, deleting, or updating an alias can allow or deny permission to the +// CMK. For details, see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) +// in the AWS Key Management Service Developer Guide. // // The current and new CMK must be the same type (both symmetric or both asymmetric), // and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This @@ -6557,7 +6849,7 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // of all CMKs in the account, use the ListAliases operation. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -6907,7 +7199,7 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // of a CMK, use DescribeKey. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: No. You cannot perform this operation on a CMK in a different @@ -6976,6 +7268,177 @@ func (c *KMS) UpdateKeyDescriptionWithContext(ctx aws.Context, input *UpdateKeyD return out, req.Send() } +const opUpdatePrimaryRegion = "UpdatePrimaryRegion" + +// UpdatePrimaryRegionRequest generates a "aws/request.Request" representing the +// client's request for the UpdatePrimaryRegion operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdatePrimaryRegion for more information on using the UpdatePrimaryRegion +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdatePrimaryRegionRequest method. +// req, resp := client.UpdatePrimaryRegionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdatePrimaryRegion +func (c *KMS) UpdatePrimaryRegionRequest(input *UpdatePrimaryRegionInput) (req *request.Request, output *UpdatePrimaryRegionOutput) { + op := &request.Operation{ + Name: opUpdatePrimaryRegion, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdatePrimaryRegionInput{} + } + + output = &UpdatePrimaryRegionOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UpdatePrimaryRegion API operation for AWS Key Management Service. +// +// Changes the primary key of a multi-Region key. +// +// This operation changes the replica key in the specified Region to a primary +// key and changes the former primary key to a replica key. For example, suppose +// you have a primary key in us-east-1 and a replica key in eu-west-2. If you +// run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2, the primary +// key is now the key in eu-west-2, and the key in us-east-1 becomes a replica +// key. For details, see +// +// This operation supports multi-Region keys, an AWS KMS feature that lets you +// create multiple interoperable CMKs in different AWS Regions. Because these +// CMKs have the same key ID, key material, and other metadata, you can use +// them to encrypt data in one AWS Region and decrypt it in a different AWS +// Region without making a cross-Region call or exposing the plaintext data. +// For more information about multi-Region keys, see Using multi-Region keys +// (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) +// in the AWS Key Management Service Developer Guide. +// +// The primary key of a multi-Region key is the source for properties that are +// always shared by primary and replica keys, including the key material, key +// ID (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id), +// key spec (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec), +// key usage (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage), +// key material origin (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin), +// and automatic key rotation (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html). +// It's the only key that can be replicated. You cannot delete the primary key +// (https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) +// until all replicas are deleted. +// +// The key ID and primary Region that you specify uniquely identify the replica +// key that will become the primary key. The primary Region must already have +// a replica key. This operation does not create a CMK in the specified Region. +// To find the replica keys, use the DescribeKey operation on the primary key +// or any replica key. To create a replica key, use the ReplicateKey operation. +// +// You can run this operation while using the affected multi-Region keys in +// cryptographic operations. This operation should not delay, interrupt, or +// cause failures in cryptographic operations. +// +// Even after this operation completes, the process of updating the primary +// Region might still be in progress for a few more seconds. Operations such +// as DescribeKey might display both the old and new primary keys as replicas. +// The old and new primary keys have a transient key state of Updating. The +// original key state is restored when the update is complete. While the key +// state is Updating, you can use the keys in cryptographic operations, but +// you cannot replicate the new primary key or perform certain management operations, +// such as enabling or disabling these keys. For details about the Updating +// key state, see Key state: Effect on your CMK (kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. +// +// This operation does not return any output. To verify that primary key is +// changed, use the DescribeKey operation. +// +// Cross-account use: No. You cannot use this operation in a different AWS account. +// +// Required permissions: +// +// * kms:UpdatePrimaryRegion on the current primary CMK (in the primary CMK's +// Region). Include this permission primary CMK's key policy. +// +// * kms:UpdatePrimaryRegion on the current replica CMK (in the replica CMK's +// Region). Include this permission in the replica CMK's key policy. +// +// Related operations +// +// * CreateKey +// +// * ReplicateKey +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Key Management Service's +// API operation UpdatePrimaryRegion for usage and error information. +// +// Returned Error Types: +// * DisabledException +// The request was rejected because the specified CMK is not enabled. +// +// * InvalidArnException +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. +// +// * InvalidStateException +// The request was rejected because the state of the specified resource is not +// valid for this request. +// +// For more information about how key state affects the use of a CMK, see How +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . +// +// * InternalException +// The request was rejected because an internal exception occurred. The request +// can be retried. +// +// * NotFoundException +// The request was rejected because the specified entity or resource could not +// be found. +// +// * UnsupportedOperationException +// The request was rejected because a specified parameter is not supported or +// a specified resource is not valid for this operation. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdatePrimaryRegion +func (c *KMS) UpdatePrimaryRegion(input *UpdatePrimaryRegionInput) (*UpdatePrimaryRegionOutput, error) { + req, out := c.UpdatePrimaryRegionRequest(input) + return out, req.Send() +} + +// UpdatePrimaryRegionWithContext is the same as UpdatePrimaryRegion with the addition of +// the ability to pass a context and additional request options. +// +// See UpdatePrimaryRegion for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *KMS) UpdatePrimaryRegionWithContext(ctx aws.Context, input *UpdatePrimaryRegionInput, opts ...request.Option) (*UpdatePrimaryRegionOutput, error) { + req, out := c.UpdatePrimaryRegionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opVerify = "Verify" // VerifyRequest generates a "aws/request.Request" representing the @@ -7048,7 +7511,7 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // the CMK to verify signatures. // // The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// For details, see Key state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Cross-account use: Yes. To perform this operation with a CMK in a different @@ -7149,11 +7612,15 @@ type AliasListEntry struct { // String that contains the alias. This value begins with alias/. AliasName *string `min:"1" type:"string"` + // Date and time that the alias was most recently created in the account and + // Region. Formatted as Unix time. CreationDate *time.Time `type:"timestamp"` + // Date and time that the alias was most recently associated with a CMK in the + // account and Region. Formatted as Unix time. LastUpdatedDate *time.Time `type:"timestamp"` - // String that contains the key identifier referred to by the alias. + // String that contains the key identifier of the CMK associated with the alias. TargetKeyId *string `min:"1" type:"string"` } @@ -7257,10 +7724,9 @@ func (s *AlreadyExistsException) RequestID() string { type CancelKeyDeletionInput struct { _ struct{} `type:"structure"` - // The unique identifier for the customer master key (CMK) for which to cancel - // deletion. + // Identifies the customer master key (CMK) whose deletion is being canceled. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -7742,7 +8208,7 @@ type CreateAliasInput struct { // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) // in the AWS Key Management Service Developer Guide. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -7945,25 +8411,37 @@ func (s *CreateCustomKeyStoreOutput) SetCustomKeyStoreId(v string) *CreateCustom type CreateGrantInput struct { _ struct{} `type:"structure"` - // Allows a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) - // only when the encryption context matches or includes the encryption context - // specified in this structure. For more information about encryption context, - // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) - // in the AWS Key Management Service Developer Guide . + // Specifies a grant constraint. // - // Grant constraints are not applied to operations that do not support an encryption - // context, such as cryptographic operations with asymmetric CMKs and management - // operations, such as DescribeKey or RetireGrant. + // AWS KMS supports the EncryptionContextEquals and EncryptionContextSubset + // grant constraints. Each constraint value can include up to 8 encryption context + // pairs. The encryption context value in each constraint cannot exceed 384 + // characters. + // + // These grant constraints allow a cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) + // only when the encryption context in the request matches (EncryptionContextEquals) + // or includes (EncryptionContextSubset) the encryption context specified in + // this structure. For more information about encryption context, see Encryption + // Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide . For information about + // grant constraints, see Using grant constraints (https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints) + // in the AWS Key Management Service Developer Guide. + // + // The encryption context grant constraints are supported only on operations + // that include an encryption context. You cannot use an encryption context + // grant constraint for cryptographic operations with asymmetric CMKs or for + // management operations, such as DescribeKey or RetireGrant. Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The principal that is given permission to perform the operations that the - // grant permits. + // The identity that gets the permissions specified in the grant. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM @@ -7975,11 +8453,11 @@ type CreateGrantInput struct { // GranteePrincipal is a required field GranteePrincipal *string `min:"1" type:"string" required:"true"` - // The unique identifier for the customer master key (CMK) that the grant applies - // to. + // Identifies the customer master key (CMK) for the grant. The grant gives principals + // permission to use this CMK. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the CMK. To specify a CMK in a different + // AWS account, you must use the key ARN. // // For example: // @@ -8008,6 +8486,13 @@ type CreateGrantInput struct { // A list of operations that the grant permits. // + // The operation must be supported on the CMK. For example, you cannot create + // a grant for a symmetric CMK that allows the Sign operation, or a grant for + // an asymmetric CMK that allows the GenerateDataKey operation. If you try, + // AWS KMS returns a ValidationError exception. For details, see Grant operations + // (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations) + // in the AWS Key Management Service Developer Guide. + // // Operations is a required field Operations []*string `type:"list" required:"true"` @@ -8116,7 +8601,9 @@ type CreateGrantOutput struct { // The grant token. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` } @@ -8168,8 +8655,8 @@ type CreateKeyInput struct { // the custom key store must have at least two active HSMs, each in a different // Availability Zone in the Region. // - // This parameter is valid only for symmetric CMKs. You cannot create an asymmetric - // CMK in a custom key store. + // This parameter is valid only for symmetric CMKs and regional CMKs. You cannot + // create an asymmetric CMK or a multi-Region CMK in a custom key store. // // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // @@ -8218,7 +8705,7 @@ type CreateKeyInput struct { // A description of the CMK. // // Use a description that helps you decide whether the CMK is appropriate for - // a task. + // a task. The default value is an empty string (no description). Description *string `type:"string"` // Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) @@ -8236,22 +8723,43 @@ type CreateKeyInput struct { // * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // The source of the key material for the CMK. You cannot change the origin - // after you create the CMK. The default is AWS_KMS, which means AWS KMS creates - // the key material. + // Creates a multi-Region primary key that you can replicate into other AWS + // Regions. You cannot change this value after you create the CMK. // - // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material - // so that you can import key material from your existing key management infrastructure. - // For more information about importing key material into AWS KMS, see Importing - // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // For a multi-Region key, set this parameter to True. For a single-Region CMK, + // omit this parameter or set it to False. The default value is False. + // + // This operation supports multi-Region keys, an AWS KMS feature that lets you + // create multiple interoperable CMKs in different AWS Regions. Because these + // CMKs have the same key ID, key material, and other metadata, you can use + // them to encrypt data in one AWS Region and decrypt it in a different AWS + // Region without making a cross-Region call or exposing the plaintext data. + // For more information about multi-Region keys, see Using multi-Region keys + // (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) + // in the AWS Key Management Service Developer Guide. + // + // This value creates a primary key, not a replica. To create a replica key, + // use the ReplicateKey operation. + // + // You can create a symmetric or asymmetric multi-Region CMK, and you can create + // a multi-Region CMK with imported key material. However, you cannot create + // a multi-Region CMK in a custom key store. + MultiRegion *bool `type:"boolean"` + + // The source of the key material for the CMK. You cannot change the origin + // after you create the CMK. The default is AWS_KMS, which means that AWS KMS + // creates the key material. + // + // To create a CMK with no key material (for imported key material), set the + // value to EXTERNAL. For more information about importing key material into + // AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. This value is valid only // for symmetric CMKs. // - // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS - // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) - // and creates its key material in the associated AWS CloudHSM cluster. You - // must also use the CustomKeyStoreId parameter to identify the custom key store. - // This value is valid only for symmetric CMKs. + // To create a CMK in an AWS KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // and create its key material in the associated AWS CloudHSM cluster, set this + // value to AWS_CLOUDHSM. You must also use the CustomKeyStoreId parameter to + // identify the custom key store. This value is valid only for symmetric CMKs. Origin *string `type:"string" enum:"OriginType"` // The key policy to attach to the CMK. @@ -8285,19 +8793,25 @@ type CreateKeyInput struct { // in the IAM User Guide . Policy *string `min:"1" type:"string"` - // One or more tags. Each tag consists of a tag key and a tag value. Both the - // tag key and the tag value are required, but the tag value can be an empty - // (null) string. + // Assigns one or more tags to the CMK. Use this parameter to tag the CMK when + // it is created. To tag an existing CMK, use the TagResource operation. // - // When you add tags to an AWS resource, AWS generates a cost allocation report - // with usage and costs aggregated by tags. For information about adding, changing, - // deleting and listing tags for CMKs, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). - // - // Use this parameter to tag the CMK when it is created. To add tags to an existing - // CMK, use the TagResource operation. + // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, + // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the AWS Key Management Service Developer Guide. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // permission in an IAM policy. + // + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. + // You cannot have more than one tag on a CMK with the same tag key. If you + // specify an existing tag key with a different tag value, AWS KMS replaces + // the current tag value with the specified one. + // + // When you assign tags to an AWS resource, AWS generates a cost allocation + // report with usage and costs aggregated by tags. Tags can also be used to + // control access to a CMK. For details, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). Tags []*Tag `type:"list"` } @@ -8367,6 +8881,12 @@ func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { return s } +// SetMultiRegion sets the MultiRegion field's value. +func (s *CreateKeyInput) SetMultiRegion(v bool) *CreateKeyInput { + s.MultiRegion = &v + return s +} + // SetOrigin sets the Origin field's value. func (s *CreateKeyInput) SetOrigin(v string) *CreateKeyInput { s.Origin = &v @@ -8842,7 +9362,11 @@ type DecryptInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a newly created grant that has not yet achieved eventual consistency. Use + // a grant token when your permission to call this operation comes from a new + // grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -8855,9 +9379,9 @@ type DecryptInput struct { // recommended as a best practice. This practice ensures that you use the CMK // that you intend. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -9096,7 +9620,7 @@ type DeleteImportedKeyMaterialInput struct { // Identifies the CMK from which you are deleting imported key material. The // Origin of the CMK must be EXTERNAL. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -9220,7 +9744,7 @@ type DescribeCustomKeyStoresInput struct { // store ID. // // By default, this operation gets information about all custom key stores in - // the account and region. To limit the output to a particular custom key store, + // the account and Region. To limit the output to a particular custom key store, // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, // but not both. CustomKeyStoreId *string `min:"1" type:"string"` @@ -9229,7 +9753,7 @@ type DescribeCustomKeyStoresInput struct { // name of the custom key store. // // By default, this operation gets information about all custom key stores in - // the account and region. To limit the output to a particular custom key store, + // the account and Region. To limit the output to a particular custom key store, // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, // but not both. CustomKeyStoreName *string `min:"1" type:"string"` @@ -9351,7 +9875,9 @@ type DescribeKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -9361,9 +9887,9 @@ type DescribeKeyInput struct { // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // and returns its KeyId and Arn in the response. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -9446,9 +9972,9 @@ func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { type DisableKeyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies the customer master key (CMK) to disable. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -9516,7 +10042,7 @@ type DisableKeyRotationInput struct { // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -9691,9 +10217,9 @@ func (s DisconnectCustomKeyStoreOutput) GoString() string { type EnableKeyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Identifies the customer master key (CMK) to enable. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -9757,10 +10283,14 @@ type EnableKeyRotationInput struct { _ struct{} `type:"structure"` // Identifies a symmetric customer master key (CMK). You cannot enable automatic - // rotation of asymmetric CMKs, CMKs with imported key material, or CMKs in - // a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks), + // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), + // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). + // To enable or disable automatic rotation of a set of related multi-Region + // keys (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-replica-key), + // set the property on the primary key. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -9848,15 +10378,17 @@ type EncryptInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // A unique identifier for the customer master key (CMK). + // Identifies the customer master key (CMK) to use in the encryption operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10065,15 +10597,17 @@ type GenerateDataKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // Identifies the symmetric CMK that encrypts the data key. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10234,7 +10768,9 @@ type GenerateDataKeyPairInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -10242,9 +10778,9 @@ type GenerateDataKeyPairInput struct { // pair. You cannot specify an asymmetric CMK or a CMK in a custom key store. // To get the type and origin of your CMK, use the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10412,7 +10948,9 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -10421,9 +10959,9 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // a custom key store. To get the type and origin of your CMK, use the DescribeKey // operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10579,16 +11117,18 @@ type GenerateDataKeyWithoutPlaintextInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // The identifier of the symmetric customer master key (CMK) that encrypts the // data key. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10791,9 +11331,9 @@ func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { type GetKeyPolicyInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the key policy for the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -10883,10 +11423,10 @@ func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { type GetKeyRotationStatusInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the rotation status for the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the CMK. To specify a CMK in a different + // AWS account, you must use the key ARN. // // For example: // @@ -10961,7 +11501,7 @@ type GetParametersForImportInput struct { // The identifier of the symmetric CMK into which you will import key material. // The Origin of the CMK must be EXTERNAL. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -11103,15 +11643,17 @@ type GetPublicKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // Identifies the asymmetric CMK that includes the public key. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -11456,7 +11998,7 @@ type ImportKeyMaterialInput struct { // The CMK's Origin must be EXTERNAL. This must be the same CMK specified in // the KeyID parameter of the corresponding GetParametersForImport request. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -12446,8 +12988,13 @@ type KeyMetadata struct { // Describes the type of key material in the CMK. CustomerMasterKeySpec *string `type:"string" enum:"CustomerMasterKeySpec"` - // The date and time after which AWS KMS deletes the CMK. This value is present - // only when KeyState is PendingDeletion. + // The date and time after which AWS KMS deletes this CMK. This value is present + // only when the CMK is scheduled for deletion, that is, when its KeyState is + // PendingDeletion. + // + // When the primary key in a multi-Region key is scheduled for deletion but + // still has replica keys, its key state is PendingReplicaDeletion and the length + // of its waiting period is displayed in the PendingDeletionWindowInDays field. DeletionDate *time.Time `type:"timestamp"` // The description of the CMK. @@ -12460,7 +13007,7 @@ type KeyMetadata struct { // The encryption algorithms that the CMK supports. You cannot use the CMK with // other encryption algorithms within AWS KMS. // - // This field appears only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. + // This value is present only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. EncryptionAlgorithms []*string `type:"list"` // Specifies whether the CMK's key material expires. This value is present only @@ -12489,6 +13036,30 @@ type KeyMetadata struct { // for which you can use the CMK. KeyUsage *string `type:"string" enum:"KeyUsageType"` + // Indicates whether the CMK is a multi-Region (True) or regional (False) key. + // This value is True for multi-Region primary and replica CMKs and False for + // regional CMKs. + // + // For more information about multi-Region keys, see Using multi-Region keys + // (https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) + // in the AWS Key Management Service Developer Guide. + MultiRegion *bool `type:"boolean"` + + // Lists the primary and replica CMKs in same multi-Region CMK. This field is + // present only when the value of the MultiRegion field is True. + // + // For more information about any listed CMK, use the DescribeKey operation. + // + // * MultiRegionKeyType indicates whether the CMK is a PRIMARY or REPLICA + // key. + // + // * PrimaryKey displays the key ARN and Region of the primary key. This + // field displays the current CMK if it is the primary key. + // + // * ReplicaKeys displays the key ARNs and Regions of all replica keys. This + // field includes the current CMK if it is a replica key. + MultiRegionConfiguration *MultiRegionConfiguration `type:"structure"` + // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS // created the key material. When this value is EXTERNAL, the key material was // imported from your existing key management infrastructure or the CMK lacks @@ -12496,6 +13067,21 @@ type KeyMetadata struct { // in the AWS CloudHSM cluster associated with a custom key store. Origin *string `type:"string" enum:"OriginType"` + // The waiting period before the primary key in a multi-Region key is deleted. + // This waiting period begins when the last of its replica keys is deleted. + // This value is present only when the KeyState of the CMK is PendingReplicaDeletion. + // That indicates that the CMK is the primary key in a multi-Region key, it + // is scheduled for deletion, and it still has existing replica keys. + // + // When a regional CMK or a replica key in a multi-Region key is scheduled for + // deletion, its deletion date is displayed in the DeletionDate field. However, + // when the primary key in a multi-Region key is scheduled for deletion, its + // waiting period doesn't begin until all of its replica keys are deleted. This + // value displays that waiting period. When the last replica key in the multi-Region + // key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion + // to PendingDeletion and the deletion date appears in the DeletionDate field. + PendingDeletionWindowInDays *int64 `min:"1" type:"integer"` + // The signing algorithms that the CMK supports. You cannot use the CMK with // other signing algorithms within AWS KMS. // @@ -12609,12 +13195,30 @@ func (s *KeyMetadata) SetKeyUsage(v string) *KeyMetadata { return s } +// SetMultiRegion sets the MultiRegion field's value. +func (s *KeyMetadata) SetMultiRegion(v bool) *KeyMetadata { + s.MultiRegion = &v + return s +} + +// SetMultiRegionConfiguration sets the MultiRegionConfiguration field's value. +func (s *KeyMetadata) SetMultiRegionConfiguration(v *MultiRegionConfiguration) *KeyMetadata { + s.MultiRegionConfiguration = v + return s +} + // SetOrigin sets the Origin field's value. func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { s.Origin = &v return s } +// SetPendingDeletionWindowInDays sets the PendingDeletionWindowInDays field's value. +func (s *KeyMetadata) SetPendingDeletionWindowInDays(v int64) *KeyMetadata { + s.PendingDeletionWindowInDays = &v + return s +} + // SetSigningAlgorithms sets the SigningAlgorithms field's value. func (s *KeyMetadata) SetSigningAlgorithms(v []*string) *KeyMetadata { s.SigningAlgorithms = v @@ -12751,7 +13355,7 @@ type ListAliasesInput struct { // This parameter is optional. If you omit it, ListAliases returns all aliases // in the account and Region. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -12882,8 +13486,8 @@ type ListGrantsInput struct { // Returns only grants for the specified customer master key (CMK). This parameter // is required. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the CMK. To specify a CMK in a different + // AWS account, you must use the key ARN. // // For example: // @@ -13026,9 +13630,9 @@ func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { type ListKeyPoliciesInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets the names of key policies for the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -13255,9 +13859,9 @@ func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { type ListResourceTagsInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Gets tags on the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -13347,6 +13951,10 @@ type ListResourceTagsOutput struct { NextMarker *string `min:"1" type:"string"` // A list of tags. Each tag consists of a tag key and a tag value. + // + // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, + // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the AWS Key Management Service Developer Guide. Tags []*Tag `type:"list"` // A flag that indicates whether there are more items in the list. When this @@ -13521,6 +14129,86 @@ func (s *MalformedPolicyDocumentException) RequestID() string { return s.RespMetadata.RequestID } +// Describes the configuration of this multi-Region CMK. This field appears +// only when the CMK is a primary or replica of a multi-Region CMK. +// +// For more information about any listed CMK, use the DescribeKey operation. +type MultiRegionConfiguration struct { + _ struct{} `type:"structure"` + + // Indicates whether the CMK is a PRIMARY or REPLICA key. + MultiRegionKeyType *string `type:"string" enum:"MultiRegionKeyType"` + + // Displays the key ARN and Region of the primary key. This field includes the + // current CMK if it is the primary key. + PrimaryKey *MultiRegionKey `type:"structure"` + + // displays the key ARNs and Regions of all replica keys. This field includes + // the current CMK if it is a replica key. + ReplicaKeys []*MultiRegionKey `type:"list"` +} + +// String returns the string representation +func (s MultiRegionConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MultiRegionConfiguration) GoString() string { + return s.String() +} + +// SetMultiRegionKeyType sets the MultiRegionKeyType field's value. +func (s *MultiRegionConfiguration) SetMultiRegionKeyType(v string) *MultiRegionConfiguration { + s.MultiRegionKeyType = &v + return s +} + +// SetPrimaryKey sets the PrimaryKey field's value. +func (s *MultiRegionConfiguration) SetPrimaryKey(v *MultiRegionKey) *MultiRegionConfiguration { + s.PrimaryKey = v + return s +} + +// SetReplicaKeys sets the ReplicaKeys field's value. +func (s *MultiRegionConfiguration) SetReplicaKeys(v []*MultiRegionKey) *MultiRegionConfiguration { + s.ReplicaKeys = v + return s +} + +// Describes the primary or replica key in a multi-Region key. +type MultiRegionKey struct { + _ struct{} `type:"structure"` + + // Displays the key ARN of a primary or replica key of a multi-Region key. + Arn *string `min:"20" type:"string"` + + // Displays the AWS Region of a primary or replica key in a multi-Region key. + Region *string `min:"1" type:"string"` +} + +// String returns the string representation +func (s MultiRegionKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MultiRegionKey) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *MultiRegionKey) SetArn(v string) *MultiRegionKey { + s.Arn = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *MultiRegionKey) SetRegion(v string) *MultiRegionKey { + s.Region = &v + return s +} + // The request was rejected because the specified entity or resource could not // be found. type NotFoundException struct { @@ -13595,9 +14283,9 @@ type PutKeyPolicyInput struct { // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // A unique identifier for the customer master key (CMK). + // Sets the key policy on the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -13757,9 +14445,9 @@ type ReEncryptInput struct { // a symmetric or asymmetric CMK with a KeyUsage value of ENCRYPT_DECRYPT. To // find the KeyUsage value of a CMK, use the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -13779,7 +14467,9 @@ type ReEncryptInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -13817,9 +14507,9 @@ type ReEncryptInput struct { // recommended as a best practice. This practice ensures that you use the CMK // that you intend. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -13983,19 +14673,272 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { return s } +type ReplicateKeyInput struct { + _ struct{} `type:"structure"` + + // A flag to indicate whether to bypass the key policy lockout safety check. + // + // Setting this value to true increases the risk that the CMK becomes unmanageable. + // Do not set this value to true indiscriminately. + // + // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide. + // + // Use this parameter only when you intend to prevent the principal that is + // making the request from making a subsequent PutKeyPolicy request on the CMK. + // + // The default value is false. + BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` + + // A description of the CMK. Use a description that helps you decide whether + // the CMK is appropriate for a task. The default value is an empty string (no + // description). + // + // The description is not a shared property of multi-Region keys. You can specify + // the same description or a different description for each key in a set of + // related multi-Region keys. AWS KMS does not synchronize this property. + Description *string `type:"string"` + + // Identifies the multi-Region primary key that is being replicated. To determine + // whether a CMK is a multi-Region primary key, use the DescribeKey operation + // to check the value of the MultiRegionKeyType property. + // + // Specify the key ID or key ARN of a multi-Region primary key. + // + // For example: + // + // * Key ID: mrk-1234abcd12ab34cd56ef1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The key policy to attach to the CMK. This parameter is optional. If you do + // not provide a key policy, AWS KMS attaches the default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // to the CMK. + // + // The key policy is not a shared property of multi-Region keys. You can specify + // the same key policy or a different key policy for each key in a set of related + // multi-Region keys. AWS KMS does not synchronize this property. + // + // If you provide a key policy, it must meet the following criteria: + // + // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy + // must give the caller kms:PutKeyPolicy permission on the replica CMK. This + // reduces the risk that the CMK becomes unmanageable. For more information, + // refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section of the AWS Key Management Service Developer Guide . + // + // * Each statement in the key policy must contain one or more principals. + // The principals in the key policy must exist and be visible to AWS KMS. + // When you create a new AWS principal (for example, an IAM user or role), + // you might need to enforce a delay before including the new principal in + // a key policy because the new principal might not be immediately visible + // to AWS KMS. For more information, see Changes that I make are not always + // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // in the AWS Identity and Access Management User Guide. + // + // * The key policy size quota is 32 kilobytes (32768 bytes). + Policy *string `min:"1" type:"string"` + + // The Region ID of the AWS Region for this replica key. + // + // Enter the Region ID, such as us-east-1 or ap-southeast-2. For a list of AWS + // Regions in which AWS KMS is supported, see AWS KMS service endpoints (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) + // in the Amazon Web Services General Reference. + // + // The replica must be in a different AWS Region than its primary key and other + // replicas of that primary key, but in the same AWS partition. AWS KMS must + // be available in the replica Region. If the Region is not enabled by default, + // the AWS account must be enabled in the Region. + // + // For information about AWS partitions, see Amazon Resource Names (ARNs) in + // the Amazon Web Services General Reference. (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // For information about enabling and disabling Regions, see Enabling a Region + // (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable) + // and Disabling a Region (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable) + // in the Amazon Web Services General Reference. + // + // ReplicaRegion is a required field + ReplicaRegion *string `min:"1" type:"string" required:"true"` + + // Assigns one or more tags to the replica key. Use this parameter to tag the + // CMK when it is created. To tag an existing CMK, use the TagResource operation. + // + // Tagging or untagging a CMK can allow or deny permission to the CMK. For details, + // see Using ABAC in AWS KMS (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) + // in the AWS Key Management Service Developer Guide. + // + // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) + // permission in an IAM policy. + // + // Tags are not a shared property of multi-Region keys. You can specify the + // same tags or different tags for each key in a set of related multi-Region + // keys. AWS KMS does not synchronize this property. + // + // Each tag consists of a tag key and a tag value. Both the tag key and the + // tag value are required, but the tag value can be an empty (null) string. + // You cannot have more than one tag on a CMK with the same tag key. If you + // specify an existing tag key with a different tag value, AWS KMS replaces + // the current tag value with the specified one. + // + // When you assign tags to an AWS resource, AWS generates a cost allocation + // report with usage and costs aggregated by tags. Tags can also be used to + // control access to a CMK. For details, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). + Tags []*Tag `type:"list"` +} + +// String returns the string representation +func (s ReplicateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReplicateKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReplicateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReplicateKeyInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.Policy != nil && len(*s.Policy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) + } + if s.ReplicaRegion == nil { + invalidParams.Add(request.NewErrParamRequired("ReplicaRegion")) + } + if s.ReplicaRegion != nil && len(*s.ReplicaRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ReplicaRegion", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. +func (s *ReplicateKeyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *ReplicateKeyInput { + s.BypassPolicyLockoutSafetyCheck = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ReplicateKeyInput) SetDescription(v string) *ReplicateKeyInput { + s.Description = &v + return s +} + +// SetKeyId sets the KeyId field's value. +func (s *ReplicateKeyInput) SetKeyId(v string) *ReplicateKeyInput { + s.KeyId = &v + return s +} + +// SetPolicy sets the Policy field's value. +func (s *ReplicateKeyInput) SetPolicy(v string) *ReplicateKeyInput { + s.Policy = &v + return s +} + +// SetReplicaRegion sets the ReplicaRegion field's value. +func (s *ReplicateKeyInput) SetReplicaRegion(v string) *ReplicateKeyInput { + s.ReplicaRegion = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *ReplicateKeyInput) SetTags(v []*Tag) *ReplicateKeyInput { + s.Tags = v + return s +} + +type ReplicateKeyOutput struct { + _ struct{} `type:"structure"` + + // Displays details about the new replica CMK, including its Amazon Resource + // Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) + // and key state (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). + // It also includes the ARN and AWS Region of its primary key and other replica + // keys. + ReplicaKeyMetadata *KeyMetadata `type:"structure"` + + // The key policy of the new replica key. The value is a key policy document + // in JSON format. + ReplicaPolicy *string `min:"1" type:"string"` + + // The tags on the new replica key. The value is a list of tag key and tag value + // pairs. + ReplicaTags []*Tag `type:"list"` +} + +// String returns the string representation +func (s ReplicateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReplicateKeyOutput) GoString() string { + return s.String() +} + +// SetReplicaKeyMetadata sets the ReplicaKeyMetadata field's value. +func (s *ReplicateKeyOutput) SetReplicaKeyMetadata(v *KeyMetadata) *ReplicateKeyOutput { + s.ReplicaKeyMetadata = v + return s +} + +// SetReplicaPolicy sets the ReplicaPolicy field's value. +func (s *ReplicateKeyOutput) SetReplicaPolicy(v string) *ReplicateKeyOutput { + s.ReplicaPolicy = &v + return s +} + +// SetReplicaTags sets the ReplicaTags field's value. +func (s *ReplicateKeyOutput) SetReplicaTags(v []*Tag) *ReplicateKeyOutput { + s.ReplicaTags = v + return s +} + type RetireGrantInput struct { _ struct{} `type:"structure"` - // Unique identifier of the grant to retire. The grant ID is returned in the - // response to a CreateGrant operation. + // Identifies the grant to retire. To get the grant ID, use CreateGrant, ListGrants, + // or ListRetirableGrants. // // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 GrantId *string `min:"1" type:"string"` - // Token that identifies the grant to be retired. + // Identifies the grant to be retired. You can use a grant token to identify + // a new grant even before it has achieved eventual consistency. + // + // Only the CreateGrant operation returns a grant token. For details, see Grant + // token (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token) + // and Eventual consistency (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency) + // in the AWS Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` - // The Amazon Resource Name (ARN) of the CMK associated with the grant. + // The key ARN CMK associated with the grant. To find the key ARN, use the ListKeys + // operation. // // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab KeyId *string `min:"1" type:"string"` @@ -14065,15 +15008,17 @@ func (s RetireGrantOutput) GoString() string { type RevokeGrantInput struct { _ struct{} `type:"structure"` - // Identifier of the grant to be revoked. + // Identifies the grant to revoke. To get the grant ID, use CreateGrant, ListGrants, + // or ListRetirableGrants. // // GrantId is a required field GrantId *string `min:"1" type:"string" required:"true"` - // A unique identifier for the customer master key associated with the grant. + // A unique identifier for the customer master key (CMK) associated with the + // grant. To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify - // a CMK in a different AWS account, you must use the key ARN. + // Specify the key ID or key ARN of the CMK. To specify a CMK in a different + // AWS account, you must use the key ARN. // // For example: // @@ -14150,7 +15095,7 @@ type ScheduleKeyDeletionInput struct { // The unique identifier of the customer master key (CMK) to delete. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -14166,6 +15111,10 @@ type ScheduleKeyDeletionInput struct { // The waiting period, specified in number of days. After the waiting period // ends, AWS KMS deletes the customer master key (CMK). // + // If the CMK is a multi-Region primary key with replicas, the waiting period + // begins when the last of its replica keys is deleted. Otherwise, the waiting + // period begins immediately. + // // This value is optional. If you include a value, it must be between 7 and // 30, inclusive. If you do not include a value, it defaults to 30. PendingWindowInDays *int64 `min:"1" type:"integer"` @@ -14216,11 +15165,29 @@ type ScheduleKeyDeletionOutput struct { _ struct{} `type:"structure"` // The date and time after which AWS KMS deletes the customer master key (CMK). + // + // If the CMK is a multi-Region primary key with replica keys, this field does + // not appear. The deletion date for the primary key isn't known until its last + // replica key is deleted. DeletionDate *time.Time `type:"timestamp"` // The Amazon Resource Name (key ARN (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN)) // of the CMK whose deletion is scheduled. KeyId *string `min:"1" type:"string"` + + // The current status of the CMK. + // + // For more information about how key state affects the use of a CMK, see Key + // state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // in the AWS Key Management Service Developer Guide. + KeyState *string `type:"string" enum:"KeyState"` + + // The waiting period before the CMK is deleted. + // + // If the CMK is a multi-Region primary key with replicas, the waiting period + // begins when the last of its replica keys is deleted. Otherwise, the waiting + // period begins immediately. + PendingWindowInDays *int64 `min:"1" type:"integer"` } // String returns the string representation @@ -14245,12 +15212,26 @@ func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutpu return s } +// SetKeyState sets the KeyState field's value. +func (s *ScheduleKeyDeletionOutput) SetKeyState(v string) *ScheduleKeyDeletionOutput { + s.KeyState = &v + return s +} + +// SetPendingWindowInDays sets the PendingWindowInDays field's value. +func (s *ScheduleKeyDeletionOutput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionOutput { + s.PendingWindowInDays = &v + return s +} + type SignInput struct { _ struct{} `type:"structure"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -14258,9 +15239,9 @@ type SignInput struct { // CMK to sign the message. The KeyUsage type of the CMK must be SIGN_VERIFY. // To find the KeyUsage of a CMK, use the DescribeKey operation. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -14546,7 +15527,7 @@ type TagResourceInput struct { // Identifies a customer managed CMK in the account and Region. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -14699,7 +15680,7 @@ type UntagResourceInput struct { // Identifies the CMK from which you are removing tags. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -14791,7 +15772,7 @@ type UpdateAliasInput struct { // new target CMK must be the same type as the current target CMK (both symmetric // or both asymmetric) and they must have the same key usage. // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -14981,9 +15962,9 @@ type UpdateKeyDescriptionInput struct { // Description is a required field Description *string `type:"string" required:"true"` - // A unique identifier for the customer master key (CMK). + // Updates the description of the specified customer master key (CMK). // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // Specify the key ID or key ARN of the CMK. // // For example: // @@ -15052,12 +16033,101 @@ func (s UpdateKeyDescriptionOutput) GoString() string { return s.String() } +type UpdatePrimaryRegionInput struct { + _ struct{} `type:"structure"` + + // Identifies the current primary key. When the operation completes, this CMK + // will be a replica key. + // + // Specify the key ID or key ARN of a multi-Region primary key. + // + // For example: + // + // * Key ID: mrk-1234abcd12ab34cd56ef1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // + // KeyId is a required field + KeyId *string `min:"1" type:"string" required:"true"` + + // The AWS Region of the new primary key. Enter the Region ID, such as us-east-1 + // or ap-southeast-2. There must be an existing replica key in this Region. + // + // When the operation completes, the multi-Region key in this Region will be + // the primary key. + // + // PrimaryRegion is a required field + PrimaryRegion *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s UpdatePrimaryRegionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdatePrimaryRegionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdatePrimaryRegionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdatePrimaryRegionInput"} + if s.KeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KeyId")) + } + if s.KeyId != nil && len(*s.KeyId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) + } + if s.PrimaryRegion == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryRegion")) + } + if s.PrimaryRegion != nil && len(*s.PrimaryRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryRegion", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyId sets the KeyId field's value. +func (s *UpdatePrimaryRegionInput) SetKeyId(v string) *UpdatePrimaryRegionInput { + s.KeyId = &v + return s +} + +// SetPrimaryRegion sets the PrimaryRegion field's value. +func (s *UpdatePrimaryRegionInput) SetPrimaryRegion(v string) *UpdatePrimaryRegionInput { + s.PrimaryRegion = &v + return s +} + +type UpdatePrimaryRegionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UpdatePrimaryRegionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdatePrimaryRegionOutput) GoString() string { + return s.String() +} + type VerifyInput struct { _ struct{} `type:"structure"` // A list of grant tokens. // - // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // Use a grant token when your permission to call this operation comes from + // a new grant that has not yet achieved eventual consistency. For more information, + // see Grant token (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -15065,9 +16135,9 @@ type VerifyInput struct { // This must be the same CMK that was used to generate the signature. If you // specify a different CMK, the signature verification fails. // - // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". To specify - // a CMK in a different AWS account, you must use the key ARN or alias ARN. + // To specify a CMK, use its key ID, key ARN, alias name, or alias ARN. When + // using an alias name, prefix it with "alias/". To specify a CMK in a different + // AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -15544,6 +16614,9 @@ func KeyManagerType_Values() []string { } const ( + // KeyStateCreating is a KeyState enum value + KeyStateCreating = "Creating" + // KeyStateEnabled is a KeyState enum value KeyStateEnabled = "Enabled" @@ -15556,18 +16629,27 @@ const ( // KeyStatePendingImport is a KeyState enum value KeyStatePendingImport = "PendingImport" + // KeyStatePendingReplicaDeletion is a KeyState enum value + KeyStatePendingReplicaDeletion = "PendingReplicaDeletion" + // KeyStateUnavailable is a KeyState enum value KeyStateUnavailable = "Unavailable" + + // KeyStateUpdating is a KeyState enum value + KeyStateUpdating = "Updating" ) // KeyState_Values returns all elements of the KeyState enum func KeyState_Values() []string { return []string{ + KeyStateCreating, KeyStateEnabled, KeyStateDisabled, KeyStatePendingDeletion, KeyStatePendingImport, + KeyStatePendingReplicaDeletion, KeyStateUnavailable, + KeyStateUpdating, } } @@ -15603,6 +16685,22 @@ func MessageType_Values() []string { } } +const ( + // MultiRegionKeyTypePrimary is a MultiRegionKeyType enum value + MultiRegionKeyTypePrimary = "PRIMARY" + + // MultiRegionKeyTypeReplica is a MultiRegionKeyType enum value + MultiRegionKeyTypeReplica = "REPLICA" +) + +// MultiRegionKeyType_Values returns all elements of the MultiRegionKeyType enum +func MultiRegionKeyType_Values() []string { + return []string{ + MultiRegionKeyTypePrimary, + MultiRegionKeyTypeReplica, + } +} + const ( // OriginTypeAwsKms is a OriginType enum value OriginTypeAwsKms = "AWS_KMS" diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 6d15bad28f..e23d94b1a0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -356,9 +356,8 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // use the s3:x-amz-metadata-directive condition key to enforce certain metadata // behavior when objects are uploaded. For more information, see Specifying // Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 Developer Guide. For a complete list of Amazon S3-specific -// condition keys, see Actions, Resources, and Condition Keys for Amazon S3 -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). +// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition +// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). // // x-amz-copy-source-if Headers // @@ -422,7 +421,7 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // You can use the CopyObject action to change the storage class of an object // that is already stored in Amazon S3 using the StorageClass parameter. For // more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 Service Developer Guide. +// in the Amazon S3 User Guide. // // Versioning // @@ -535,7 +534,7 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // become the bucket owner. // // Not every string is an acceptable bucket name. For information about bucket -// naming restrictions, see Working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html). +// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). // // If you want to create an Amazon S3 on Outposts bucket, see Create Bucket // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). @@ -723,10 +722,11 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // by using CreateMultipartUpload. // // To perform a multipart upload with encryption using an AWS KMS CMK, the requester -// must have permission to the kms:Encrypt, kms:Decrypt, kms:ReEncrypt*, kms:GenerateDataKey*, -// and kms:DescribeKey actions on the key. These permissions are required because -// Amazon S3 must decrypt and read data from the encrypted file parts before -// it completes the multipart upload. +// must have permission to the kms:Decrypt and kms:GenerateDataKey* actions +// on the key. These permissions are required because Amazon S3 must decrypt +// and read data from the encrypted file parts before it completes the multipart +// upload. For more information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// in the Amazon S3 User Guide. // // If your AWS Identity and Access Management (IAM) user or role is in the same // AWS account as the AWS KMS CMK, then you must have these permissions on the @@ -1835,7 +1835,7 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // propagate. // // For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. // // The following operations are related to DeleteBucketReplication: // @@ -6497,12 +6497,13 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // ListObjectsV2 API operation for Amazon Simple Storage Service. // -// Returns some or all (up to 1,000) of the objects in a bucket. You can use -// the request parameters as selection criteria to return a subset of the objects -// in a bucket. A 200 OK response can contain valid or invalid XML. Make sure -// to design your application to parse the contents of the response and handle -// it appropriately. Objects are returned sorted in an ascending order of the -// respective key names in the list. +// Returns some or all (up to 1,000) of the objects in a bucket with each request. +// You can use the request parameters as selection criteria to return a subset +// of the objects in a bucket. A 200 OK response can contain valid or invalid +// XML. Make sure to design your application to parse the contents of the response +// and handle it appropriately. Objects are returned sorted in an ascending +// order of the respective key names in the list. For more information about +// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) // // To use this operation, you must have READ access to the bucket. // @@ -7816,7 +7817,7 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // // Creates a new lifecycle configuration for the bucket or replaces an existing // lifecycle configuration. For information about lifecycle configuration, see -// Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html). // // Bucket lifecycle configuration now supports specifying a lifecycle rule using // an object key name prefix, one or more object tags, or a combination of both. @@ -8587,7 +8588,7 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // // Creates a replication configuration or replaces an existing one. For more // information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. // // To perform this operation, the user or role performing the action must have // the iam:PassRole (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) @@ -8814,11 +8815,12 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // according to resources with the same tag key values. For example, you can // tag several resources with a specific application name, and then organize // your billing information to see the total cost of that application across -// several services. For more information, see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html). +// several services. For more information, see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) +// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). // -// Within a bucket, if you add a tag that has the same key as an existing tag, -// the new value overwrites the old value. For more information, see Using Cost -// Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). +// When this operation sets the tags for a bucket, it will overwrite any current +// tags the bucket already has. You cannot use this operation to add tags to +// an existing list of tags. // // To use this operation, you must have permissions to perform the s3:PutBucketTagging // action. The bucket owner has this permission by default and can grant this @@ -9229,7 +9231,7 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // Depending on performance needs, you can specify a different Storage Class. // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 Service Developer Guide. +// in the Amazon S3 User Guide. // // Versioning // @@ -9339,7 +9341,7 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // have an existing application that updates a bucket ACL using the request // body, you can continue to use that approach. For more information, see Access // Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. // // Access Permissions // @@ -10997,7 +10999,7 @@ type AbortMultipartUploadInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -11025,7 +11027,7 @@ type AbortMultipartUploadInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -11242,7 +11244,7 @@ type AccessControlTranslation struct { // Specifies the replica ownership. For default and valid values, see PUT bucket // replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. // // Owner is a required field Owner *string `type:"string" required:"true" enum:"OwnerOverride"` @@ -11693,7 +11695,7 @@ type BucketLoggingStatus struct { // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } @@ -12168,7 +12170,7 @@ type CompleteMultipartUploadInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // ID for the initiated multipart upload. @@ -12291,7 +12293,7 @@ type CompleteMultipartUploadOutput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -12577,7 +12579,7 @@ type CopyObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -12735,7 +12737,7 @@ type CopyObjectInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -12764,7 +12766,7 @@ type CopyObjectInput struct { // or using SigV4. For information about configuring using any of the officially // supported AWS SDKs and AWS CLI, see Specifying the Signature Version in Request // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon @@ -12776,7 +12778,7 @@ type CopyObjectInput struct { // Depending on performance needs, you can specify a different Storage Class. // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object destination object this value must be used in @@ -13358,7 +13360,10 @@ type CreateBucketInput struct { // Allows grantee to read the bucket ACL. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. @@ -13494,7 +13499,7 @@ type CreateMultipartUploadInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -13583,7 +13588,7 @@ type CreateMultipartUploadInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -13612,7 +13617,7 @@ type CreateMultipartUploadInput struct { // KMS will fail if not made via SSL or using SigV4. For information about configuring // using any of the officially supported AWS SDKs and AWS CLI, see Specifying // the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon @@ -13624,7 +13629,7 @@ type CreateMultipartUploadInput struct { // Depending on performance needs, you can specify a different Storage Class. // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. @@ -13908,7 +13913,7 @@ type CreateMultipartUploadOutput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -15613,7 +15618,7 @@ type DeleteObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -15651,7 +15656,7 @@ type DeleteObjectInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -15819,7 +15824,7 @@ type DeleteObjectTaggingInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -15970,7 +15975,7 @@ type DeleteObjectsInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -16009,7 +16014,7 @@ type DeleteObjectsInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -16333,7 +16338,7 @@ type Destination struct { // the destination bucket by specifying the AccessControlTranslation property, // this is the account ID of the destination bucket owner. For more information, // see Replication Additional Configuration: Changing the Replica Owner (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-change-owner.html) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. Account *string `type:"string"` // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to @@ -16361,7 +16366,7 @@ type Destination struct { // // For valid values, see the StorageClass element of the PUT Bucket replication // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) - // action in the Amazon Simple Storage Service API Reference. + // action in the Amazon S3 API Reference. StorageClass *string `type:"string" enum:"StorageClass"` } @@ -16468,8 +16473,8 @@ type Encryption struct { // If the encryption type is aws:kms, this optional value specifies the ID of // the symmetric customer managed AWS KMS CMK to use for encryption of job results. - // Amazon S3 only supports symmetric CMKs. For more information, see Using Symmetric - // and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Amazon S3 only supports symmetric CMKs. For more information, see Using symmetric + // and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the AWS Key Management Service Developer Guide. KMSKeyId *string `type:"string" sensitive:"true"` } @@ -16520,11 +16525,11 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { type EncryptionConfiguration struct { _ struct{} `type:"structure"` - // Specifies the ID (Key ARN or Alias ARN) of the customer managed customer - // master key (CMK) stored in AWS Key Management Service (KMS) for the destination - // bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only - // supports symmetric customer managed CMKs. For more information, see Using - // Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Specifies the ID (Key ARN or Alias ARN) of the customer managed AWS KMS key + // stored in AWS Key Management Service (KMS) for the destination bucket. Amazon + // S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric, + // customer managed KMS keys. For more information, see Using symmetric and + // asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the AWS Key Management Service Developer Guide. ReplicaKmsKeyID *string `type:"string"` } @@ -17035,7 +17040,7 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { // Optional configuration to replicate existing source bucket objects. For more // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. type ExistingObjectReplication struct { _ struct{} `type:"structure"` @@ -18337,7 +18342,7 @@ type GetBucketLoggingOutput struct { // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) - // in the Amazon Simple Storage Service API Reference. + // in the Amazon S3 API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } @@ -19490,7 +19495,7 @@ type GetObjectAclInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -19510,7 +19515,7 @@ type GetObjectAclInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -19664,7 +19669,7 @@ type GetObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -19720,7 +19725,7 @@ type GetObjectInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. @@ -19964,7 +19969,7 @@ type GetObjectLegalHoldInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -19984,7 +19989,7 @@ type GetObjectLegalHoldInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object whose Legal Hold status you want to retrieve. @@ -20119,7 +20124,7 @@ type GetObjectLockConfigurationInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -20567,7 +20572,7 @@ type GetObjectRetentionInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -20587,7 +20592,7 @@ type GetObjectRetentionInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. @@ -20722,7 +20727,7 @@ type GetObjectTaggingInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -20750,7 +20755,7 @@ type GetObjectTaggingInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The versionId of the object for which to get the tagging information. @@ -20910,7 +20915,7 @@ type GetObjectTorrentInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -21342,7 +21347,7 @@ type HeadBucketInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -21457,7 +21462,7 @@ type HeadObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -21514,7 +21519,7 @@ type HeadObjectInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -22417,7 +22422,7 @@ func (s *IntelligentTieringFilter) SetTag(v *Tag) *IntelligentTieringFilter { // Specifies the inventory configuration for an Amazon S3 bucket. For more information, // see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type InventoryConfiguration struct { _ struct{} `type:"structure"` @@ -23987,7 +23992,7 @@ type ListMultipartUploadsInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -24627,7 +24632,7 @@ type ListObjectsInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -24921,7 +24926,7 @@ type ListObjectsV2Input struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -25157,7 +25162,7 @@ type ListObjectsV2Output struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -25273,7 +25278,7 @@ type ListPartsInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -25308,7 +25313,7 @@ type ListPartsInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -25730,7 +25735,7 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type LoggingEnabled struct { _ struct{} `type:"structure"` @@ -25953,7 +25958,7 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator { // the existing metrics configuration. If you don't include the elements you // want to keep, they are erased. For more information, see PUT Bucket metrics // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type MetricsConfiguration struct { _ struct{} `type:"structure"` @@ -26155,7 +26160,7 @@ type NoncurrentVersionExpiration struct { // perform the associated action. For information about the noncurrent days // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) - // in the Amazon Simple Storage Service Developer Guide. + // in the Amazon S3 User Guide. NoncurrentDays *int64 `type:"integer"` } @@ -27336,7 +27341,10 @@ type PutBucketAclInput struct { // Allows grantee to read the bucket ACL. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. @@ -29693,7 +29701,7 @@ type PutObjectAclInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -29720,7 +29728,10 @@ type PutObjectAclInput struct { // This action is not supported by Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to create, overwrite, and delete any object in the bucket. + // Allows grantee to create new objects in the bucket. + // + // For the bucket and object owners of existing objects, also allows deletions + // and overwrites of those objects. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. @@ -29734,7 +29745,7 @@ type PutObjectAclInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -29752,7 +29763,7 @@ type PutObjectAclInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // VersionId used to reference a specific version of the object. @@ -29944,7 +29955,7 @@ type PutObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -30046,14 +30057,15 @@ type PutObjectInput struct { // The Object Lock mode that you want to apply to this object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want this object's Object Lock to expire. + // The date and time when you want this object's Object Lock to expire. Must + // be formatted as a timestamp parameter. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -30080,13 +30092,11 @@ type PutObjectInput struct { // If x-amz-server-side-encryption is present and has the value of aws:kms, // this header specifies the ID of the AWS Key Management Service (AWS KMS) // symmetrical customer managed customer master key (CMK) that was used for - // the object. - // - // If the value of x-amz-server-side-encryption is aws:kms, this header specifies - // the ID of the symmetric customer managed AWS KMS CMK that will be used for // the object. If you specify x-amz-server-side-encryption:aws:kms, but do not // providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the AWS - // managed CMK in AWS to protect the data. + // managed CMK in AWS to protect the data. If the KMS key does not exist in + // the same account issuing the command, you must use the full ARN and not just + // the ID. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon @@ -30098,7 +30108,7 @@ type PutObjectInput struct { // Depending on performance needs, you can specify a different Storage Class. // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // in the Amazon S3 Service Developer Guide. + // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. @@ -30401,7 +30411,7 @@ type PutObjectLegalHoldInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -30425,7 +30435,7 @@ type PutObjectLegalHoldInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object that you want to place a Legal Hold on. @@ -30578,7 +30588,7 @@ type PutObjectLockConfigurationInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. @@ -30831,7 +30841,7 @@ type PutObjectRetentionInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -30855,7 +30865,7 @@ type PutObjectRetentionInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -31007,7 +31017,7 @@ type PutObjectTaggingInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -31035,7 +31045,7 @@ type PutObjectTaggingInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for the TagSet and Tag elements @@ -31752,7 +31762,7 @@ type ReplicationRule struct { // Optional configuration to replicate existing source bucket objects. For more // information, see Replicating Existing Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-what-is-isnot-replicated.html#existing-object-replication) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. ExistingObjectReplication *ExistingObjectReplication `type:"structure"` // A filter that identifies the subset of objects to which the replication rule @@ -32195,7 +32205,7 @@ type RestoreObjectInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -32223,7 +32233,7 @@ type RestoreObjectInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -32540,8 +32550,8 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule { // Specifies lifecycle rules for an Amazon S3 bucket. For more information, // see Put Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) -// in the Amazon Simple Storage Service API Reference. For examples, see Put -// Bucket Lifecycle Configuration Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples). +// in the Amazon S3 API Reference. For examples, see Put Bucket Lifecycle Configuration +// Examples (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html#API_PutBucketLifecycleConfiguration_Examples). type Rule struct { _ struct{} `type:"structure"` @@ -33287,17 +33297,17 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec // bucket. If a PUT Object request doesn't specify any server-side encryption, // this default encryption will be applied. For more information, see PUT Bucket // encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type ServerSideEncryptionByDefault struct { _ struct{} `type:"structure"` - // AWS Key Management Service (KMS) customer master key ID to use for the default + // AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default // encryption. This parameter is allowed if and only if SSEAlgorithm is set // to aws:kms. // - // You can specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. // However, if you are using encryption with cross-account operations, you must - // use a fully qualified CMK ARN. For more information, see Using encryption + // use a fully qualified KMS key ARN. For more information, see Using encryption // for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // // For example: @@ -33306,8 +33316,8 @@ type ServerSideEncryptionByDefault struct { // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // Amazon S3 only supports symmetric CMKs and not asymmetric CMKs. For more - // information, see Using Symmetric and Asymmetric Keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) + // Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For + // more information, see Using symmetric and asymmetric keys (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the AWS Key Management Service Developer Guide. KMSMasterKeyID *string `type:"string" sensitive:"true"` @@ -33531,7 +33541,7 @@ type SseKmsEncryptedObjects struct { _ struct{} `type:"structure"` // Specifies whether Amazon S3 replicates objects created with server-side encryption - // using a customer master key (CMK) stored in AWS Key Management Service. + // using an AWS KMS key stored in AWS Key Management Service. // // Status is a required field Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` @@ -34170,7 +34180,7 @@ type UploadPartCopyInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -34275,7 +34285,7 @@ type UploadPartCopyInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -34612,7 +34622,7 @@ type UploadPartInput struct { // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the AWS SDKs, you provide // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using Access Points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // // When using this action with Amazon S3 on Outposts, you must direct requests @@ -34655,7 +34665,7 @@ type UploadPartInput struct { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 Developer Guide. + // in the Amazon S3 User Guide. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use to when encrypting the object (for example, @@ -34919,7 +34929,7 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput { // Describes the versioning state of an Amazon S3 bucket. For more information, // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) -// in the Amazon Simple Storage Service API Reference. +// in the Amazon S3 API Reference. type VersioningConfiguration struct { _ struct{} `type:"structure"` @@ -36028,6 +36038,9 @@ const ( // InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier" + + // InventoryOptionalFieldBucketKeyStatus is a InventoryOptionalField enum value + InventoryOptionalFieldBucketKeyStatus = "BucketKeyStatus" ) // InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum @@ -36044,6 +36057,7 @@ func InventoryOptionalField_Values() []string { InventoryOptionalFieldObjectLockMode, InventoryOptionalFieldObjectLockLegalHoldStatus, InventoryOptionalFieldIntelligentTieringAccessTier, + InventoryOptionalFieldBucketKeyStatus, } } @@ -36477,7 +36491,7 @@ func RequestCharged_Values() []string { // Bucket owners need not specify this parameter in their requests. For information // about downloading objects from requester pays buckets, see Downloading Objects // in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) -// in the Amazon S3 Developer Guide. +// in the Amazon S3 User Guide. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go index 9fc2105fd2..ba1a84d091 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go @@ -155,8 +155,9 @@ func endpointHandler(req *request.Request) { } case arn.OutpostAccessPointARN: // outposts does not support FIPS regions - if resReq.ResourceConfiguredForFIPS() { - req.Error = s3shared.NewInvalidARNWithFIPSError(resource, nil) + if resReq.UseFIPS() { + req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID, + aws.StringValue(req.Config.Region), nil) return } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go index 38ef4185f4..a07d209e03 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go @@ -64,12 +64,12 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // Only you, the owner of the queue, can grant or deny permissions to the queue. // For more information about these permissions, see Allow Developers to Write // Messages to a Shared Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // * AddPermission generates a policy for you. You can use SetQueueAttributes // to upload your policy. For more information, see Using Custom Policies // with the Amazon SQS Access Policy Language (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // * An Amazon SQS policy can have a maximum of 7 actions. // @@ -87,7 +87,7 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -174,7 +174,7 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput // value. The default visibility timeout for a message is 30 seconds. The minimum // is 0 seconds. The maximum is 12 hours. For more information, see Visibility // Timeout (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // For example, you have a message with a visibility timeout of 5 minutes. After // 3 minutes, you call ChangeMessageVisibility with a timeout of 10 minutes. @@ -415,7 +415,7 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // create a new FIFO queue for your application or delete your existing standard // queue and recreate it as a FIFO queue. For more information, see Moving // From a Standard Queue to a FIFO Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-moving) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // * If you don't provide a value for an attribute, the queue is created // with the default value for the attribute. @@ -450,7 +450,7 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -755,7 +755,7 @@ func (c *SQS) DeleteQueueRequest(input *DeleteQueueInput) (req *request.Request, // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -918,7 +918,7 @@ func (c *SQS) GetQueueUrlRequest(input *GetQueueUrlInput) (req *request.Request, // must grant you permission to access the queue. For more information about // shared queue access, see AddPermission or see Allow Developers to Write Messages // to a Shared Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1016,7 +1016,7 @@ func (c *SQS) ListDeadLetterSourceQueuesRequest(input *ListDeadLetterSourceQueue // // For more information about using dead-letter queues, see Using Amazon SQS // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1149,11 +1149,11 @@ func (c *SQS) ListQueueTagsRequest(input *ListQueueTagsInput) (req *request.Requ // // List all cost allocation tags added to the specified Amazon SQS queue. For // an overview, see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1247,7 +1247,7 @@ func (c *SQS) ListQueuesRequest(input *ListQueuesInput) (req *request.Request, o // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1473,7 +1473,7 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // Retrieves one or more messages (up to 10), from the specified queue. Using // the WaitTimeSeconds parameter enables long-poll support. For more information, // see Amazon SQS Long Polling (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Short poll is the default behavior where a weighted random set of machines // is sampled on a ReceiveMessage call. Thus, only the messages on the sampled @@ -1500,14 +1500,14 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // // The receipt handle is the identifier you must provide when deleting the message. // For more information, see Queue and Message Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // You can provide the VisibilityTimeout parameter in your request. The parameter // is applied to the messages that Amazon SQS returns in the response. If you // don't include the parameter, the overall visibility timeout for the queue // is used for the returned messages. For more information, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // A message that isn't deleted or a message whose visibility isn't extended // before the visibility timeout expires counts as a failed receive. Depending @@ -1606,7 +1606,7 @@ func (c *SQS) RemovePermissionRequest(input *RemovePermissionInput) (req *reques // // * Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // * To remove the ability to change queue permissions, you must deny permission // to the AddPermission, RemovePermission, and SetQueueAttributes actions @@ -1910,7 +1910,7 @@ func (c *SQS) SetQueueAttributesRequest(input *SetQueueAttributesInput) (req *re // // * Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // * To remove the ability to change queue permissions, you must deny permission // to the AddPermission, RemovePermission, and SetQueueAttributes actions @@ -1996,7 +1996,7 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // // Add cost allocation tags to the specified Amazon SQS queue. For an overview, // see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // When you use queue tags, keep the following guidelines in mind: // @@ -2010,12 +2010,12 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // * A new tag with a key identical to that of an existing tag overwrites // the existing tag. // -// For a full list of tag restrictions, see Limits Related to Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) -// in the Amazon Simple Queue Service Developer Guide. +// For a full list of tag restrictions, see Quotas related to queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) +// in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2092,11 +2092,11 @@ func (c *SQS) UntagQueueRequest(input *UntagQueueInput) (req *request.Request, o // // Remove cost allocation tags from the specified Amazon SQS queue. For an overview, // see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2129,11 +2129,10 @@ func (c *SQS) UntagQueueWithContext(ctx aws.Context, input *UntagQueueInput, opt type AddPermissionInput struct { _ struct{} `type:"structure"` - // The AWS account number of the principal (https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P) - // who is given permission. The principal must have an AWS account, but does - // not need to be signed up for Amazon SQS. For information about locating the - // AWS account identification, see Your AWS Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication) - // in the Amazon Simple Queue Service Developer Guide. + // The account numbers of the principals (https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P) + // who are to receive permission. For information about locating the account + // identification, see Your Amazon Web Services Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication) + // in the Amazon SQS Developer Guide. // // AWSAccountIds is a required field AWSAccountIds []*string `locationNameList:"AWSAccountId" type:"list" flattened:"true" required:"true"` @@ -2143,7 +2142,7 @@ type AddPermissionInput struct { // // For more information about these actions, see Overview of Managing Access // Permissions to Your Amazon Simple Queue Service Resource (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // Specifying SendMessage, DeleteMessage, or ChangeMessageVisibility for ActionName.n // also grants permissions for the corresponding batch versions of those actions: @@ -2607,8 +2606,9 @@ type CreateQueueInput struct { // Amazon SQS retains a message. Valid values: An integer from 60 seconds // (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). // - // * Policy – The queue's policy. A valid AWS policy. For more information - // about policy structure, see Overview of AWS IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) + // * Policy – The queue's policy. A valid Amazon Web Services policy. For + // more information about policy structure, see Overview of Amazon Web Services + // IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) // in the Amazon IAM User Guide. // // * ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for @@ -2619,9 +2619,9 @@ type CreateQueueInput struct { // queue functionality of the source queue as a JSON object. For more information // about the redrive policy and dead-letter queues, see Using Amazon SQS // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn - // – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon - // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount + // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon + // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves + // messages after the value of maxReceiveCount is exceeded. maxReceiveCount // – The number of times a message is delivered to the source queue before // being moved to the dead-letter queue. When the ReceiveCount for a message // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message @@ -2633,25 +2633,26 @@ type CreateQueueInput struct { // Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // - // * KmsMasterKeyId – The ID of an AWS-managed customer master key (CMK) - // for Amazon SQS or a custom CMK. For more information, see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). - // While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, - // the alias of a custom CMK can, for example, be alias/MyAlias . For more - // examples, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) - // in the AWS Key Management Service API Reference. + // * KmsMasterKeyId – The ID of an Amazon Web Services managed customer + // master key (CMK) for Amazon SQS or a custom CMK. For more information, + // see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // While the alias of the Amazon Web Services managed CMK for Amazon SQS + // is always alias/aws/sqs, the alias of a custom CMK can, for example, be + // alias/MyAlias . For more examples, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) + // in the Key Management Service API Reference. // // * KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for // which Amazon SQS can reuse a data key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) - // to encrypt or decrypt messages before calling AWS KMS again. An integer - // representing seconds, between 60 seconds (1 minute) and 86,400 seconds - // (24 hours). Default: 300 (5 minutes). A shorter time period provides better - // security but results in more calls to KMS which might incur charges after - // Free Tier. For more information, see How Does the Data Key Reuse Period - // Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // to encrypt or decrypt messages before calling KMS again. An integer representing + // seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). + // Default: 300 (5 minutes). A shorter time period provides better security + // but results in more calls to KMS which might incur charges after Free + // Tier. For more information, see How Does the Data Key Reuse Period Work? + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // @@ -2660,17 +2661,17 @@ type CreateQueueInput struct { // a standard queue. You can provide this attribute only during queue creation. // You can't change it for an existing queue. When you set this attribute, // you must also provide the MessageGroupId for your messages explicitly. - // For more information, see FIFO Queue Logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) - // in the Amazon Simple Queue Service Developer Guide. + // For more information, see FIFO queue logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html) + // in the Amazon SQS Developer Guide. // // * ContentBasedDeduplication – Enables content-based deduplication. Valid - // values are true and false. For more information, see Exactly-Once Processing - // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) - // in the Amazon Simple Queue Service Developer Guide. Note the following: - // Every message must have a unique MessageDeduplicationId. You may provide - // a MessageDeduplicationId explicitly. If you aren't able to provide a MessageDeduplicationId - // and you enable ContentBasedDeduplication for your queue, Amazon SQS uses - // a SHA-256 hash to generate the MessageDeduplicationId using the body of + // values are true and false. For more information, see Exactly-once processing + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html) + // in the Amazon SQS Developer Guide. Note the following: Every message must + // have a unique MessageDeduplicationId. You may provide a MessageDeduplicationId + // explicitly. If you aren't able to provide a MessageDeduplicationId and + // you enable ContentBasedDeduplication for your queue, Amazon SQS uses a + // SHA-256 hash to generate the MessageDeduplicationId using the body of // the message (but not the attributes of the message). If you don't provide // a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication // set, the action fails with an error. If the queue has ContentBasedDeduplication @@ -2682,15 +2683,7 @@ type CreateQueueInput struct { // as the one generated for the first MessageDeduplicationId, the two messages // are treated as duplicates and only one copy of the message is delivered. // - // Preview: High throughput for FIFO queues - // - // High throughput for Amazon SQS FIFO queues is in preview release and is subject - // to change. This feature provides a high number of transactions per second - // (TPS) for messages in FIFO queues. For information on throughput quotas, - // see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) - // in the Amazon Simple Queue Service Developer Guide. - // - // This preview includes two new attributes: + // The following attributes apply only to high throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html): // // * DeduplicationScope – Specifies whether message deduplication occurs // at the message group or queue level. Valid values are messageGroup and @@ -2708,22 +2701,11 @@ type CreateQueueInput struct { // * Set FifoThroughputLimit to perMessageGroupId. // // If you set these attributes to anything other than the values shown for enabling - // high throughput, standard throughput is in effect and deduplication occurs + // high throughput, normal throughput is in effect and deduplication occurs // as specified. // - // This preview is available in the following AWS Regions: - // - // * US East (Ohio); us-east-2 - // - // * US East (N. Virginia); us-east-1 - // - // * US West (Oregon); us-west-2 - // - // * Europe (Ireland); eu-west-1 - // - // For more information about high throughput for FIFO queues, see Preview: - // High throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) - // in the Amazon Simple Queue Service Developer Guide. + // For information on throughput quotas, see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) + // in the Amazon SQS Developer Guide. Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` // The name of the new queue. The following limits apply to this name: @@ -2742,7 +2724,7 @@ type CreateQueueInput struct { // Add cost allocation tags to the specified Amazon SQS queue. For an overview, // see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // When you use queue tags, keep the following guidelines in mind: // @@ -2756,15 +2738,15 @@ type CreateQueueInput struct { // * A new tag with a key identical to that of an existing tag overwrites // the existing tag. // - // For a full list of tag restrictions, see Limits Related to Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) - // in the Amazon Simple Queue Service Developer Guide. + // For a full list of tag restrictions, see Quotas related to queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) + // in the Amazon SQS Developer Guide. // // To be able to tag a queue on creation, you must have the sqs:CreateQueue // and sqs:TagQueue permissions. // // Cross-account permissions don't apply to this action. For more information, // see Grant cross-account permissions to a role and a user name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. Tags map[string]*string `locationName:"Tag" locationNameKey:"Key" locationNameValue:"Value" type:"map" flattened:"true"` } @@ -3148,6 +3130,9 @@ type GetQueueAttributesInput struct { // A list of attributes for which to retrieve information. // + // The AttributeName.N parameter is optional, but if you don't specify values + // for this parameter, the request returns empty results. + // // In the future, new attributes might be added. If you write code that calls // this action, we recommend that you structure your code so that it can handle // new attributes gracefully. @@ -3199,9 +3184,9 @@ type GetQueueAttributesInput struct { // queue functionality of the source queue as a JSON object. For more information // about the redrive policy and dead-letter queues, see Using Amazon SQS // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn - // – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon - // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount + // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon + // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves + // messages after the value of maxReceiveCount is exceeded. maxReceiveCount // – The number of times a message is delivered to the source queue before // being moved to the dead-letter queue. When the ReceiveCount for a message // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message @@ -3210,41 +3195,33 @@ type GetQueueAttributesInput struct { // * VisibilityTimeout – Returns the visibility timeout for the queue. // For more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // - // * KmsMasterKeyId – Returns the ID of an AWS-managed customer master - // key (CMK) for Amazon SQS or a custom CMK. For more information, see Key - // Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // * KmsMasterKeyId – Returns the ID of an Amazon Web Services managed + // customer master key (CMK) for Amazon SQS or a custom CMK. For more information, + // see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). // // * KmsDataKeyReusePeriodSeconds – Returns the length of time, in seconds, // for which Amazon SQS can reuse a data key to encrypt or decrypt messages - // before calling AWS KMS again. For more information, see How Does the Data + // before calling KMS again. For more information, see How Does the Data // Key Reuse Period Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // // * FifoQueue – Returns information about whether the queue is FIFO. For - // more information, see FIFO Queue Logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) - // in the Amazon Simple Queue Service Developer Guide. To determine whether - // a queue is FIFO (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), + // more information, see FIFO queue logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html) + // in the Amazon SQS Developer Guide. To determine whether a queue is FIFO + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), // you can check whether QueueName ends with the .fifo suffix. // // * ContentBasedDeduplication – Returns whether content-based deduplication - // is enabled for the queue. For more information, see Exactly-Once Processing - // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) - // in the Amazon Simple Queue Service Developer Guide. + // is enabled for the queue. For more information, see Exactly-once processing + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html) + // in the Amazon SQS Developer Guide. // - // Preview: High throughput for FIFO queues - // - // High throughput for Amazon SQS FIFO queues is in preview release and is subject - // to change. This feature provides a high number of transactions per second - // (TPS) for messages in FIFO queues. For information on throughput quotas, - // see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) - // in the Amazon Simple Queue Service Developer Guide. - // - // This preview includes two new attributes: + // The following attributes apply only to high throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html): // // * DeduplicationScope – Specifies whether message deduplication occurs // at the message group or queue level. Valid values are messageGroup and @@ -3262,22 +3239,11 @@ type GetQueueAttributesInput struct { // * Set FifoThroughputLimit to perMessageGroupId. // // If you set these attributes to anything other than the values shown for enabling - // high throughput, standard throughput is in effect and deduplication occurs + // high throughput, normal throughput is in effect and deduplication occurs // as specified. // - // This preview is available in the following AWS Regions: - // - // * US East (Ohio); us-east-2 - // - // * US East (N. Virginia); us-east-1 - // - // * US West (Oregon); us-west-2 - // - // * Europe (Ireland); eu-west-1 - // - // For more information about high throughput for FIFO queues, see Preview: - // High throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) - // in the Amazon Simple Queue Service Developer Guide. + // For information on throughput quotas, see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) + // in the Amazon SQS Developer Guide. AttributeNames []*string `locationNameList:"AttributeName" type:"list" flattened:"true"` // The URL of the Amazon SQS queue whose attribute information is retrieved. @@ -3358,7 +3324,7 @@ type GetQueueUrlInput struct { // QueueName is a required field QueueName *string `type:"string" required:"true"` - // The AWS account ID of the account that created the queue. + // The account ID of the account that created the queue. QueueOwnerAWSAccountId *string `type:"string"` } @@ -3398,7 +3364,7 @@ func (s *GetQueueUrlInput) SetQueueOwnerAWSAccountId(v string) *GetQueueUrlInput } // For more information, see Interpreting Responses (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-api-responses.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. type GetQueueUrlOutput struct { _ struct{} `type:"structure"` @@ -3700,12 +3666,12 @@ type Message struct { MD5OfMessageAttributes *string `type:"string"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon Simple Queue Service Developer Guide. + // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) + // in the Amazon SQS Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` // A unique identifier for the message. A MessageIdis considered unique across - // all AWS accounts for an extended period of time. + // all accounts for an extended period of time. MessageId *string `type:"string"` // An identifier associated with the act of receiving the message. A new receipt @@ -3790,7 +3756,7 @@ type MessageAttributeValue struct { // // You can also append custom labels. For more information, see Amazon SQS Message // Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // DataType is a required field DataType *string `type:"string" required:"true"` @@ -3878,7 +3844,7 @@ type MessageSystemAttributeValue struct { // // You can also append custom labels. For more information, see Amazon SQS Message // Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // DataType is a required field DataType *string `type:"string" required:"true"` @@ -4013,7 +3979,7 @@ type ReceiveMessageInput struct { // * ApproximateReceiveCount – Returns the number of times a message has // been received across all queues but not deleted. // - // * AWSTraceHeader – Returns the AWS X-Ray trace header string. + // * AWSTraceHeader – Returns the X-Ray trace header string. // // * SenderId For an IAM user, returns the IAM user ID, for example ABCDEFGHI1JKLMNOPQ23R. // For an IAM role, returns the IAM role ID, for example ABCDE1F2GH3I4JK5LMNOP:i-a123b456. @@ -4090,15 +4056,14 @@ type ReceiveMessageInput struct { // return the same messages and receipt handles. If a retry occurs within // the deduplication interval, it resets the visibility timeout. For more // information, see Visibility Timeout (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) - // in the Amazon Simple Queue Service Developer Guide. If a caller of the - // ReceiveMessage action still processes messages when the visibility timeout - // expires and messages become visible, another worker consuming from the - // same queue can receive the same messages and therefore process duplicates. - // Also, if a consumer whose message processing time is longer than the visibility - // timeout tries to delete the processed messages, the action fails with - // an error. To mitigate this effect, ensure that your application observes - // a safe threshold before the visibility timeout expires and extend the - // visibility timeout as necessary. + // in the Amazon SQS Developer Guide. If a caller of the ReceiveMessage action + // still processes messages when the visibility timeout expires and messages + // become visible, another worker consuming from the same queue can receive + // the same messages and therefore process duplicates. Also, if a consumer + // whose message processing time is longer than the visibility timeout tries + // to delete the processed messages, the action fails with an error. To mitigate + // this effect, ensure that your application observes a safe threshold before + // the visibility timeout expires and extend the visibility timeout as necessary. // // * While messages with a particular MessageGroupId are invisible, no more // messages belonging to the same MessageGroupId are returned until the visibility @@ -4114,7 +4079,7 @@ type ReceiveMessageInput struct { // // For best practices of using ReceiveRequestAttemptId, see Using the ReceiveRequestAttemptId // Request Parameter (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-receiverequestattemptid-request-parameter.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. ReceiveRequestAttemptId *string `type:"string"` // The duration (in seconds) that the received messages are hidden from subsequent @@ -4421,8 +4386,8 @@ type SendMessageBatchRequestEntry struct { Id *string `type:"string" required:"true"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon Simple Queue Service Developer Guide. + // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) + // in the Amazon SQS Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` // The body of the message. @@ -4435,8 +4400,8 @@ type SendMessageBatchRequestEntry struct { // The token used for deduplication of messages within a 5-minute minimum deduplication // interval. If a message with a particular MessageDeduplicationId is sent successfully, // subsequent messages with the same MessageDeduplicationId are accepted successfully - // but aren't delivered. For more information, see Exactly-Once Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) - // in the Amazon Simple Queue Service Developer Guide. + // but aren't delivered. For more information, see Exactly-once processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html) + // in the Amazon SQS Developer Guide. // // * Every message must have a unique MessageDeduplicationId, You may provide // a MessageDeduplicationId explicitly. If you aren't able to provide a MessageDeduplicationId @@ -4471,7 +4436,7 @@ type SendMessageBatchRequestEntry struct { // // For best practices of using MessageDeduplicationId, see Using the MessageDeduplicationId // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. MessageDeduplicationId *string `type:"string"` // This parameter applies only to FIFO (first-in-first-out) queues. @@ -4496,7 +4461,7 @@ type SendMessageBatchRequestEntry struct { // // For best practices of using MessageGroupId, see Using the MessageGroupId // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // MessageGroupId is required for FIFO queues. You can't use it for Standard // queues. @@ -4506,8 +4471,8 @@ type SendMessageBatchRequestEntry struct { // of a Name, Type, and Value. // // * Currently, the only supported message system attribute is AWSTraceHeader. - // Its type must be String and its value must be a correctly formatted AWS - // X-Ray trace header string. + // Its type must be String and its value must be a correctly formatted X-Ray + // trace header string. // // * The size of a message system attribute doesn't count towards the total // size of a message. @@ -4704,8 +4669,8 @@ type SendMessageInput struct { DelaySeconds *int64 `type:"integer"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) - // in the Amazon Simple Queue Service Developer Guide. + // see Amazon SQS message attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) + // in the Amazon SQS Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` // The message to send. The minimum size is one character. The maximum size @@ -4727,9 +4692,9 @@ type SendMessageInput struct { // The token used for deduplication of sent messages. If a message with a particular // MessageDeduplicationId is sent successfully, any messages sent with the same // MessageDeduplicationId are accepted successfully but aren't delivered during - // the 5-minute deduplication interval. For more information, see Exactly-Once - // Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) - // in the Amazon Simple Queue Service Developer Guide. + // the 5-minute deduplication interval. For more information, see Exactly-once + // processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html) + // in the Amazon SQS Developer Guide. // // * Every message must have a unique MessageDeduplicationId, You may provide // a MessageDeduplicationId explicitly. If you aren't able to provide a MessageDeduplicationId @@ -4764,7 +4729,7 @@ type SendMessageInput struct { // // For best practices of using MessageDeduplicationId, see Using the MessageDeduplicationId // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. MessageDeduplicationId *string `type:"string"` // This parameter applies only to FIFO (first-in-first-out) queues. @@ -4789,7 +4754,7 @@ type SendMessageInput struct { // // For best practices of using MessageGroupId, see Using the MessageGroupId // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // MessageGroupId is required for FIFO queues. You can't use it for Standard // queues. @@ -4799,8 +4764,8 @@ type SendMessageInput struct { // of a Name, Type, and Value. // // * Currently, the only supported message system attribute is AWSTraceHeader. - // Its type must be String and its value must be a correctly formatted AWS - // X-Ray trace header string. + // Its type must be String and its value must be a correctly formatted X-Ray + // trace header string. // // * The size of a message system attribute doesn't count towards the total // size of a message. @@ -4925,7 +4890,7 @@ type SendMessageOutput struct { // An attribute containing the MessageId of the message sent to the queue. For // more information, see Queue and Message Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. MessageId *string `type:"string"` // This parameter applies only to FIFO (first-in-first-out) queues. @@ -4997,9 +4962,10 @@ type SetQueueAttributesInput struct { // Amazon SQS retains a message. Valid values: An integer representing seconds, // from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). // - // * Policy – The queue's policy. A valid AWS policy. For more information - // about policy structure, see Overview of AWS IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) - // in the Amazon IAM User Guide. + // * Policy – The queue's policy. A valid Amazon Web Services policy. For + // more information about policy structure, see Overview of Amazon Web Services + // IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) + // in the Identity and Access Management User Guide. // // * ReceiveMessageWaitTimeSeconds – The length of time, in seconds, for // which a ReceiveMessage action waits for a message to arrive. Valid values: @@ -5009,9 +4975,9 @@ type SetQueueAttributesInput struct { // queue functionality of the source queue as a JSON object. For more information // about the redrive policy and dead-letter queues, see Using Amazon SQS // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) - // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn - // – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon - // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount + // in the Amazon SQS Developer Guide. deadLetterTargetArn – The Amazon + // Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves + // messages after the value of maxReceiveCount is exceeded. maxReceiveCount // – The number of times a message is delivered to the source queue before // being moved to the dead-letter queue. When the ReceiveCount for a message // exceeds the maxReceiveCount for a queue, Amazon SQS moves the message @@ -5023,36 +4989,37 @@ type SetQueueAttributesInput struct { // Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) - // in the Amazon Simple Queue Service Developer Guide. + // in the Amazon SQS Developer Guide. // // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // - // * KmsMasterKeyId – The ID of an AWS-managed customer master key (CMK) - // for Amazon SQS or a custom CMK. For more information, see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // * KmsMasterKeyId – The ID of an Amazon Web Services managed customer + // master key (CMK) for Amazon SQS or a custom CMK. For more information, + // see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). // While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, // the alias of a custom CMK can, for example, be alias/MyAlias . For more // examples, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) - // in the AWS Key Management Service API Reference. + // in the Key Management Service API Reference. // // * KmsDataKeyReusePeriodSeconds – The length of time, in seconds, for // which Amazon SQS can reuse a data key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) - // to encrypt or decrypt messages before calling AWS KMS again. An integer - // representing seconds, between 60 seconds (1 minute) and 86,400 seconds - // (24 hours). Default: 300 (5 minutes). A shorter time period provides better - // security but results in more calls to KMS which might incur charges after - // Free Tier. For more information, see How Does the Data Key Reuse Period - // Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // to encrypt or decrypt messages before calling KMS again. An integer representing + // seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). + // Default: 300 (5 minutes). A shorter time period provides better security + // but results in more calls to KMS which might incur charges after Free + // Tier. For more information, see How Does the Data Key Reuse Period Work? + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // // The following attribute applies only to FIFO (first-in-first-out) queues // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // // * ContentBasedDeduplication – Enables content-based deduplication. For - // more information, see Exactly-Once Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) - // in the Amazon Simple Queue Service Developer Guide. Note the following: - // Every message must have a unique MessageDeduplicationId. You may provide - // a MessageDeduplicationId explicitly. If you aren't able to provide a MessageDeduplicationId - // and you enable ContentBasedDeduplication for your queue, Amazon SQS uses - // a SHA-256 hash to generate the MessageDeduplicationId using the body of + // more information, see Exactly-once processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html) + // in the Amazon SQS Developer Guide. Note the following: Every message must + // have a unique MessageDeduplicationId. You may provide a MessageDeduplicationId + // explicitly. If you aren't able to provide a MessageDeduplicationId and + // you enable ContentBasedDeduplication for your queue, Amazon SQS uses a + // SHA-256 hash to generate the MessageDeduplicationId using the body of // the message (but not the attributes of the message). If you don't provide // a MessageDeduplicationId and the queue doesn't have ContentBasedDeduplication // set, the action fails with an error. If the queue has ContentBasedDeduplication @@ -5064,15 +5031,7 @@ type SetQueueAttributesInput struct { // as the one generated for the first MessageDeduplicationId, the two messages // are treated as duplicates and only one copy of the message is delivered. // - // Preview: High throughput for FIFO queues - // - // High throughput for Amazon SQS FIFO queues is in preview release and is subject - // to change. This feature provides a high number of transactions per second - // (TPS) for messages in FIFO queues. For information on throughput quotas, - // see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) - // in the Amazon Simple Queue Service Developer Guide. - // - // This preview includes two new attributes: + // The following attributes apply only to high throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html): // // * DeduplicationScope – Specifies whether message deduplication occurs // at the message group or queue level. Valid values are messageGroup and @@ -5090,22 +5049,11 @@ type SetQueueAttributesInput struct { // * Set FifoThroughputLimit to perMessageGroupId. // // If you set these attributes to anything other than the values shown for enabling - // high throughput, standard throughput is in effect and deduplication occurs + // high throughput, normal throughput is in effect and deduplication occurs // as specified. // - // This preview is available in the following AWS Regions: - // - // * US East (Ohio); us-east-2 - // - // * US East (N. Virginia); us-east-1 - // - // * US West (Oregon); us-west-2 - // - // * Europe (Ireland); eu-west-1 - // - // For more information about high throughput for FIFO queues, see Preview: - // High throughput for FIFO queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) - // in the Amazon Simple Queue Service Developer Guide. + // For information on throughput quotas, see Quotas related to messages (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) + // in the Amazon SQS Developer Guide. // // Attributes is a required field Attributes map[string]*string `locationName:"Attribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true" required:"true"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go index 854208bcc6..57d7718cd1 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go @@ -3,20 +3,19 @@ // Package sqs provides the client and types for making API // requests to Amazon Simple Queue Service. // -// Welcome to the Amazon Simple Queue Service API Reference. +// Welcome to the Amazon SQS API Reference. // -// Amazon Simple Queue Service (Amazon SQS) is a reliable, highly-scalable hosted -// queue for storing messages as they travel between applications or microservices. -// Amazon SQS moves data between distributed application components and helps -// you decouple these components. +// Amazon SQS is a reliable, highly-scalable hosted queue for storing messages +// as they travel between applications or microservices. Amazon SQS moves data +// between distributed application components and helps you decouple these components. // // For information on the permissions you need to use this API, see Identity // and access management (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-authentication-and-access-control.html) -// in the Amazon Simple Queue Service Developer Guide. +// in the Amazon SQS Developer Guide. // -// You can use AWS SDKs (http://aws.amazon.com/tools/#sdk) to access Amazon -// SQS using your favorite programming language. The SDKs perform tasks such -// as the following automatically: +// You can use Amazon Web Services SDKs (http://aws.amazon.com/tools/#sdk) to +// access Amazon SQS using your favorite programming language. The SDKs perform +// tasks such as the following automatically: // // * Cryptographically sign your service requests // @@ -28,11 +27,11 @@ // // * Amazon SQS Product Page (http://aws.amazon.com/sqs/) // -// * Amazon Simple Queue Service Developer Guide Making API Requests (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html) +// * Amazon SQS Developer Guide Making API Requests (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html) // Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-metadata.html#sqs-message-attributes) // Amazon SQS Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // -// * Amazon SQS in the AWS CLI Command Reference (http://docs.aws.amazon.com/cli/latest/reference/sqs/index.html) +// * Amazon SQS in the Command Line Interface (http://docs.aws.amazon.com/cli/latest/reference/sqs/index.html) // // * Amazon Web Services General Reference Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region) // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 17c4637889..3cffd533d9 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -57,19 +57,20 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // AssumeRole API operation for AWS Security Token Service. // // Returns a set of temporary security credentials that you can use to access -// AWS resources that you might not normally have access to. These temporary -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use AssumeRole within your account or for cross-account -// access. For a comparison of AssumeRole with other API operations that produce -// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Amazon Web Services resources that you might not normally have access to. +// These temporary credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use AssumeRole within your account +// or for cross-account access. For a comparison of AssumeRole with other API +// operations that produce temporary credentials, see Requesting Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Permissions // // The temporary security credentials created by AssumeRole can be used to make -// API calls to any AWS service with the following exception: You cannot call -// the AWS STS GetFederationToken or GetSessionToken API operations. +// API calls to any Amazon Web Services service with the following exception: +// You cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -79,15 +80,15 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// To assume a role from a different account, your AWS account must be trusted -// by the role. The trust relationship is defined in the role's trust policy -// when the role is created. That trust policy states which accounts are allowed +// To assume a role from a different account, your account must be trusted by +// the role. The trust relationship is defined in the role's trust policy when +// the role is created. That trust policy states which accounts are allowed // to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions @@ -129,12 +130,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // (Optional) You can include multi-factor authentication (MFA) information // when you call AssumeRole. This is useful for cross-account scenarios to ensure -// that the user that assumes the role has been authenticated with an AWS MFA -// device. In that scenario, the trust policy of the role being assumed includes -// a condition that tests for MFA authentication. If the caller does not include -// valid MFA information, the request to assume the role is denied. The condition -// in a trust policy that tests for MFA authentication might look like the following -// example. +// that the user that assumes the role has been authenticated with an Amazon +// Web Services MFA device. In that scenario, the trust policy of the role being +// assumed includes a condition that tests for MFA authentication. If the caller +// does not include valid MFA information, the request to assume the role is +// denied. The condition in a trust policy that tests for MFA authentication +// might look like the following example. // // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} // @@ -160,11 +161,11 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -176,7 +177,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // * ErrCodeExpiredTokenException "ExpiredTokenException" @@ -252,16 +254,17 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // Returns a set of temporary security credentials for users who have been authenticated // via a SAML authentication response. This operation provides a mechanism for -// tying an enterprise identity store or directory to role-based AWS access -// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML -// with the other API operations that produce temporary credentials, see Requesting -// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// tying an enterprise identity store or directory to role-based Amazon Web +// Services access without user-specific credentials or configuration. For a +// comparison of AssumeRoleWithSAML with the other API operations that produce +// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this operation consist of // an access key ID, a secret access key, and a security token. Applications -// can use these temporary security credentials to sign calls to AWS services. +// can use these temporary security credentials to sign calls to Amazon Web +// Services services. // // Session Duration // @@ -281,19 +284,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // in the IAM User Guide. // // Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) -// limits your AWS CLI or AWS API role session to a maximum of one hour. When -// you use the AssumeRole API operation to assume a role, you can specify the -// duration of your role session with the DurationSeconds parameter. You can -// specify a parameter value of up to 43200 seconds (12 hours), depending on -// the maximum session duration setting for your role. However, if you assume +// limits your CLI or Amazon Web Services API role session to a maximum of one +// hour. When you use the AssumeRole API operation to assume a role, you can +// specify the duration of your role session with the DurationSeconds parameter. +// You can specify a parameter value of up to 43200 seconds (12 hours), depending +// on the maximum session duration setting for your role. However, if you assume // a role using role chaining and provide a DurationSeconds parameter value // greater than one hour, the operation fails. // // Permissions // // The temporary security credentials created by AssumeRoleWithSAML can be used -// to make API calls to any AWS service with the following exception: you cannot -// call the STS GetFederationToken or GetSessionToken API operations. +// to make API calls to any Amazon Web Services service with the following exception: +// you cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -303,18 +306,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Calling AssumeRoleWithSAML does not require the use of AWS security credentials. -// The identity of the caller is validated by using keys in the metadata document -// that is uploaded for the SAML provider entity for your identity provider. +// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services +// security credentials. The identity of the caller is validated by using keys +// in the metadata document that is uploaded for the SAML provider entity for +// your identity provider. // -// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail -// logs. The entry includes the value in the NameID element of the SAML assertion. +// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. +// The entry includes the value in the NameID element of the SAML assertion. // We recommend that you use a NameIDType that is not associated with any personally // identifiable information (PII). For example, you could instead use the persistent // identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). @@ -332,11 +336,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, session tags override the role's tags with the same @@ -356,10 +360,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // SAML Configuration // // Before your application can call AssumeRoleWithSAML, you must configure your -// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, -// you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider. You must -// also create an IAM role that specifies this SAML provider in its trust policy. +// SAML identity provider (IdP) to issue the claims required by Amazon Web Services. +// Additionally, you must use Identity and Access Management (IAM) to create +// a SAML provider entity in your Amazon Web Services account that represents +// your identity provider. You must also create an IAM role that specifies this +// SAML provider in its trust policy. // // For more information, see the following resources: // @@ -389,11 +394,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -409,8 +414,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // can also mean that the claim has expired or has been explicitly revoked. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -420,7 +426,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML @@ -496,30 +503,33 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Connect-compatible identity provider. // // For mobile applications, we recommend that you use Amazon Cognito. You can -// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) -// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) -// to uniquely identify a user. You can also supply the user with a consistent -// identity throughout the lifetime of an application. +// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide +// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android +// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify +// a user. You can also supply the user with a consistent identity throughout +// the lifetime of an application. // // To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the AWS SDK for iOS Developer Guide. +// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito +// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) +// in the Amazon Web Services SDK for iOS Developer Guide. // -// Calling AssumeRoleWithWebIdentity does not require the use of AWS security -// credentials. Therefore, you can distribute an application (for example, on -// mobile devices) that requests temporary security credentials without including -// long-term AWS credentials in the application. You also don't need to deploy -// server-based proxy services that use long-term AWS credentials. Instead, -// the identity of the caller is validated by using a token from the web identity -// provider. For a comparison of AssumeRoleWithWebIdentity with the other API -// operations that produce temporary credentials, see Requesting Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web +// Services security credentials. Therefore, you can distribute an application +// (for example, on mobile devices) that requests temporary security credentials +// without including long-term Amazon Web Services credentials in the application. +// You also don't need to deploy server-based proxy services that use long-term +// Amazon Web Services credentials. Instead, the identity of the caller is validated +// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these -// temporary security credentials to sign calls to AWS service API operations. +// temporary security credentials to sign calls to Amazon Web Services service +// API operations. // // Session Duration // @@ -539,8 +549,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Permissions // // The temporary security credentials created by AssumeRoleWithWebIdentity can -// be used to make API calls to any AWS service with the following exception: -// you cannot call the STS GetFederationToken or GetSessionToken API operations. +// be used to make API calls to any Amazon Web Services service with the following +// exception: you cannot call the STS GetFederationToken or GetSessionToken +// API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -550,10 +561,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // Tags @@ -569,11 +580,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, the session tag overrides the role tag with the same @@ -598,7 +609,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // the identity provider that is associated with the identity token. In other // words, the identity provider must be specified in the role's trust policy. // -// Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail +// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail // logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) // of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you @@ -614,10 +625,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/). // Walk through the process of authenticating through Login with Amazon, // Facebook, or Google, getting temporary security credentials, and then -// using those credentials to make a request to AWS. +// using those credentials to make a request to Amazon Web Services. // -// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and -// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). +// * Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) +// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). // These toolkits contain sample apps that show how to invoke the identity // providers. The toolkits then show how to use the information from these // providers to get and use temporary security credentials. @@ -641,11 +652,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -668,8 +679,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // error persists, the identity provider might be down or not responding. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -679,7 +691,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity @@ -749,16 +762,18 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // DecodeAuthorizationMessage API operation for AWS Security Token Service. // // Decodes additional information about the authorization status of a request -// from an encoded message returned in response to an AWS request. +// from an encoded message returned in response to an Amazon Web Services request. // // For example, if a user is not authorized to perform an operation that he // or she has requested, the request returns a Client.UnauthorizedOperation -// response (an HTTP 403 response). Some AWS operations additionally return -// an encoded message that can provide details about this authorization failure. +// response (an HTTP 403 response). Some Amazon Web Services operations additionally +// return an encoded message that can provide details about this authorization +// failure. // -// Only certain AWS operations return an encoded authorization message. The -// documentation for an individual operation indicates whether that operation -// returns an encoded message in addition to returning an HTTP code. +// Only certain Amazon Web Services operations return an encoded authorization +// message. The documentation for an individual operation indicates whether +// that operation returns an encoded message in addition to returning an HTTP +// code. // // The message is encoded because the details of the authorization status can // constitute privileged information that the user who requested the operation @@ -869,12 +884,12 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques // in the IAM User Guide. // // When you pass an access key ID to this operation, it returns the ID of the -// AWS account to which the keys belong. Access key IDs beginning with AKIA -// are long-term credentials for an IAM user or the AWS account root user. Access -// key IDs beginning with ASIA are temporary credentials that are created using -// STS operations. If the account in the response belongs to you, you can sign -// in as the root user and review your root user access keys. Then, you can -// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) +// Amazon Web Services account to which the keys belong. Access key IDs beginning +// with AKIA are long-term credentials for an IAM user or the Amazon Web Services +// account root user. Access key IDs beginning with ASIA are temporary credentials +// that are created using STS operations. If the account in the response belongs +// to you, you can sign in as the root user and review your root user access +// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail // logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) @@ -1050,7 +1065,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // You can create a mobile-based or browser-based app that can authenticate @@ -1062,11 +1077,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1074,15 +1089,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1126,11 +1142,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1138,15 +1154,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1208,11 +1225,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -1224,7 +1241,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken @@ -1293,51 +1311,53 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // GetSessionToken API operation for AWS Security Token Service. // -// Returns a set of temporary credentials for an AWS account or IAM user. The -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use GetSessionToken if you want to use MFA to protect -// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. -// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA -// code that is associated with their MFA device. Using the temporary security -// credentials that are returned from the call, IAM users can then make programmatic -// calls to API operations that require MFA authentication. If you do not supply -// a correct MFA code, then the API returns an access denied error. For a comparison -// of GetSessionToken with the other API operations that produce temporary credentials, -// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Returns a set of temporary credentials for an Amazon Web Services account +// or IAM user. The credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use GetSessionToken if you want +// to use MFA to protect programmatic calls to specific Amazon Web Services +// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would +// need to call GetSessionToken and submit an MFA code that is associated with +// their MFA device. Using the temporary security credentials that are returned +// from the call, IAM users can then make programmatic calls to API operations +// that require MFA authentication. If you do not supply a correct MFA code, +// then the API returns an access denied error. For a comparison of GetSessionToken +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Session Duration // -// The GetSessionToken operation must be called by using the long-term AWS security -// credentials of the AWS account root user or an IAM user. Credentials that -// are created by IAM users are valid for the duration that you specify. This -// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 -// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials -// based on account credentials can range from 900 seconds (15 minutes) up to -// 3,600 seconds (1 hour), with a default of 1 hour. +// The GetSessionToken operation must be called by using the long-term Amazon +// Web Services security credentials of the Amazon Web Services account root +// user or an IAM user. Credentials that are created by IAM users are valid +// for the duration that you specify. This duration can range from 900 seconds +// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default +// of 43,200 seconds (12 hours). Credentials based on account credentials can +// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a +// default of 1 hour. // // Permissions // // The temporary security credentials created by GetSessionToken can be used -// to make API calls to any AWS service with the following exceptions: +// to make API calls to any Amazon Web Services service with the following exceptions: // // * You cannot call any IAM API operations unless MFA authentication information // is included in the request. // // * You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with AWS account root user -// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) +// We recommend that you do not call GetSessionToken with Amazon Web Services +// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) // by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with AWS. +// and using IAM users for everyday interaction with Amazon Web Services. // // The credentials that are returned by GetSessionToken are based on permissions // associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using AWS account root user credentials, the -// temporary credentials have root user permissions. Similarly, if GetSessionToken -// is called using the credentials of an IAM user, the temporary credentials -// have the same permissions as the IAM user. +// If GetSessionToken is called using Amazon Web Services account root user +// credentials, the temporary credentials have root user permissions. Similarly, +// if GetSessionToken is called using the credentials of an IAM user, the temporary +// credentials have the same permissions as the IAM user. // // For more information about using GetSessionToken to create temporary credentials, // go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) @@ -1355,7 +1375,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken @@ -1401,7 +1422,7 @@ type AssumeRoleInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1413,8 +1434,8 @@ type AssumeRoleInput struct { // of the trusting account might send an external ID to the administrator of // the trusted account. That way, only someone with the ID can assume the role, // rather than everyone in the account. For more information about the external - // ID, see How to Use an External ID When Granting Access to Your AWS Resources - // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) + // ID, see How to Use an External ID When Granting Access to Your Amazon Web + // Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1427,10 +1448,11 @@ type AssumeRoleInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1439,11 +1461,11 @@ type AssumeRoleInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1453,22 +1475,22 @@ type AssumeRoleInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1485,7 +1507,7 @@ type AssumeRoleInput struct { // account that owns the role. The role session name is also used in the ARN // of the assumed role principal. This means that subsequent cross-account API // requests that use the temporary security credentials will expose the role - // session name to the external account in their AWS CloudTrail logs. + // session name to the external account in their CloudTrail logs. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -1510,23 +1532,23 @@ type AssumeRoleInput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can // also include underscores or any of the following characters: =,.@-. You cannot - // use a value that begins with the text aws:. This prefix is reserved for AWS - // internal use. + // use a value that begins with the text aws:. This prefix is reserved for Amazon + // Web Services internal use. SourceIdentity *string `min:"2" type:"string"` // A list of session tags that you want to pass. Each session tag consists of // a key name and an associated value. For more information about session tags, - // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // see Tagging STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // This parameter is optional. You can pass up to 50 session tags. The plaintext @@ -1535,11 +1557,11 @@ type AssumeRoleInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the role. When you do, session tags override a role tag with the same @@ -1554,7 +1576,7 @@ type AssumeRoleInput struct { // Additionally, if you used temporary credentials to perform this operation, // the new session inherits any transitive session tags from the calling session. // If you pass a session tag with the same key as an inherited tag, the operation - // fails. To view the inherited tags for a session, see the AWS CloudTrail logs. + // fails. To view the inherited tags for a session, see the CloudTrail logs. // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs) // in the IAM User Guide. Tags []*Tag `type:"list"` @@ -1720,7 +1742,8 @@ func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput { } // Contains the response to a successful AssumeRole request, including temporary -// AWS credentials that can be used to make AWS requests. +// Amazon Web Services credentials that can be used to make Amazon Web Services +// requests. type AssumeRoleOutput struct { _ struct{} `type:"structure"` @@ -1749,11 +1772,11 @@ type AssumeRoleOutput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1819,7 +1842,7 @@ type AssumeRoleWithSAMLInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1828,10 +1851,11 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1840,11 +1864,11 @@ type AssumeRoleWithSAMLInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1854,22 +1878,22 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1984,7 +2008,8 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML } // Contains the response to a successful AssumeRoleWithSAML request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type AssumeRoleWithSAMLOutput struct { _ struct{} `type:"structure"` @@ -2010,7 +2035,7 @@ type AssumeRoleWithSAMLOutput struct { // // * The Issuer response value. // - // * The AWS account ID. + // * The Amazon Web Services account ID. // // * The friendly name (the last part of the ARN) of the SAML provider in // IAM. @@ -2148,7 +2173,7 @@ type AssumeRoleWithWebIdentityInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -2157,10 +2182,11 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -2169,11 +2195,11 @@ type AssumeRoleWithWebIdentityInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2183,22 +2209,22 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -2338,7 +2364,8 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo } // Contains the response to a successful AssumeRoleWithWebIdentity request, -// including temporary AWS credentials that can be used to make AWS requests. +// including temporary Amazon Web Services credentials that can be used to make +// Amazon Web Services requests. type AssumeRoleWithWebIdentityOutput struct { _ struct{} `type:"structure"` @@ -2471,8 +2498,8 @@ type AssumedRoleUser struct { Arn *string `min:"20" type:"string" required:"true"` // A unique identifier that contains the role ID and the role session name of - // the role that is being assumed. The role ID is generated by AWS when the - // role is created. + // the role that is being assumed. The role ID is generated by Amazon Web Services + // when the role is created. // // AssumedRoleId is a required field AssumedRoleId *string `min:"2" type:"string" required:"true"` @@ -2500,7 +2527,7 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser { return s } -// AWS credentials for API authentication. +// Amazon Web Services credentials for API authentication. type Credentials struct { _ struct{} `type:"structure"` @@ -2601,8 +2628,8 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut } // A document that contains additional information about the authorization status -// of a request from an encoded message that is returned in response to an AWS -// request. +// of a request from an encoded message that is returned in response to an Amazon +// Web Services request. type DecodeAuthorizationMessageOutput struct { _ struct{} `type:"structure"` @@ -2714,7 +2741,7 @@ func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput type GetAccessKeyInfoOutput struct { _ struct{} `type:"structure"` - // The number used to identify the AWS account. + // The number used to identify the Amazon Web Services account. Account *string `type:"string"` } @@ -2753,11 +2780,11 @@ func (s GetCallerIdentityInput) GoString() string { type GetCallerIdentityOutput struct { _ struct{} `type:"structure"` - // The AWS account ID number of the account that owns or contains the calling - // entity. + // The Amazon Web Services account ID number of the account that owns or contains + // the calling entity. Account *string `type:"string"` - // The AWS ARN associated with the calling entity. + // The Amazon Web Services ARN associated with the calling entity. Arn *string `min:"20" type:"string"` // The unique identifier of the calling entity. The exact value depends on the @@ -2801,9 +2828,10 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using AWS account root user credentials are restricted to a maximum of 3,600 - // seconds (one hour). If the specified duration is longer than one hour, the - // session obtained by using root user credentials defaults to one hour. + // using Amazon Web Services account root user credentials are restricted to + // a maximum of 3,600 seconds (one hour). If the specified duration is longer + // than one hour, the session obtained by using root user credentials defaults + // to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -2848,11 +2876,11 @@ type GetFederationTokenInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2865,8 +2893,8 @@ type GetFederationTokenInput struct { // use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // // This parameter is optional. However, if you do not pass any session policies, // then the resulting federated user session has no permissions. @@ -2885,11 +2913,11 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` // A list of session tags. Each session tag consists of a key name and an associated @@ -2903,11 +2931,11 @@ type GetFederationTokenInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the user you are federating. When you do, session tags override a user @@ -3004,7 +3032,8 @@ func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput { } // Contains the response to a successful GetFederationToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetFederationTokenOutput struct { _ struct{} `type:"structure"` @@ -3062,9 +3091,9 @@ type GetSessionTokenInput struct { // The duration, in seconds, that the credentials should remain valid. Acceptable // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions - // for AWS account owners are restricted to a maximum of 3,600 seconds (one - // hour). If the duration is longer than one hour, the session for AWS account - // owners defaults to one hour. + // for Amazon Web Services account owners are restricted to a maximum of 3,600 + // seconds (one hour). If the duration is longer than one hour, the session + // for Amazon Web Services account owners defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The identification number of the MFA device that is associated with the IAM @@ -3072,7 +3101,7 @@ type GetSessionTokenInput struct { // user has a policy that requires MFA authentication. The value is either the // serial number for a hardware device (such as GAHT12345678) or an Amazon Resource // Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). - // You can find the device for an IAM user by going to the AWS Management Console + // You can find the device for an IAM user by going to the Management Console // and viewing the user's security credentials. // // The regex used to validate this parameter is a string of characters consisting @@ -3139,7 +3168,8 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput { } // Contains the response to a successful GetSessionToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetSessionTokenOutput struct { _ struct{} `type:"structure"` @@ -3174,8 +3204,8 @@ type PolicyDescriptorType struct { // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session // policy for the role. For more information about ARNs, see Amazon Resource - // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. Arn *string `locationName:"arn" min:"20" type:"string"` } @@ -3210,9 +3240,9 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags -// to control access to resources. For more information, see Tagging AWS STS -// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. +// to control access to resources. For more information, see Tagging STS Sessions +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in +// the IAM User Guide. type Tag struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index cb1debbaa4..2d98d92353 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -3,11 +3,11 @@ // Package sts provides the client and types for making API // requests to AWS Security Token Service. // -// AWS Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for AWS Identity and Access Management (IAM) users or for users -// that you authenticate (federated users). This guide provides descriptions -// of the STS API. For more information about using this service, see Temporary -// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// Security Token Service (STS) enables you to request temporary, limited-privilege +// credentials for Identity and Access Management (IAM) users or for users that +// you authenticate (federated users). This guide provides descriptions of the +// STS API. For more information about using this service, see Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index a233f542ef..7897d70c87 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go @@ -42,8 +42,9 @@ const ( // ErrCodeInvalidIdentityTokenException for service response error code // "InvalidIdentityToken". // - // The web identity token that was passed could not be validated by AWS. Get - // a new identity token from the identity provider and then retry the request. + // The web identity token that was passed could not be validated by Amazon Web + // Services. Get a new identity token from the identity provider and then retry + // the request. ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken" // ErrCodeMalformedPolicyDocumentException for service response error code @@ -57,11 +58,11 @@ const ( // "PackedPolicyTooLarge". // // The request was rejected because the total packed size of the session policies - // and session tags combined was too large. An AWS conversion compresses the - // session policy document, session policy ARNs, and session tags into a packed - // binary format that has a separate limit. The error message indicates by percentage - // how close the policies and tags are to the upper size limit. For more information, - // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // and session tags combined was too large. An Amazon Web Services conversion + // compresses the session policy document, session policy ARNs, and session + // tags into a packed binary format that has a separate limit. The error message + // indicates by percentage how close the policies and tags are to the upper + // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -76,7 +77,8 @@ const ( // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating - // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // and Deactivating Amazon Web Services STS in an Amazon Web Services Region + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. ErrCodeRegionDisabledException = "RegionDisabledException" ) diff --git a/vendor/golang.org/x/net/http2/ascii.go b/vendor/golang.org/x/net/http2/ascii.go index 0c58d727c1..17caa20586 100644 --- a/vendor/golang.org/x/net/http2/ascii.go +++ b/vendor/golang.org/x/net/http2/ascii.go @@ -6,6 +6,10 @@ package http2 import "strings" +// The HTTP protocols are defined in terms of ASCII, not Unicode. This file +// contains helper functions which may use Unicode-aware functions which would +// otherwise be unsafe and could introduce vulnerabilities if used improperly. + // asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t // are equal, ASCII-case-insensitively. func asciiEqualFold(s, t string) bool { diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 09bc70533a..0ccbe9b4c2 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -259,16 +259,12 @@ func ConfigureServer(s *http.Server, conf *Server) error { s.TLSConfig.PreferServerCipherSuites = true - haveNPN := false - for _, p := range s.TLSConfig.NextProtos { - if p == NextProtoTLS { - haveNPN = true - break - } - } - if !haveNPN { + if !strSliceContains(s.TLSConfig.NextProtos, NextProtoTLS) { s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, NextProtoTLS) } + if !strSliceContains(s.TLSConfig.NextProtos, "http/1.1") { + s.TLSConfig.NextProtos = append(s.TLSConfig.NextProtos, "http/1.1") + } if s.TLSNextProto == nil { s.TLSNextProto = map[string]func(*http.Server, *tls.Conn, http.Handler){} diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 7bd4b9c197..b97adff7d0 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -264,9 +264,8 @@ type ClientConn struct { peerMaxHeaderListSize uint64 initialWindowSize uint32 - hbuf bytes.Buffer // HPACK encoder writes into this - henc *hpack.Encoder - freeBuf [][]byte + hbuf bytes.Buffer // HPACK encoder writes into this + henc *hpack.Encoder wmu sync.Mutex // held while writing; acquire AFTER mu if holding both werr error // first write error that has occurred @@ -913,46 +912,6 @@ func (cc *ClientConn) closeForLostPing() error { return cc.closeForError(err) } -const maxAllocFrameSize = 512 << 10 - -// frameBuffer returns a scratch buffer suitable for writing DATA frames. -// They're capped at the min of the peer's max frame size or 512KB -// (kinda arbitrarily), but definitely capped so we don't allocate 4GB -// bufers. -func (cc *ClientConn) frameScratchBuffer() []byte { - cc.mu.Lock() - size := cc.maxFrameSize - if size > maxAllocFrameSize { - size = maxAllocFrameSize - } - for i, buf := range cc.freeBuf { - if len(buf) >= int(size) { - cc.freeBuf[i] = nil - cc.mu.Unlock() - return buf[:size] - } - } - cc.mu.Unlock() - return make([]byte, size) -} - -func (cc *ClientConn) putFrameScratchBuffer(buf []byte) { - cc.mu.Lock() - defer cc.mu.Unlock() - const maxBufs = 4 // arbitrary; 4 concurrent requests per conn? investigate. - if len(cc.freeBuf) < maxBufs { - cc.freeBuf = append(cc.freeBuf, buf) - return - } - for i, old := range cc.freeBuf { - if old == nil { - cc.freeBuf[i] = buf - return - } - } - // forget about it. -} - // errRequestCanceled is a copy of net/http's errRequestCanceled because it's not // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests. var errRequestCanceled = errors.New("net/http: request canceled") @@ -1295,11 +1254,35 @@ var ( errReqBodyTooLong = errors.New("http2: request body larger than specified content length") ) +// frameScratchBufferLen returns the length of a buffer to use for +// outgoing request bodies to read/write to/from. +// +// It returns max(1, min(peer's advertised max frame size, +// Request.ContentLength+1, 512KB)). +func (cs *clientStream) frameScratchBufferLen(maxFrameSize int) int { + const max = 512 << 10 + n := int64(maxFrameSize) + if n > max { + n = max + } + if cl := actualContentLength(cs.req); cl != -1 && cl+1 < n { + // Add an extra byte past the declared content-length to + // give the caller's Request.Body io.Reader a chance to + // give us more bytes than they declared, so we can catch it + // early. + n = cl + 1 + } + if n < 1 { + return 1 + } + return int(n) // doesn't truncate; max is 512K +} + +var bufPool sync.Pool // of *[]byte + func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) (err error) { cc := cs.cc sentEnd := false // whether we sent the final DATA frame w/ END_STREAM - buf := cc.frameScratchBuffer() - defer cc.putFrameScratchBuffer(buf) defer func() { traceWroteRequest(cs.trace, err) @@ -1318,9 +1301,24 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( remainLen := actualContentLength(req) hasContentLen := remainLen != -1 + cc.mu.Lock() + maxFrameSize := int(cc.maxFrameSize) + cc.mu.Unlock() + + // Scratch buffer for reading into & writing from. + scratchLen := cs.frameScratchBufferLen(maxFrameSize) + var buf []byte + if bp, ok := bufPool.Get().(*[]byte); ok && len(*bp) >= scratchLen { + defer bufPool.Put(bp) + buf = *bp + } else { + buf = make([]byte, scratchLen) + defer bufPool.Put(&buf) + } + var sawEOF bool for !sawEOF { - n, err := body.Read(buf[:len(buf)-1]) + n, err := body.Read(buf[:len(buf)]) if hasContentLen { remainLen -= int64(n) if remainLen == 0 && err == nil { @@ -1331,8 +1329,9 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( // to send the END_STREAM bit early, double-check that we're actually // at EOF. Subsequent reads should return (0, EOF) at this point. // If either value is different, we return an error in one of two ways below. + var scratch [1]byte var n1 int - n1, err = body.Read(buf[n:]) + n1, err = body.Read(scratch[:]) remainLen -= int64(n1) } if remainLen < 0 { @@ -1402,10 +1401,6 @@ func (cs *clientStream) writeRequestBody(body io.Reader, bodyCloser io.Closer) ( } } - cc.mu.Lock() - maxFrameSize := int(cc.maxFrameSize) - cc.mu.Unlock() - cc.wmu.Lock() defer cc.wmu.Unlock() diff --git a/vendor/modules.txt b/vendor/modules.txt index c998d06af3..a23bca7c81 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -116,7 +116,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/bytequantity github.com/aws/amazon-ec2-instance-selector/v2/pkg/cli github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs -# github.com/aws/aws-sdk-go v1.38.29 +# github.com/aws/aws-sdk-go v1.40.0 ## explicit github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn @@ -744,7 +744,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf # golang.org/x/mod v0.4.2 golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/net v0.0.0-20210525063256-abc453219eb5 +# golang.org/x/net v0.0.0-20210614182718-04defd469f4e ## explicit golang.org/x/net/bpf golang.org/x/net/context