Update aws-sdk-go to v1.37.33 for kOps 1.20

go.mod

@@ -42,7 +42,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.1.0
 	github.com/aliyun/alibaba-cloud-sdk-go v1.61.264
 	github.com/aws/amazon-ec2-instance-selector/v2 v2.0.1
-	github.com/aws/aws-sdk-go v1.37.0
+	github.com/aws/aws-sdk-go v1.37.33
 	github.com/blang/semver/v4 v4.0.0
 	github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect
 	github.com/denverdino/aliyungo v0.0.0-20191128015008-acd8035bbb1d

go.sum

@@ -158,8 +158,8 @@ github.com/aws/aws-sdk-go v1.28.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN
 github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.34.30/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
 github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k=
-github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk=
+github.com/aws/aws-sdk-go v1.37.33 h1:bAzhEFOh/UKC2e1QwlUA4klDc6EdV0j0AcnzgeGzifU=
-github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/aws/aws-sdk-go v1.37.33/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=

vendor/github.com/aws/aws-sdk-go/aws/client/client.go

@@ -88,10 +88,6 @@ func (c *Client) NewRequest(operation *request.Operation, params interface{}, da
 // AddDebugHandlers injects debug logging handlers into the service to log request
 // debug information.
 func (c *Client) AddDebugHandlers() {
-	if !c.Config.LogLevel.AtLeast(aws.LogDebug) {
-		return
-	}
-
 	c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler)
 	c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler)
 }

vendor/github.com/aws/aws-sdk-go/aws/client/logger.go

@@ -53,6 +53,10 @@ var LogHTTPRequestHandler = request.NamedHandler{
 }
 
 func logRequest(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) {
+		return
+	}
+
 	logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
 	bodySeekable := aws.IsReaderSeekable(r.Body)
 
@@ -120,6 +124,10 @@ var LogHTTPResponseHandler = request.NamedHandler{
 }
 
 func logResponse(r *request.Request) {
+	if !r.Config.LogLevel.AtLeast(aws.LogDebug) {
+		return
+	}
+
 	lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
 
 	if r.HTTPResponse == nil {

vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go

@@ -95,7 +95,7 @@ import (
 // StdinTokenProvider will prompt on stderr and read from stdin for a string value.
 // An error is returned if reading from stdin fails.
 //
-// Use this function go read MFA tokens from stdin. The function makes no attempt
+// Use this function to read MFA tokens from stdin. The function makes no attempt
 // to make atomic prompts from stdin across multiple gorouties.
 //
 // Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will

vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go

@@ -21,6 +21,7 @@ const (
 	ApEast1RegionID      = "ap-east-1"      // Asia Pacific (Hong Kong).
 	ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo).
 	ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul).
+	ApNortheast3RegionID = "ap-northeast-3" // Asia Pacific (Osaka).
 	ApSouth1RegionID     = "ap-south-1"     // Asia Pacific (Mumbai).
 	ApSoutheast1RegionID = "ap-southeast-1" // Asia Pacific (Singapore).
 	ApSoutheast2RegionID = "ap-southeast-2" // Asia Pacific (Sydney).
@@ -121,6 +122,9 @@ var awsPartition = partition{
 		"ap-northeast-2": region{
 			Description: "Asia Pacific (Seoul)",
 		},
+		"ap-northeast-3": region{
+			Description: "Asia Pacific (Osaka)",
+		},
 		"ap-south-1": region{
 			Description: "Asia Pacific (Mumbai)",
 		},
@@ -184,6 +188,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -239,6 +244,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -358,6 +364,23 @@ var awsPartition = partition{
 				"us-west-2":      endpoint{},
 			},
 		},
+		"amplifybackend": service{
+
+			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
+				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-2":      endpoint{},
+			},
+		},
 		"api.detective": service{
 			Defaults: endpoint{
 				Protocols: []string{"https"},
@@ -436,6 +459,12 @@ var awsPartition = partition{
 						Region: "ap-northeast-2",
 					},
 				},
+				"ap-northeast-3": endpoint{
+					Hostname: "api.ecr.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
 				"ap-south-1": endpoint{
 					Hostname: "api.ecr.ap-south-1.amazonaws.com",
 					CredentialScope: credentialScope{
@@ -690,6 +719,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -749,6 +779,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -899,6 +930,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -972,9 +1004,11 @@ var awsPartition = partition{
 		"batch": service{
 
 			Endpoints: endpoints{
+				"af-south-1":     endpoint{},
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -1104,6 +1138,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -1369,6 +1404,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -1583,6 +1619,12 @@ var awsPartition = partition{
 						Region: "us-east-2",
 					},
 				},
+				"fips-us-west-1": endpoint{
+					Hostname: "cognito-idp-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
 				"fips-us-west-2": endpoint{
 					Hostname: "cognito-idp-fips.us-west-2.amazonaws.com",
 					CredentialScope: credentialScope{
@@ -1686,6 +1728,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -1743,7 +1786,10 @@ var awsPartition = partition{
 		"contact-lens": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
+				"eu-central-1":   endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
@@ -1880,6 +1926,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -1941,6 +1988,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2118,6 +2166,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2180,6 +2229,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2237,6 +2287,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2303,6 +2354,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2354,6 +2406,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2403,6 +2456,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2434,6 +2488,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2483,6 +2538,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2517,6 +2573,12 @@ var awsPartition = partition{
 						Region: "ap-northeast-2",
 					},
 				},
+				"fips-ap-northeast-3": endpoint{
+					Hostname: "elasticfilesystem-fips.ap-northeast-3.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
 				"fips-ap-south-1": endpoint{
 					Hostname: "elasticfilesystem-fips.ap-south-1.amazonaws.com",
 					CredentialScope: credentialScope{
@@ -2630,6 +2692,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2682,6 +2745,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2761,8 +2825,18 @@ var awsPartition = partition{
 		"emr-containers": service{
 
 			Endpoints: endpoints{
+				"ap-northeast-1": endpoint{},
+				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
+				"ap-southeast-1": endpoint{},
+				"ap-southeast-2": endpoint{},
+				"ca-central-1":   endpoint{},
+				"eu-central-1":   endpoint{},
 				"eu-west-1":      endpoint{},
+				"eu-west-2":      endpoint{},
 				"us-east-1":      endpoint{},
+				"us-east-2":      endpoint{},
+				"us-west-1":      endpoint{},
 				"us-west-2":      endpoint{},
 			},
 		},
@@ -2783,6 +2857,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2814,6 +2889,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -2863,6 +2939,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3159,6 +3236,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3214,6 +3292,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3674,6 +3753,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3767,6 +3847,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3825,6 +3906,7 @@ var awsPartition = partition{
 						Region: "us-west-2",
 					},
 				},
+				"me-south-1": endpoint{},
 				"sa-east-1":  endpoint{},
 				"us-east-1":  endpoint{},
 				"us-east-2":  endpoint{},
@@ -3839,6 +3921,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -3955,6 +4038,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -4254,6 +4338,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -4328,6 +4413,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -4935,6 +5021,36 @@ var awsPartition = partition{
 				"eu-west-1":      endpoint{},
 				"eu-west-2":      endpoint{},
 				"eu-west-3":      endpoint{},
+				"fips-ca-central-1": endpoint{
+					Hostname: "ram-fips.ca-central-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "ca-central-1",
+					},
+				},
+				"fips-us-east-1": endpoint{
+					Hostname: "ram-fips.us-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-1",
+					},
+				},
+				"fips-us-east-2": endpoint{
+					Hostname: "ram-fips.us-east-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-east-2",
+					},
+				},
+				"fips-us-west-1": endpoint{
+					Hostname: "ram-fips.us-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-1",
+					},
+				},
+				"fips-us-west-2": endpoint{
+					Hostname: "ram-fips.us-west-2.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-west-2",
+					},
+				},
 				"me-south-1": endpoint{},
 				"sa-east-1":  endpoint{},
 				"us-east-1":  endpoint{},
@@ -4950,6 +5066,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -5007,6 +5124,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -5110,6 +5228,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -5312,6 +5431,7 @@ var awsPartition = partition{
 					SignatureVersions: []string{"s3", "s3v4"},
 				},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{
 					Hostname:          "s3.ap-southeast-1.amazonaws.com",
@@ -5388,6 +5508,13 @@ var awsPartition = partition{
 						Region: "ap-northeast-2",
 					},
 				},
+				"ap-northeast-3": endpoint{
+					Hostname:          "s3-control.ap-northeast-3.amazonaws.com",
+					SignatureVersions: []string{"s3v4"},
+					CredentialScope: credentialScope{
+						Region: "ap-northeast-3",
+					},
+				},
 				"ap-south-1": endpoint{
 					Hostname:          "s3-control.ap-south-1.amazonaws.com",
 					SignatureVersions: []string{"s3v4"},
@@ -5583,6 +5710,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -5824,6 +5952,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -5934,6 +6063,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6056,6 +6186,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6108,6 +6239,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6159,6 +6291,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6214,6 +6347,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6359,6 +6493,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6426,6 +6561,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6475,6 +6611,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -6560,6 +6697,8 @@ var awsPartition = partition{
 		"transfer": service{
 
 			Endpoints: endpoints{
+				"af-south-1":     endpoint{},
+				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
 				"ap-south-1":     endpoint{},
@@ -6601,6 +6740,7 @@ var awsPartition = partition{
 						Region: "us-west-2",
 					},
 				},
+				"me-south-1": endpoint{},
 				"sa-east-1":  endpoint{},
 				"us-east-1":  endpoint{},
 				"us-east-2":  endpoint{},
@@ -6951,6 +7091,7 @@ var awsPartition = partition{
 			Endpoints: endpoints{
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
 				"ca-central-1":   endpoint{},
@@ -6981,6 +7122,7 @@ var awsPartition = partition{
 				"ap-east-1":      endpoint{},
 				"ap-northeast-1": endpoint{},
 				"ap-northeast-2": endpoint{},
+				"ap-northeast-3": endpoint{},
 				"ap-south-1":     endpoint{},
 				"ap-southeast-1": endpoint{},
 				"ap-southeast-2": endpoint{},
@@ -7449,6 +7591,16 @@ var awscnPartition = partition{
 				"cn-north-1": endpoint{},
 			},
 		},
+		"guardduty": service{
+			IsRegionalized: boxedTrue,
+			Defaults: endpoint{
+				Protocols: []string{"https"},
+			},
+			Endpoints: endpoints{
+				"cn-north-1":     endpoint{},
+				"cn-northwest-1": endpoint{},
+			},
+		},
 		"health": service{
 
 			Endpoints: endpoints{
@@ -8323,6 +8475,12 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"connect": service{
+
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+			},
+		},
 		"datasync": service{
 
 			Endpoints: endpoints{
@@ -8964,6 +9122,22 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"models.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "models-fips.lex.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
 		"monitoring": service{
 
 			Endpoints: endpoints{
@@ -9072,8 +9246,18 @@ var awsusgovPartition = partition{
 		"ram": service{
 
 			Endpoints: endpoints{
-				"us-gov-east-1": endpoint{},
+				"us-gov-east-1": endpoint{
-				"us-gov-west-1": endpoint{},
+					Hostname: "ram.us-gov-east-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-east-1",
+					},
+				},
+				"us-gov-west-1": endpoint{
+					Hostname: "ram.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
 			},
 		},
 		"rds": service{
@@ -9169,10 +9353,32 @@ var awsusgovPartition = partition{
 				"us-gov-west-1": endpoint{},
 			},
 		},
+		"runtime.lex": service{
+			Defaults: endpoint{
+				CredentialScope: credentialScope{
+					Service: "lex",
+				},
+			},
+			Endpoints: endpoints{
+				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "runtime-fips.lex.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
+			},
+		},
 		"runtime.sagemaker": service{
 
 			Endpoints: endpoints{
 				"us-gov-west-1": endpoint{},
+				"us-gov-west-1-fips": endpoint{
+					Hostname: "runtime.sagemaker.us-gov-west-1.amazonaws.com",
+					CredentialScope: credentialScope{
+						Region: "us-gov-west-1",
+					},
+				},
 			},
 		},
 		"s3": service{
@@ -9892,12 +10098,30 @@ var awsisoPartition = partition{
 				"us-iso-east-1": endpoint{},
 			},
 		},
+		"medialive": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
+			},
+		},
+		"mediapackage": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
+			},
+		},
 		"monitoring": service{
 
 			Endpoints: endpoints{
 				"us-iso-east-1": endpoint{},
 			},
 		},
+		"outposts": service{
+
+			Endpoints: endpoints{
+				"us-iso-east-1": endpoint{},
+			},
+		},
 		"rds": service{
 
 			Endpoints: endpoints{
@@ -10287,6 +10511,19 @@ var awsisobPartition = partition{
 				"us-isob-east-1": endpoint{},
 			},
 		},
+		"route53": service{
+			PartitionEndpoint: "aws-iso-b-global",
+			IsRegionalized:    boxedFalse,
+
+			Endpoints: endpoints{
+				"aws-iso-b-global": endpoint{
+					Hostname: "route53.sc2s.sgov.gov",
+					CredentialScope: credentialScope{
+						Region: "us-isob-east-1",
+					},
+				},
+			},
+		},
 		"s3": service{
 			Defaults: endpoint{
 				Protocols:         []string{"http", "https"},

vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go

@@ -102,7 +102,7 @@ func resolveCredsFromProfile(cfg *aws.Config,
 		)
 
 	case sharedCfg.hasSSOConfiguration():
-		creds = resolveSSOCredentials(cfg, sharedCfg, handlers)
+		creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers)
 
 	case len(sharedCfg.CredentialProcess) != 0:
 		// Get credentials from CredentialProcess
@@ -155,7 +155,11 @@ func resolveCredsFromProfile(cfg *aws.Config,
 	return creds, nil
 }
 
-func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) *credentials.Credentials {
+func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) (*credentials.Credentials, error) {
+	if err := sharedCfg.validateSSOConfiguration(); err != nil {
+		return nil, err
+	}
+
 	cfgCopy := cfg.Copy()
 	cfgCopy.Region = &sharedCfg.SSORegion
 
@@ -167,7 +171,7 @@ func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers req
 		sharedCfg.SSOAccountID,
 		sharedCfg.SSORoleName,
 		sharedCfg.SSOStartURL,
-	)
+	), nil
 }
 
 // valid credential source values

vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go

@@ -70,6 +70,8 @@ const (
 
 // sharedConfig represents the configuration fields of the SDK config files.
 type sharedConfig struct {
+	Profile string
+
 	// Credentials values from the config file. Both aws_access_key_id and
 	// aws_secret_access_key must be provided together in the same file to be
 	// considered valid. The values will be ignored if not a complete group.
@@ -201,6 +203,8 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
 }
 
 func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
+	cfg.Profile = profile
+
 	// Trim files from the list that don't exist.
 	var skippedFiles int
 	var profileNotFoundErr error
@@ -365,10 +369,6 @@ func (cfg *sharedConfig) validateCredentialsConfig(profile string) error {
 		return err
 	}
 
-	if err := cfg.validateSSOConfiguration(profile); err != nil {
-		return err
-	}
-
 	return nil
 }
 
@@ -409,7 +409,7 @@ func (cfg *sharedConfig) validateCredentialType() error {
 	return nil
 }
 
-func (cfg *sharedConfig) validateSSOConfiguration(profile string) error {
+func (cfg *sharedConfig) validateSSOConfiguration() error {
 	if !cfg.hasSSOConfiguration() {
 		return nil
 	}
@@ -433,7 +433,7 @@ func (cfg *sharedConfig) validateSSOConfiguration(profile string) error {
 
 	if len(missing) > 0 {
 		return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s",
-			profile, strings.Join(missing, ", "))
+			cfg.Profile, strings.Join(missing, ", "))
 	}
 
 	return nil

vendor/github.com/aws/aws-sdk-go/aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.37.0"
+const SDKVersion = "1.37.33"

vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go

@@ -436,8 +436,7 @@ func (c *AutoScaling) BatchPutScheduledUpdateGroupActionRequest(input *BatchPutS
 // BatchPutScheduledUpdateGroupAction API operation for Auto Scaling.
 //
 // Creates or updates one or more scheduled scaling actions for an Auto Scaling
-// group. If you leave a parameter unspecified when updating a scheduled scaling
+// group.
-// action, the corresponding value remains unchanged.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -3141,6 +3140,12 @@ func (c *AutoScaling) DescribeScalingActivitiesRequest(input *DescribeScalingAct
 //
 // Describes one or more scaling activities for the specified Auto Scaling group.
 //
+// To view the scaling activities from the Amazon EC2 Auto Scaling console,
+// choose the Activity tab of the Auto Scaling group. When scaling events occur,
+// you see scaling activity messages in the Activity history. For more information,
+// see Verifying a scaling activity for an Auto Scaling group (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-verify-scaling-activity.html)
+// in the Amazon EC2 Auto Scaling User Guide.
+//
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
 // the error.
@@ -4751,8 +4756,6 @@ func (c *AutoScaling) PutScheduledUpdateGroupActionRequest(input *PutScheduledUp
 // PutScheduledUpdateGroupAction API operation for Auto Scaling.
 //
 // Creates or updates a scheduled scaling action for an Auto Scaling group.
-// If you leave a parameter unspecified when updating a scheduled scaling action,
-// the corresponding value remains unchanged.
 //
 // For more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html)
 // in the Amazon EC2 Auto Scaling User Guide.
@@ -5698,11 +5701,17 @@ type Activity struct {
 	// ActivityId is a required field
 	ActivityId *string `type:"string" required:"true"`
 
+	// The Amazon Resource Name (ARN) of the Auto Scaling group.
+	AutoScalingGroupARN *string `min:"1" type:"string"`
+
 	// The name of the Auto Scaling group.
 	//
 	// AutoScalingGroupName is a required field
 	AutoScalingGroupName *string `min:"1" type:"string" required:"true"`
 
+	// The state of the Auto Scaling group, which is either InService or Deleted.
+	AutoScalingGroupState *string `min:"1" type:"string"`
+
 	// The reason the activity began.
 	//
 	// Cause is a required field
@@ -5750,12 +5759,24 @@ func (s *Activity) SetActivityId(v string) *Activity {
 	return s
 }
 
+// SetAutoScalingGroupARN sets the AutoScalingGroupARN field's value.
+func (s *Activity) SetAutoScalingGroupARN(v string) *Activity {
+	s.AutoScalingGroupARN = &v
+	return s
+}
+
 // SetAutoScalingGroupName sets the AutoScalingGroupName field's value.
 func (s *Activity) SetAutoScalingGroupName(v string) *Activity {
 	s.AutoScalingGroupName = &v
 	return s
 }
 
+// SetAutoScalingGroupState sets the AutoScalingGroupState field's value.
+func (s *Activity) SetAutoScalingGroupState(v string) *Activity {
+	s.AutoScalingGroupState = &v
+	return s
+}
+
 // SetCause sets the Cause field's value.
 func (s *Activity) SetCause(v string) *Activity {
 	s.Cause = &v
@@ -6624,13 +6645,13 @@ type CreateAutoScalingGroupInput struct {
 	MinSize *int64 `type:"integer" required:"true"`
 
 	// An embedded object that specifies a mixed instances policy. The required
-	// parameters must be specified. If optional parameters are unspecified, their
+	// properties must be specified. If optional properties are unspecified, their
 	// default values are used.
 	//
-	// The policy includes parameters that not only define the distribution of On-Demand
+	// The policy includes properties that not only define the distribution of On-Demand
 	// Instances and Spot Instances, the maximum price to pay for Spot Instances,
 	// and how the Auto Scaling group allocates instance types to fulfill On-Demand
-	// and Spot capacities, but also the parameters that specify the instance configuration
+	// and Spot capacities, but also the properties that specify the instance configuration
 	// information—the launch template and instance types. The policy can also
 	// include a weight for each instance type and different launch templates for
 	// individual instance types. For more information, see Auto Scaling groups
@@ -8991,6 +9012,9 @@ type DescribeScalingActivitiesInput struct {
 	// The name of the Auto Scaling group.
 	AutoScalingGroupName *string `min:"1" type:"string"`
 
+	// Indicates whether to include scaling activity from deleted Auto Scaling groups.
+	IncludeDeletedGroups *bool `type:"boolean"`
+
 	// The maximum number of items to return with this call. The default value is
 	// 100 and the maximum value is 100.
 	MaxRecords *int64 `type:"integer"`
@@ -9035,6 +9059,12 @@ func (s *DescribeScalingActivitiesInput) SetAutoScalingGroupName(v string) *Desc
 	return s
 }
 
+// SetIncludeDeletedGroups sets the IncludeDeletedGroups field's value.
+func (s *DescribeScalingActivitiesInput) SetIncludeDeletedGroups(v bool) *DescribeScalingActivitiesInput {
+	s.IncludeDeletedGroups = &v
+	return s
+}
+
 // SetMaxRecords sets the MaxRecords field's value.
 func (s *DescribeScalingActivitiesInput) SetMaxRecords(v int64) *DescribeScalingActivitiesInput {
 	s.MaxRecords = &v
@@ -11100,11 +11130,12 @@ type InstancesDistribution struct {
 
 	// Indicates how to allocate instance types to fulfill On-Demand capacity. The
 	// only valid value is prioritized, which is also the default value. This strategy
-	// uses the order of instance types in the overrides to define the launch priority
+	// uses the order of instance types in the LaunchTemplateOverrides to define
-	// of each instance type. The first instance type in the array is prioritized
+	// the launch priority of each instance type. The first instance type in the
-	// higher than the last. If all your On-Demand capacity cannot be fulfilled
+	// array is prioritized higher than the last. If all your On-Demand capacity
-	// using your highest priority instance, then the Auto Scaling groups launches
+	// cannot be fulfilled using your highest priority instance, then the Auto Scaling
-	// the remaining capacity using the second priority instance type, and so on.
+	// groups launches the remaining capacity using the second priority instance
+	// type, and so on.
 	OnDemandAllocationStrategy *string `type:"string"`
 
 	// The minimum amount of the Auto Scaling group's capacity that must be fulfilled
@@ -11120,13 +11151,20 @@ type InstancesDistribution struct {
 	// to 100 if not specified. If set to 100, only On-Demand Instances are provisioned.
 	OnDemandPercentageAboveBaseCapacity *int64 `type:"integer"`
 
-	// Indicates how to allocate instances across Spot Instance pools. If the allocation
+	// Indicates how to allocate instances across Spot Instance pools.
-	// strategy is capacity-optimized (recommended), the Auto Scaling group launches
+	//
-	// instances using Spot pools that are optimally chosen based on the available
+	// If the allocation strategy is lowest-price, the Auto Scaling group launches
-	// Spot capacity. If the allocation strategy is lowest-price, the Auto Scaling
+	// instances using the Spot pools with the lowest price, and evenly allocates
-	// group launches instances using the Spot pools with the lowest price, and
+	// your instances across the number of Spot pools that you specify. Defaults
-	// evenly allocates your instances across the number of Spot pools that you
+	// to lowest-price if not specified.
-	// specify. Defaults to lowest-price if not specified.
+	//
+	// If the allocation strategy is capacity-optimized (recommended), the Auto
+	// Scaling group launches instances using Spot pools that are optimally chosen
+	// based on the available Spot capacity. Alternatively, you can use capacity-optimized-prioritized
+	// and set the order of instance types in the list of launch template overrides
+	// from highest to lowest priority (from first to last in the list). Amazon
+	// EC2 Auto Scaling honors the instance type priorities on a best-effort basis
+	// but optimizes for capacity first.
 	SpotAllocationStrategy *string `type:"string"`
 
 	// The number of Spot Instance pools across which to allocate your Spot Instances.
@@ -11449,7 +11487,7 @@ func (s *LaunchConfiguration) SetUserData(v string) *LaunchConfiguration {
 
 // Describes a launch template and overrides.
 //
-// You specify these parameters as part of a mixed instances policy.
+// You specify these properties as part of a mixed instances policy.
 //
 // When you update the launch template or overrides, existing Amazon EC2 instances
 // continue to run. When scale out occurs, Amazon EC2 Auto Scaling launches
@@ -11461,7 +11499,7 @@ type LaunchTemplate struct {
 	// The launch template to use.
 	LaunchTemplateSpecification *LaunchTemplateSpecification `type:"structure"`
 
-	// Any parameters that you specify override the same parameters in the launch
+	// Any properties that you specify override the same properties in the launch
 	// template. If not provided, Amazon EC2 Auto Scaling uses the instance type
 	// specified in the launch template when it launches an instance.
 	Overrides []*LaunchTemplateOverrides `type:"list"`
@@ -12200,13 +12238,13 @@ func (s *MetricGranularityType) SetGranularity(v string) *MetricGranularityType
 //
 // You can create a mixed instances policy for a new Auto Scaling group, or
 // you can create it for an existing group by updating the group to specify
-// MixedInstancesPolicy as the top-level parameter instead of a launch configuration
+// MixedInstancesPolicy as the top-level property instead of a launch configuration
 // or launch template.
 type MixedInstancesPolicy struct {
 	_ struct{} `type:"structure"`
 
 	// Specifies the instances distribution. If not provided, the value for each
-	// parameter in InstancesDistribution uses a default value.
+	// property in InstancesDistribution uses a default value.
 	InstancesDistribution *InstancesDistribution `type:"structure"`
 
 	// Specifies the launch template to use and optionally the instance types (overrides)
@@ -12986,8 +13024,7 @@ type PutScheduledUpdateGroupActionInput struct {
 	// scale beyond this capacity if you add more scaling conditions.
 	DesiredCapacity *int64 `type:"integer"`
 
-	// The date and time for the recurring schedule to end. Amazon EC2 Auto Scaling
+	// The date and time for the recurring schedule to end, in UTC.
-	// does not perform the action after this time.
 	EndTime *time.Time `type:"timestamp"`
 
 	// The maximum size of the Auto Scaling group.
@@ -12996,14 +13033,15 @@ type PutScheduledUpdateGroupActionInput struct {
 	// The minimum size of the Auto Scaling group.
 	MinSize *int64 `type:"integer"`
 
-	// The recurring schedule for this action, in Unix cron syntax format. This
+	// The recurring schedule for this action. This format consists of five fields
-	// format consists of five fields separated by white spaces: [Minute] [Hour]
+	// separated by white spaces: [Minute] [Hour] [Day_of_Month] [Month_of_Year]
-	// [Day_of_Month] [Month_of_Year] [Day_of_Week]. The value must be in quotes
+	// [Day_of_Week]. The value must be in quotes (for example, "30 0 1 1,6,12 *").
-	// (for example, "30 0 1 1,6,12 *"). For more information about this format,
+	// For more information about this format, see Crontab (http://crontab.org).
-	// see Crontab (http://crontab.org).
 	//
 	// When StartTime and EndTime are specified with Recurrence, they form the boundaries
 	// of when the recurring action starts and stops.
+	//
+	// Cron expressions use Universal Coordinated Time (UTC) by default.
 	Recurrence *string `min:"1" type:"string"`
 
 	// The name of this scaling action.
@@ -13024,6 +13062,15 @@ type PutScheduledUpdateGroupActionInput struct {
 
 	// This parameter is no longer used.
 	Time *time.Time `type:"timestamp"`
+
+	// Specifies the time zone for a cron expression. If a time zone is not provided,
+	// UTC is used by default.
+	//
+	// Valid values are the canonical names of the IANA time zones, derived from
+	// the IANA Time Zone Database (such as Etc/GMT+9 or Pacific/Tahiti). For more
+	// information, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+	// (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
+	TimeZone *string `min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -13054,6 +13101,9 @@ func (s *PutScheduledUpdateGroupActionInput) Validate() error {
 	if s.ScheduledActionName != nil && len(*s.ScheduledActionName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ScheduledActionName", 1))
 	}
+	if s.TimeZone != nil && len(*s.TimeZone) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TimeZone", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -13115,6 +13165,12 @@ func (s *PutScheduledUpdateGroupActionInput) SetTime(v time.Time) *PutScheduledU
 	return s
 }
 
+// SetTimeZone sets the TimeZone field's value.
+func (s *PutScheduledUpdateGroupActionInput) SetTimeZone(v string) *PutScheduledUpdateGroupActionInput {
+	s.TimeZone = &v
+	return s
+}
+
 type PutScheduledUpdateGroupActionOutput struct {
 	_ struct{} `type:"structure"`
 }
@@ -13555,6 +13611,9 @@ type ScheduledUpdateGroupAction struct {
 
 	// This parameter is no longer used.
 	Time *time.Time `type:"timestamp"`
+
+	// The time zone for the cron expression.
+	TimeZone *string `min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -13627,11 +13686,14 @@ func (s *ScheduledUpdateGroupAction) SetTime(v time.Time) *ScheduledUpdateGroupA
 	return s
 }
 
+// SetTimeZone sets the TimeZone field's value.
+func (s *ScheduledUpdateGroupAction) SetTimeZone(v string) *ScheduledUpdateGroupAction {
+	s.TimeZone = &v
+	return s
+}
+
 // Describes information used for one or more scheduled scaling action updates
 // in a BatchPutScheduledUpdateGroupAction operation.
-//
-// When updating a scheduled scaling action, all optional parameters are left
-// unchanged if not specified.
 type ScheduledUpdateGroupActionRequest struct {
 	_ struct{} `type:"structure"`
 
@@ -13639,8 +13701,7 @@ type ScheduledUpdateGroupActionRequest struct {
 	// the scheduled action runs and the capacity it attempts to maintain.
 	DesiredCapacity *int64 `type:"integer"`
 
-	// The date and time for the recurring schedule to end. Amazon EC2 Auto Scaling
+	// The date and time for the recurring schedule to end, in UTC.
-	// does not perform the action after this time.
 	EndTime *time.Time `type:"timestamp"`
 
 	// The maximum size of the Auto Scaling group.
@@ -13656,6 +13717,8 @@ type ScheduledUpdateGroupActionRequest struct {
 	//
 	// When StartTime and EndTime are specified with Recurrence, they form the boundaries
 	// of when the recurring action starts and stops.
+	//
+	// Cron expressions use Universal Coordinated Time (UTC) by default.
 	Recurrence *string `min:"1" type:"string"`
 
 	// The name of the scaling action.
@@ -13673,6 +13736,15 @@ type ScheduledUpdateGroupActionRequest struct {
 	// If you try to schedule the action in the past, Amazon EC2 Auto Scaling returns
 	// an error message.
 	StartTime *time.Time `type:"timestamp"`
+
+	// Specifies the time zone for a cron expression. If a time zone is not provided,
+	// UTC is used by default.
+	//
+	// Valid values are the canonical names of the IANA time zones, derived from
+	// the IANA Time Zone Database (such as Etc/GMT+9 or Pacific/Tahiti). For more
+	// information, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+	// (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
+	TimeZone *string `min:"1" type:"string"`
 }
 
 // String returns the string representation
@@ -13697,6 +13769,9 @@ func (s *ScheduledUpdateGroupActionRequest) Validate() error {
 	if s.ScheduledActionName != nil && len(*s.ScheduledActionName) < 1 {
 		invalidParams.Add(request.NewErrParamMinLen("ScheduledActionName", 1))
 	}
+	if s.TimeZone != nil && len(*s.TimeZone) < 1 {
+		invalidParams.Add(request.NewErrParamMinLen("TimeZone", 1))
+	}
 
 	if invalidParams.Len() > 0 {
 		return invalidParams
@@ -13746,6 +13821,12 @@ func (s *ScheduledUpdateGroupActionRequest) SetStartTime(v time.Time) *Scheduled
 	return s
 }
 
+// SetTimeZone sets the TimeZone field's value.
+func (s *ScheduledUpdateGroupActionRequest) SetTimeZone(v string) *ScheduledUpdateGroupActionRequest {
+	s.TimeZone = &v
+	return s
+}
+
 type SetDesiredCapacityInput struct {
 	_ struct{} `type:"structure"`
 
@@ -14622,7 +14703,7 @@ type UpdateAutoScalingGroupInput struct {
 	MinSize *int64 `type:"integer"`
 
 	// An embedded object that specifies a mixed instances policy. When you make
-	// changes to an existing policy, all optional parameters are left unchanged
+	// changes to an existing policy, all optional properties are left unchanged
 	// if not specified. For more information, see Auto Scaling groups with multiple
 	// instance types and purchase options (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-purchase-options.html)
 	// in the Amazon EC2 Auto Scaling User Guide.

vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go

@@ -4,8 +4,14 @@
 // requests to Amazon Elastic Compute Cloud.
 //
 // Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing
-// capacity in the AWS cloud. Using Amazon EC2 eliminates the need to invest
+// capacity in the AWS Cloud. Using Amazon EC2 eliminates the need to invest
 // in hardware up front, so you can develop and deploy applications faster.
+// Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically
+// isolated section of the AWS Cloud where you can launch AWS resources in a
+// virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS)
+// provides block level storage volumes for use with EC2 instances. EBS volumes
+// are highly available and reliable storage volumes that can be attached to
+// any running instance and used like a hard drive.
 //
 // To learn more, see the following resources:
 //
@@ -13,7 +19,7 @@
 //    EC2 documentation (http://aws.amazon.com/documentation/ec2)
 //
 //    * Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
-//    EBS documentation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html)
+//    EBS documentation (http://aws.amazon.com/documentation/ebs)
 //
 //    * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
 //    VPC documentation (http://aws.amazon.com/documentation/vpc)

vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go

@@ -712,6 +712,13 @@ type EC2API interface {
 	DescribeAddressesWithContext(aws.Context, *ec2.DescribeAddressesInput, ...request.Option) (*ec2.DescribeAddressesOutput, error)
 	DescribeAddressesRequest(*ec2.DescribeAddressesInput) (*request.Request, *ec2.DescribeAddressesOutput)
 
+	DescribeAddressesAttribute(*ec2.DescribeAddressesAttributeInput) (*ec2.DescribeAddressesAttributeOutput, error)
+	DescribeAddressesAttributeWithContext(aws.Context, *ec2.DescribeAddressesAttributeInput, ...request.Option) (*ec2.DescribeAddressesAttributeOutput, error)
+	DescribeAddressesAttributeRequest(*ec2.DescribeAddressesAttributeInput) (*request.Request, *ec2.DescribeAddressesAttributeOutput)
+
+	DescribeAddressesAttributePages(*ec2.DescribeAddressesAttributeInput, func(*ec2.DescribeAddressesAttributeOutput, bool) bool) error
+	DescribeAddressesAttributePagesWithContext(aws.Context, *ec2.DescribeAddressesAttributeInput, func(*ec2.DescribeAddressesAttributeOutput, bool) bool, ...request.Option) error
+
 	DescribeAggregateIdFormat(*ec2.DescribeAggregateIdFormatInput) (*ec2.DescribeAggregateIdFormatOutput, error)
 	DescribeAggregateIdFormatWithContext(aws.Context, *ec2.DescribeAggregateIdFormatInput, ...request.Option) (*ec2.DescribeAggregateIdFormatOutput, error)
 	DescribeAggregateIdFormatRequest(*ec2.DescribeAggregateIdFormatInput) (*request.Request, *ec2.DescribeAggregateIdFormatOutput)
@@ -1691,6 +1698,10 @@ type EC2API interface {
 	ImportVolumeWithContext(aws.Context, *ec2.ImportVolumeInput, ...request.Option) (*ec2.ImportVolumeOutput, error)
 	ImportVolumeRequest(*ec2.ImportVolumeInput) (*request.Request, *ec2.ImportVolumeOutput)
 
+	ModifyAddressAttribute(*ec2.ModifyAddressAttributeInput) (*ec2.ModifyAddressAttributeOutput, error)
+	ModifyAddressAttributeWithContext(aws.Context, *ec2.ModifyAddressAttributeInput, ...request.Option) (*ec2.ModifyAddressAttributeOutput, error)
+	ModifyAddressAttributeRequest(*ec2.ModifyAddressAttributeInput) (*request.Request, *ec2.ModifyAddressAttributeOutput)
+
 	ModifyAvailabilityZoneGroup(*ec2.ModifyAvailabilityZoneGroupInput) (*ec2.ModifyAvailabilityZoneGroupOutput, error)
 	ModifyAvailabilityZoneGroupWithContext(aws.Context, *ec2.ModifyAvailabilityZoneGroupInput, ...request.Option) (*ec2.ModifyAvailabilityZoneGroupOutput, error)
 	ModifyAvailabilityZoneGroupRequest(*ec2.ModifyAvailabilityZoneGroupInput) (*request.Request, *ec2.ModifyAvailabilityZoneGroupOutput)
@@ -1971,6 +1982,10 @@ type EC2API interface {
 	RequestSpotInstancesWithContext(aws.Context, *ec2.RequestSpotInstancesInput, ...request.Option) (*ec2.RequestSpotInstancesOutput, error)
 	RequestSpotInstancesRequest(*ec2.RequestSpotInstancesInput) (*request.Request, *ec2.RequestSpotInstancesOutput)
 
+	ResetAddressAttribute(*ec2.ResetAddressAttributeInput) (*ec2.ResetAddressAttributeOutput, error)
+	ResetAddressAttributeWithContext(aws.Context, *ec2.ResetAddressAttributeInput, ...request.Option) (*ec2.ResetAddressAttributeOutput, error)
+	ResetAddressAttributeRequest(*ec2.ResetAddressAttributeInput) (*request.Request, *ec2.ResetAddressAttributeOutput)
+
 	ResetEbsDefaultKmsKeyId(*ec2.ResetEbsDefaultKmsKeyIdInput) (*ec2.ResetEbsDefaultKmsKeyIdOutput, error)
 	ResetEbsDefaultKmsKeyIdWithContext(aws.Context, *ec2.ResetEbsDefaultKmsKeyIdInput, ...request.Option) (*ec2.ResetEbsDefaultKmsKeyIdOutput, error)
 	ResetEbsDefaultKmsKeyIdRequest(*ec2.ResetEbsDefaultKmsKeyIdInput) (*request.Request, *ec2.ResetEbsDefaultKmsKeyIdOutput)

vendor/github.com/aws/aws-sdk-go/service/elbv2/api.go

@@ -245,7 +245,7 @@ func (c *ELBV2) CreateListenerRequest(input *CreateListenerInput) (req *request.
 // CreateListener API operation for Elastic Load Balancing.
 //
 // Creates a listener for the specified Application Load Balancer, Network Load
-// Balancer. or Gateway Load Balancer.
+// Balancer, or Gateway Load Balancer.
 //
 // For more information, see the following:
 //
@@ -4672,10 +4672,10 @@ type CreateTargetGroupInput struct {
 	HealthCheckEnabled *bool `type:"boolean"`
 
 	// The approximate amount of time, in seconds, between health checks of an individual
-	// target. For TCP health checks, the supported values are 10 and 30 seconds.
+	// target. If the target group protocol is TCP, TLS, UDP, or TCP_UDP, the supported
-	// If the target type is instance or ip, the default is 30 seconds. If the target
+	// values are 10 and 30 seconds. If the target group protocol is HTTP or HTTPS,
-	// group protocol is GENEVE, the default is 10 seconds. If the target type is
+	// the default is 30 seconds. If the target group protocol is GENEVE, the default
-	// lambda, the default is 35 seconds.
+	// is 10 seconds. If the target type is lambda, the default is 35 seconds.
 	HealthCheckIntervalSeconds *int64 `min:"5" type:"integer"`
 
 	// [HTTP/HTTPS health checks] The destination for health checks on the targets.
@@ -6804,7 +6804,9 @@ type LoadBalancerState struct {
 
 	// The state code. The initial state of the load balancer is provisioning. After
 	// the load balancer is fully set up and ready to route traffic, its state is
-	// active. If the load balancer could not be set up, its state is failed.
+	// active. If load balancer is routing traffic but does not have the resources
+	// it needs to scale, its state isactive_impaired. If the load balancer could
+	// not be set up, its state is failed.
 	Code *string `type:"string" enum:"LoadBalancerStateEnum"`
 
 	// A description of the state.
@@ -8963,8 +8965,8 @@ type TargetGroupAttribute struct {
 	//    The value is true or false. The default is false.
 	//
 	//    * stickiness.type - The type of sticky sessions. The possible values are
-	//    lb_cookie for Application Load Balancers or source_ip for Network Load
+	//    lb_cookie and app_cookie for Application Load Balancers or source_ip for
-	//    Balancers.
+	//    Network Load Balancers.
 	//
 	// The following attributes are supported only if the load balancer is an Application
 	// Load Balancer and the target is an instance or an IP address:
@@ -8979,6 +8981,16 @@ type TargetGroupAttribute struct {
 	//    its full share of traffic. The range is 30-900 seconds (15 minutes). The
 	//    default is 0 seconds (disabled).
 	//
+	//    * stickiness.app_cookie.cookie_name - Indicates the name of the application-based
+	//    cookie. Names that start with the following names are not allowed: AWSALB,
+	//    AWSALBAPP, and AWSALBTG. They're reserved for use by the load balancer.
+	//
+	//    * stickiness.app_cookie.duration_seconds - The time period, in seconds,
+	//    during which requests from a client should be routed to the same target.
+	//    After this time period expires, the application-based cookie is considered
+	//    stale. The range is 1 second to 1 week (604800 seconds). The default value
+	//    is 1 day (86400 seconds).
+	//
 	//    * stickiness.lb_cookie.duration_seconds - The time period, in seconds,
 	//    during which requests from a client should be routed to the same target.
 	//    After this time period expires, the load balancer-generated cookie is
@@ -9001,6 +9013,12 @@ type TargetGroupAttribute struct {
 	//    the load balancer terminates connections at the end of the deregistration
 	//    timeout. The value is true or false. The default is false.
 	//
+	//    * preserve_client_ip.enabled - Indicates whether client IP preservation
+	//    is enabled. The value is true or false. The default is disabled if the
+	//    target group type is IP address and the target group protocol is TCP or
+	//    TLS. Otherwise, the default is enabled. Client IP preservation cannot
+	//    be disabled for UDP and TCP_UDP target groups.
+	//
 	//    * proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version
 	//    2 is enabled. The value is true or false. The default is false.
 	Key *string `type:"string"`

vendor/github.com/aws/aws-sdk-go/service/iam/errors.go

@@ -17,7 +17,7 @@ const (
 	//
 	// The request was rejected because the most recent credential report has expired.
 	// To generate a new credential report, use GenerateCredentialReport. For more
-	// information about credential report expiration, see Getting Credential Reports
+	// information about credential report expiration, see Getting credential reports
 	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
 	// in the IAM User Guide.
 	ErrCodeCredentialReportExpiredException = "ReportExpired"
@@ -117,8 +117,7 @@ const (
 	// "LimitExceeded".
 	//
 	// The request was rejected because it attempted to create resources beyond
-	// the current AWS account limitations. The error message describes the limit
+	// the current AWS account limits. The error message describes the limit exceeded.
-	// exceeded.
 	ErrCodeLimitExceededException = "LimitExceeded"
 
 	// ErrCodeMalformedCertificateException for service response error code

vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go

@@ -437,6 +437,10 @@ type IAMAPI interface {
 	ListGroupsForUserPages(*iam.ListGroupsForUserInput, func(*iam.ListGroupsForUserOutput, bool) bool) error
 	ListGroupsForUserPagesWithContext(aws.Context, *iam.ListGroupsForUserInput, func(*iam.ListGroupsForUserOutput, bool) bool, ...request.Option) error
 
+	ListInstanceProfileTags(*iam.ListInstanceProfileTagsInput) (*iam.ListInstanceProfileTagsOutput, error)
+	ListInstanceProfileTagsWithContext(aws.Context, *iam.ListInstanceProfileTagsInput, ...request.Option) (*iam.ListInstanceProfileTagsOutput, error)
+	ListInstanceProfileTagsRequest(*iam.ListInstanceProfileTagsInput) (*request.Request, *iam.ListInstanceProfileTagsOutput)
+
 	ListInstanceProfiles(*iam.ListInstanceProfilesInput) (*iam.ListInstanceProfilesOutput, error)
 	ListInstanceProfilesWithContext(aws.Context, *iam.ListInstanceProfilesInput, ...request.Option) (*iam.ListInstanceProfilesOutput, error)
 	ListInstanceProfilesRequest(*iam.ListInstanceProfilesInput) (*request.Request, *iam.ListInstanceProfilesOutput)
@@ -451,6 +455,10 @@ type IAMAPI interface {
 	ListInstanceProfilesForRolePages(*iam.ListInstanceProfilesForRoleInput, func(*iam.ListInstanceProfilesForRoleOutput, bool) bool) error
 	ListInstanceProfilesForRolePagesWithContext(aws.Context, *iam.ListInstanceProfilesForRoleInput, func(*iam.ListInstanceProfilesForRoleOutput, bool) bool, ...request.Option) error
 
+	ListMFADeviceTags(*iam.ListMFADeviceTagsInput) (*iam.ListMFADeviceTagsOutput, error)
+	ListMFADeviceTagsWithContext(aws.Context, *iam.ListMFADeviceTagsInput, ...request.Option) (*iam.ListMFADeviceTagsOutput, error)
+	ListMFADeviceTagsRequest(*iam.ListMFADeviceTagsInput) (*request.Request, *iam.ListMFADeviceTagsOutput)
+
 	ListMFADevices(*iam.ListMFADevicesInput) (*iam.ListMFADevicesOutput, error)
 	ListMFADevicesWithContext(aws.Context, *iam.ListMFADevicesInput, ...request.Option) (*iam.ListMFADevicesOutput, error)
 	ListMFADevicesRequest(*iam.ListMFADevicesInput) (*request.Request, *iam.ListMFADevicesOutput)
@@ -458,6 +466,10 @@ type IAMAPI interface {
 	ListMFADevicesPages(*iam.ListMFADevicesInput, func(*iam.ListMFADevicesOutput, bool) bool) error
 	ListMFADevicesPagesWithContext(aws.Context, *iam.ListMFADevicesInput, func(*iam.ListMFADevicesOutput, bool) bool, ...request.Option) error
 
+	ListOpenIDConnectProviderTags(*iam.ListOpenIDConnectProviderTagsInput) (*iam.ListOpenIDConnectProviderTagsOutput, error)
+	ListOpenIDConnectProviderTagsWithContext(aws.Context, *iam.ListOpenIDConnectProviderTagsInput, ...request.Option) (*iam.ListOpenIDConnectProviderTagsOutput, error)
+	ListOpenIDConnectProviderTagsRequest(*iam.ListOpenIDConnectProviderTagsInput) (*request.Request, *iam.ListOpenIDConnectProviderTagsOutput)
+
 	ListOpenIDConnectProviders(*iam.ListOpenIDConnectProvidersInput) (*iam.ListOpenIDConnectProvidersOutput, error)
 	ListOpenIDConnectProvidersWithContext(aws.Context, *iam.ListOpenIDConnectProvidersInput, ...request.Option) (*iam.ListOpenIDConnectProvidersOutput, error)
 	ListOpenIDConnectProvidersRequest(*iam.ListOpenIDConnectProvidersInput) (*request.Request, *iam.ListOpenIDConnectProvidersOutput)
@@ -473,6 +485,10 @@ type IAMAPI interface {
 	ListPoliciesGrantingServiceAccessWithContext(aws.Context, *iam.ListPoliciesGrantingServiceAccessInput, ...request.Option) (*iam.ListPoliciesGrantingServiceAccessOutput, error)
 	ListPoliciesGrantingServiceAccessRequest(*iam.ListPoliciesGrantingServiceAccessInput) (*request.Request, *iam.ListPoliciesGrantingServiceAccessOutput)
 
+	ListPolicyTags(*iam.ListPolicyTagsInput) (*iam.ListPolicyTagsOutput, error)
+	ListPolicyTagsWithContext(aws.Context, *iam.ListPolicyTagsInput, ...request.Option) (*iam.ListPolicyTagsOutput, error)
+	ListPolicyTagsRequest(*iam.ListPolicyTagsInput) (*request.Request, *iam.ListPolicyTagsOutput)
+
 	ListPolicyVersions(*iam.ListPolicyVersionsInput) (*iam.ListPolicyVersionsOutput, error)
 	ListPolicyVersionsWithContext(aws.Context, *iam.ListPolicyVersionsInput, ...request.Option) (*iam.ListPolicyVersionsOutput, error)
 	ListPolicyVersionsRequest(*iam.ListPolicyVersionsInput) (*request.Request, *iam.ListPolicyVersionsOutput)
@@ -498,6 +514,10 @@ type IAMAPI interface {
 	ListRolesPages(*iam.ListRolesInput, func(*iam.ListRolesOutput, bool) bool) error
 	ListRolesPagesWithContext(aws.Context, *iam.ListRolesInput, func(*iam.ListRolesOutput, bool) bool, ...request.Option) error
 
+	ListSAMLProviderTags(*iam.ListSAMLProviderTagsInput) (*iam.ListSAMLProviderTagsOutput, error)
+	ListSAMLProviderTagsWithContext(aws.Context, *iam.ListSAMLProviderTagsInput, ...request.Option) (*iam.ListSAMLProviderTagsOutput, error)
+	ListSAMLProviderTagsRequest(*iam.ListSAMLProviderTagsInput) (*request.Request, *iam.ListSAMLProviderTagsOutput)
+
 	ListSAMLProviders(*iam.ListSAMLProvidersInput) (*iam.ListSAMLProvidersOutput, error)
 	ListSAMLProvidersWithContext(aws.Context, *iam.ListSAMLProvidersInput, ...request.Option) (*iam.ListSAMLProvidersOutput, error)
 	ListSAMLProvidersRequest(*iam.ListSAMLProvidersInput) (*request.Request, *iam.ListSAMLProvidersOutput)
@@ -509,6 +529,10 @@ type IAMAPI interface {
 	ListSSHPublicKeysPages(*iam.ListSSHPublicKeysInput, func(*iam.ListSSHPublicKeysOutput, bool) bool) error
 	ListSSHPublicKeysPagesWithContext(aws.Context, *iam.ListSSHPublicKeysInput, func(*iam.ListSSHPublicKeysOutput, bool) bool, ...request.Option) error
 
+	ListServerCertificateTags(*iam.ListServerCertificateTagsInput) (*iam.ListServerCertificateTagsOutput, error)
+	ListServerCertificateTagsWithContext(aws.Context, *iam.ListServerCertificateTagsInput, ...request.Option) (*iam.ListServerCertificateTagsOutput, error)
+	ListServerCertificateTagsRequest(*iam.ListServerCertificateTagsInput) (*request.Request, *iam.ListServerCertificateTagsOutput)
+
 	ListServerCertificates(*iam.ListServerCertificatesInput) (*iam.ListServerCertificatesOutput, error)
 	ListServerCertificatesWithContext(aws.Context, *iam.ListServerCertificatesInput, ...request.Option) (*iam.ListServerCertificatesOutput, error)
 	ListServerCertificatesRequest(*iam.ListServerCertificatesInput) (*request.Request, *iam.ListServerCertificatesOutput)
@@ -614,18 +638,66 @@ type IAMAPI interface {
 	SimulatePrincipalPolicyPages(*iam.SimulatePrincipalPolicyInput, func(*iam.SimulatePolicyResponse, bool) bool) error
 	SimulatePrincipalPolicyPagesWithContext(aws.Context, *iam.SimulatePrincipalPolicyInput, func(*iam.SimulatePolicyResponse, bool) bool, ...request.Option) error
 
+	TagInstanceProfile(*iam.TagInstanceProfileInput) (*iam.TagInstanceProfileOutput, error)
+	TagInstanceProfileWithContext(aws.Context, *iam.TagInstanceProfileInput, ...request.Option) (*iam.TagInstanceProfileOutput, error)
+	TagInstanceProfileRequest(*iam.TagInstanceProfileInput) (*request.Request, *iam.TagInstanceProfileOutput)
+
+	TagMFADevice(*iam.TagMFADeviceInput) (*iam.TagMFADeviceOutput, error)
+	TagMFADeviceWithContext(aws.Context, *iam.TagMFADeviceInput, ...request.Option) (*iam.TagMFADeviceOutput, error)
+	TagMFADeviceRequest(*iam.TagMFADeviceInput) (*request.Request, *iam.TagMFADeviceOutput)
+
+	TagOpenIDConnectProvider(*iam.TagOpenIDConnectProviderInput) (*iam.TagOpenIDConnectProviderOutput, error)
+	TagOpenIDConnectProviderWithContext(aws.Context, *iam.TagOpenIDConnectProviderInput, ...request.Option) (*iam.TagOpenIDConnectProviderOutput, error)
+	TagOpenIDConnectProviderRequest(*iam.TagOpenIDConnectProviderInput) (*request.Request, *iam.TagOpenIDConnectProviderOutput)
+
+	TagPolicy(*iam.TagPolicyInput) (*iam.TagPolicyOutput, error)
+	TagPolicyWithContext(aws.Context, *iam.TagPolicyInput, ...request.Option) (*iam.TagPolicyOutput, error)
+	TagPolicyRequest(*iam.TagPolicyInput) (*request.Request, *iam.TagPolicyOutput)
+
 	TagRole(*iam.TagRoleInput) (*iam.TagRoleOutput, error)
 	TagRoleWithContext(aws.Context, *iam.TagRoleInput, ...request.Option) (*iam.TagRoleOutput, error)
 	TagRoleRequest(*iam.TagRoleInput) (*request.Request, *iam.TagRoleOutput)
 
+	TagSAMLProvider(*iam.TagSAMLProviderInput) (*iam.TagSAMLProviderOutput, error)
+	TagSAMLProviderWithContext(aws.Context, *iam.TagSAMLProviderInput, ...request.Option) (*iam.TagSAMLProviderOutput, error)
+	TagSAMLProviderRequest(*iam.TagSAMLProviderInput) (*request.Request, *iam.TagSAMLProviderOutput)
+
+	TagServerCertificate(*iam.TagServerCertificateInput) (*iam.TagServerCertificateOutput, error)
+	TagServerCertificateWithContext(aws.Context, *iam.TagServerCertificateInput, ...request.Option) (*iam.TagServerCertificateOutput, error)
+	TagServerCertificateRequest(*iam.TagServerCertificateInput) (*request.Request, *iam.TagServerCertificateOutput)
+
 	TagUser(*iam.TagUserInput) (*iam.TagUserOutput, error)
 	TagUserWithContext(aws.Context, *iam.TagUserInput, ...request.Option) (*iam.TagUserOutput, error)
 	TagUserRequest(*iam.TagUserInput) (*request.Request, *iam.TagUserOutput)
 
+	UntagInstanceProfile(*iam.UntagInstanceProfileInput) (*iam.UntagInstanceProfileOutput, error)
+	UntagInstanceProfileWithContext(aws.Context, *iam.UntagInstanceProfileInput, ...request.Option) (*iam.UntagInstanceProfileOutput, error)
+	UntagInstanceProfileRequest(*iam.UntagInstanceProfileInput) (*request.Request, *iam.UntagInstanceProfileOutput)
+
+	UntagMFADevice(*iam.UntagMFADeviceInput) (*iam.UntagMFADeviceOutput, error)
+	UntagMFADeviceWithContext(aws.Context, *iam.UntagMFADeviceInput, ...request.Option) (*iam.UntagMFADeviceOutput, error)
+	UntagMFADeviceRequest(*iam.UntagMFADeviceInput) (*request.Request, *iam.UntagMFADeviceOutput)
+
+	UntagOpenIDConnectProvider(*iam.UntagOpenIDConnectProviderInput) (*iam.UntagOpenIDConnectProviderOutput, error)
+	UntagOpenIDConnectProviderWithContext(aws.Context, *iam.UntagOpenIDConnectProviderInput, ...request.Option) (*iam.UntagOpenIDConnectProviderOutput, error)
+	UntagOpenIDConnectProviderRequest(*iam.UntagOpenIDConnectProviderInput) (*request.Request, *iam.UntagOpenIDConnectProviderOutput)
+
+	UntagPolicy(*iam.UntagPolicyInput) (*iam.UntagPolicyOutput, error)
+	UntagPolicyWithContext(aws.Context, *iam.UntagPolicyInput, ...request.Option) (*iam.UntagPolicyOutput, error)
+	UntagPolicyRequest(*iam.UntagPolicyInput) (*request.Request, *iam.UntagPolicyOutput)
+
 	UntagRole(*iam.UntagRoleInput) (*iam.UntagRoleOutput, error)
 	UntagRoleWithContext(aws.Context, *iam.UntagRoleInput, ...request.Option) (*iam.UntagRoleOutput, error)
 	UntagRoleRequest(*iam.UntagRoleInput) (*request.Request, *iam.UntagRoleOutput)
 
+	UntagSAMLProvider(*iam.UntagSAMLProviderInput) (*iam.UntagSAMLProviderOutput, error)
+	UntagSAMLProviderWithContext(aws.Context, *iam.UntagSAMLProviderInput, ...request.Option) (*iam.UntagSAMLProviderOutput, error)
+	UntagSAMLProviderRequest(*iam.UntagSAMLProviderInput) (*request.Request, *iam.UntagSAMLProviderOutput)
+
+	UntagServerCertificate(*iam.UntagServerCertificateInput) (*iam.UntagServerCertificateOutput, error)
+	UntagServerCertificateWithContext(aws.Context, *iam.UntagServerCertificateInput, ...request.Option) (*iam.UntagServerCertificateOutput, error)
+	UntagServerCertificateRequest(*iam.UntagServerCertificateInput) (*request.Request, *iam.UntagServerCertificateOutput)
+
 	UntagUser(*iam.UntagUserInput) (*iam.UntagUserOutput, error)
 	UntagUserWithContext(aws.Context, *iam.UntagUserInput, ...request.Option) (*iam.UntagUserOutput, error)
 	UntagUserRequest(*iam.UntagUserInput) (*request.Request, *iam.UntagUserOutput)

vendor/github.com/aws/aws-sdk-go/service/route53/api.go

@@ -57,7 +57,7 @@ func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput
 
 // ActivateKeySigningKey API operation for Amazon Route 53.
 //
-// Activates a key signing key (KSK) so that it can be used for signing by DNSSEC.
+// Activates a key-signing key (KSK) so that it can be used for signing by DNSSEC.
 // This operation changes the KSK status to ACTIVE.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -73,10 +73,10 @@ func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput
 //   at the same time that you did. Retry the request.
 //
 //   * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
-//   The specified key signing key (KSK) doesn't exist.
+//   The specified key-signing key (KSK) doesn't exist.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 //   * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
@@ -884,7 +884,7 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r
 
 // CreateKeySigningKey API operation for Amazon Route 53.
 //
-// Creates a new key signing key (KSK) associated with a hosted zone. You can
+// Creates a new key-signing key (KSK) associated with a hosted zone. You can
 // only have two KSKs per hosted zone.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -909,7 +909,7 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r
 //   signing.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 //   * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
@@ -917,14 +917,14 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r
 //   change the status to enable DNSSEC or disable DNSSEC.
 //
 //   * ErrCodeInvalidKeySigningKeyName "InvalidKeySigningKeyName"
-//   The key signing key (KSK) name that you specified isn't a valid name.
+//   The key-signing key (KSK) name that you specified isn't a valid name.
 //
 //   * ErrCodeKeySigningKeyAlreadyExists "KeySigningKeyAlreadyExists"
-//   You've already created a key signing key (KSK) with this name or with the
+//   You've already created a key-signing key (KSK) with this name or with the
-//   same customer managed key (CMK) ARN.
+//   same customer managed customer master key (CMK) ARN.
 //
 //   * ErrCodeTooManyKeySigningKeys "TooManyKeySigningKeys"
-//   You've reached the limit for the number of key signing keys (KSKs). Remove
+//   You've reached the limit for the number of key-signing keys (KSKs). Remove
 //   at least one KSK, and then try again.
 //
 //   * ErrCodeConcurrentModification "ConcurrentModification"
@@ -1780,7 +1780,7 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI
 
 // DeactivateKeySigningKey API operation for Amazon Route 53.
 //
-// Deactivates a key signing key (KSK) so that it will not be used for signing
+// Deactivates a key-signing key (KSK) so that it will not be used for signing
 // by DNSSEC. This operation changes the KSK status to INACTIVE.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1796,10 +1796,10 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI
 //   at the same time that you did. Retry the request.
 //
 //   * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
-//   The specified key signing key (KSK) doesn't exist.
+//   The specified key-signing key (KSK) doesn't exist.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 //   * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
@@ -1807,12 +1807,12 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI
 //   change the status to enable DNSSEC or disable DNSSEC.
 //
 //   * ErrCodeKeySigningKeyInUse "KeySigningKeyInUse"
-//   The key signing key (KSK) that you specified can't be deactivated because
+//   The key-signing key (KSK) that you specified can't be deactivated because
 //   it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing,
 //   or add or enable another KSK.
 //
 //   * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord"
-//   The key signing key (KSK) is specified in a parent DS record.
+//   The key-signing key (KSK) is specified in a parent DS record.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey
 func (c *Route53) DeactivateKeySigningKey(input *DeactivateKeySigningKeyInput) (*DeactivateKeySigningKeyOutput, error) {
@@ -2120,7 +2120,7 @@ func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (r
 
 // DeleteKeySigningKey API operation for Amazon Route 53.
 //
-// Deletes a key signing key (KSK). Before you can delete a KSK, you must deactivate
+// Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate
 // it. The KSK must be deactived before you can delete it regardless of whether
 // the hosted zone is enabled for DNSSEC signing.
 //
@@ -2137,10 +2137,10 @@ func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (r
 //   at the same time that you did. Retry the request.
 //
 //   * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey"
-//   The specified key signing key (KSK) doesn't exist.
+//   The specified key-signing key (KSK) doesn't exist.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 //   * ErrCodeInvalidSigningStatus "InvalidSigningStatus"
@@ -2708,7 +2708,7 @@ func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECI
 // DisableHostedZoneDNSSEC API operation for Amazon Route 53.
 //
 // Disables DNSSEC signing in a specific hosted zone. This action does not deactivate
-// any key signing keys (KSKs) that are active in the hosted zone.
+// any key-signing keys (KSKs) that are active in the hosted zone.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -2729,13 +2729,13 @@ func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECI
 //   at the same time that you did. Retry the request.
 //
 //   * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord"
-//   The key signing key (KSK) is specified in a parent DS record.
+//   The key-signing key (KSK) is specified in a parent DS record.
 //
 //   * ErrCodeDNSSECNotFound "DNSSECNotFound"
 //   The hosted zone doesn't have any DNSSEC resources.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 //   * ErrCodeInvalidKMSArn "InvalidKMSArn"
@@ -2941,7 +2941,7 @@ func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInp
 //   at the same time that you did. Retry the request.
 //
 //   * ErrCodeKeySigningKeyWithActiveStatusNotFound "KeySigningKeyWithActiveStatusNotFound"
-//   A key signing key (KSK) with ACTIVE status wasn't found.
+//   A key-signing key (KSK) with ACTIVE status wasn't found.
 //
 //   * ErrCodeInvalidKMSArn "InvalidKMSArn"
 //   The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC
@@ -2955,7 +2955,7 @@ func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInp
 //   The hosted zone doesn't have any DNSSEC resources.
 //
 //   * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus"
-//   The key signing key (KSK) status isn't valid or another KSK has the status
+//   The key-signing key (KSK) status isn't valid or another KSK has the status
 //   INTERNAL_FAILURE.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC
@@ -3203,6 +3203,8 @@ func (c *Route53) GetCheckerIpRangesRequest(input *GetCheckerIpRangesInput) (req
 
 // GetCheckerIpRanges API operation for Amazon Route 53.
 //
+// Route 53 does not perform authorization for this API because it retrieves
+// information that is already available to the public.
 //
 // GetCheckerIpRanges still works, but we recommend that you download ip-ranges.json,
 // which includes IP address ranges for all AWS services. For more information,
@@ -3282,7 +3284,7 @@ func (c *Route53) GetDNSSECRequest(input *GetDNSSECInput) (req *request.Request,
 // GetDNSSEC API operation for Amazon Route 53.
 //
 // Returns information about DNSSEC for a specific hosted zone, including the
-// key signing keys (KSKs) and zone signing keys (ZSKs) in the hosted zone.
+// key-signing keys (KSKs) in the hosted zone.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@@ -3367,6 +3369,9 @@ func (c *Route53) GetGeoLocationRequest(input *GetGeoLocationInput) (req *reques
 // Gets information about whether a specified geographic location is supported
 // for Amazon Route 53 geolocation resource record sets.
 //
+// Route 53 does not perform authorization for this API because it retrieves
+// information that is already available to the public.
+//
 // Use the following syntax to determine whether a continent is supported for
 // geolocation:
 //
@@ -4557,6 +4562,9 @@ func (c *Route53) ListGeoLocationsRequest(input *ListGeoLocationsInput) (req *re
 // the subdivisions for that country are listed in alphabetical order immediately
 // after the corresponding country.
 //
+// Route 53 does not perform authorization for this API because it retrieves
+// information that is already available to the public.
+//
 // For a list of supported geolocation codes, see the GeoLocation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GeoLocation.html)
 // data type.
 //
@@ -6801,7 +6809,9 @@ type ActivateKeySigningKeyInput struct {
 	// HostedZoneId is a required field
 	HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
 
-	// An alphanumeric string used to identify a key signing key (KSK).
+	// A string used to identify a key-signing key (KSK). Name can include numbers,
+	// letters, and underscores (_). Name must be unique for each key-signing key
+	// in the same hosted zone.
 	//
 	// Name is a required field
 	Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
@@ -6902,8 +6912,9 @@ type AlarmIdentifier struct {
 	// determine whether this health check is healthy, the region that the alarm
 	// was created in.
 	//
-	// For the current list of CloudWatch regions, see Amazon CloudWatch (https://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region)
+	// For the current list of CloudWatch regions, see Amazon CloudWatch endpoints
-	// in the AWS Service Endpoints chapter of the Amazon Web Services General Reference.
+	// and quotas (https://docs.aws.amazon.com/general/latest/gr/cw_region.html)
+	// in the Amazon Web Services General Reference.
 	//
 	// Region is a required field
 	Region *string `min:"1" type:"string" required:"true" enum:"CloudWatchRegion"`
@@ -7199,21 +7210,20 @@ type AliasTarget struct {
 	//
 	// Specify the hosted zone ID for the region that you created the environment
 	// in. The environment must have a regionalized subdomain. For a list of regions
-	// and the corresponding hosted zone IDs, see AWS Elastic Beanstalk (https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region)
+	// and the corresponding hosted zone IDs, see AWS Elastic Beanstalk endpoints
-	// in the "AWS Service Endpoints" chapter of the Amazon Web Services General
+	// and quotas (https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html)
-	// Reference.
+	// in the the Amazon Web Services General Reference.
 	//
 	// ELB load balancer
 	//
 	// Specify the value of the hosted zone ID for the load balancer. Use the following
 	// methods to get the hosted zone ID:
 	//
-	//    * Service Endpoints (https://docs.aws.amazon.com/general/latest/gr/elb.html)
+	//    * Elastic Load Balancing endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/elb.html)
-	//    table in the "Elastic Load Balancing Endpoints and Quotas" topic in the
+	//    topic in the Amazon Web Services General Reference: Use the value that
-	//    Amazon Web Services General Reference: Use the value that corresponds
+	//    corresponds with the region that you created your load balancer in. Note
-	//    with the region that you created your load balancer in. Note that there
+	//    that there are separate columns for Application and Classic Load Balancers
-	//    are separate columns for Application and Classic Load Balancers and for
+	//    and for Network Load Balancers.
-	//    Network Load Balancers.
 	//
 	//    * AWS Management Console: Go to the Amazon EC2 page, choose Load Balancers
 	//    in the navigation pane, select the load balancer, and get the value of
@@ -8230,13 +8240,13 @@ type CreateKeySigningKeyInput struct {
 	// HostedZoneId is a required field
 	HostedZoneId *string `type:"string" required:"true"`
 
-	// The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key
+	// The Amazon resource name (ARN) for a customer managed customer master key
-	// Management Service (KMS). The KeyManagementServiceArn must be unique for
+	// (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn
-	// each key signing key (KSK) in a single hosted zone. To see an example of
+	// must be unique for each key-signing key (KSK) in a single hosted zone. To
-	// KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll
+	// see an example of KeyManagementServiceArn that grants the correct permissions
-	// down to Example.
+	// for DNSSEC, scroll down to Example.
 	//
-	// You must configure the CMK as follows:
+	// You must configure the customer managed CMK as follows:
 	//
 	// Status
 	//
@@ -8265,19 +8275,20 @@ type CreateKeySigningKeyInput struct {
 	//
 	//    * "Service": "api-service.dnssec.route53.aws.internal"
 	//
-	// For more information about working with CMK in KMS, see AWS Key Management
+	// For more information about working with a customer managed CMK in AWS KMS,
-	// Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
+	// see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
 	//
 	// KeyManagementServiceArn is a required field
 	KeyManagementServiceArn *string `type:"string" required:"true"`
 
-	// An alphanumeric string used to identify a key signing key (KSK). Name must
+	// A string used to identify a key-signing key (KSK). Name can include numbers,
-	// be unique for each key signing key in the same hosted zone.
+	// letters, and underscores (_). Name must be unique for each key-signing key
+	// in the same hosted zone.
 	//
 	// Name is a required field
 	Name *string `min:"3" type:"string" required:"true"`
 
-	// A string specifying the initial status of the key signing key (KSK). You
+	// A string specifying the initial status of the key-signing key (KSK). You
 	// can set the value to ACTIVE or INACTIVE.
 	//
 	// Status is a required field
@@ -8367,12 +8378,12 @@ type CreateKeySigningKeyOutput struct {
 	// ChangeInfo is a required field
 	ChangeInfo *ChangeInfo `type:"structure" required:"true"`
 
-	// The key signing key (KSK) that the request creates.
+	// The key-signing key (KSK) that the request creates.
 	//
 	// KeySigningKey is a required field
 	KeySigningKey *KeySigningKey `type:"structure" required:"true"`
 
-	// The unique URL representing the new key signing key (KSK).
+	// The unique URL representing the new key-signing key (KSK).
 	//
 	// Location is a required field
 	Location *string `location:"header" locationName:"Location" type:"string" required:"true"`
@@ -9059,14 +9070,34 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc
 type DNSSECStatus struct {
 	_ struct{} `type:"structure"`
 
-	// Indicates your hosted zone signging status: SIGNING, NOT_SIGNING, or INTERNAL_FAILURE.
+	// A string that represents the current hosted zone signing status.
-	// If the status is INTERNAL_FAILURE, see StatusMessage for information about
-	// steps that you can take to correct the problem.
 	//
-	// A status INTERNAL_FAILURE means there was an error during a request. Before
+	// Status can have one of the following values:
-	// you can continue to work with DNSSEC signing, including working with key
+	//
-	// signing keys (KSKs), you must correct the problem by enabling or disabling
+	// SIGNING
-	// DNSSEC signing for the hosted zone.
+	//
+	// DNSSEC signing is enabled for the hosted zone.
+	//
+	// NOT_SIGNING
+	//
+	// DNSSEC signing is not enabled for the hosted zone.
+	//
+	// DELETING
+	//
+	// DNSSEC signing is in the process of being removed for the hosted zone.
+	//
+	// ACTION_NEEDED
+	//
+	// There is a problem with signing in the hosted zone that requires you to take
+	// action to resolve. For example, the customer managed customer master key
+	// (CMK) might have been deleted, or the permissions for the customer managed
+	// CMK might have been changed.
+	//
+	// INTERNAL_FAILURE
+	//
+	// There was an error during a request. Before you can continue to work with
+	// DNSSEC signing, including with key-signing keys (KSKs), you must correct
+	// the problem by enabling or disabling DNSSEC signing for the hosted zone.
 	ServeSignature *string `min:"1" type:"string"`
 
 	// The status message provided for the following DNSSEC signing status: INTERNAL_FAILURE.
@@ -9105,7 +9136,7 @@ type DeactivateKeySigningKeyInput struct {
 	// HostedZoneId is a required field
 	HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
 
-	// An alphanumeric string used to identify a key signing key (KSK).
+	// A string used to identify a key-signing key (KSK).
 	//
 	// Name is a required field
 	Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
@@ -9362,7 +9393,7 @@ type DeleteKeySigningKeyInput struct {
 	// HostedZoneId is a required field
 	HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"`
 
-	// An alphanumeric string used to identify a key signing key (KSK).
+	// A string used to identify a key-signing key (KSK).
 	//
 	// Name is a required field
 	Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"`
@@ -10147,8 +10178,12 @@ type GeoLocationDetails struct {
 	// The name of the country.
 	CountryName *string `min:"1" type:"string"`
 
-	// The code for the subdivision. Route 53 currently supports only states in
+	// The code for the subdivision, such as a particular state within the United
-	// the United States.
+	// States. For a list of US state abbreviations, see Appendix B: Two–Letter
+	// State and Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm)
+	// on the United States Postal Service website. For a list of all supported
+	// subdivision codes, use the ListGeoLocations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListGeoLocations.html)
+	// API.
 	SubdivisionCode *string `min:"1" type:"string"`
 
 	// The full name of the subdivision. Route 53 currently supports only states
@@ -10461,7 +10496,7 @@ func (s *GetDNSSECInput) SetHostedZoneId(v string) *GetDNSSECInput {
 type GetDNSSECOutput struct {
 	_ struct{} `type:"structure"`
 
-	// The key signing keys (KSKs) in your account.
+	// The key-signing keys (KSKs) in your account.
 	//
 	// KeySigningKeys is a required field
 	KeySigningKeys []*KeySigningKey `type:"list" required:"true"`
@@ -10521,12 +10556,12 @@ type GetGeoLocationInput struct {
 	// standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
 	CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"`
 
-	// For SubdivisionCode, Amazon Route 53 supports only states of the United States.
+	// The code for the subdivision, such as a particular state within the United
-	// For a list of state abbreviations, see Appendix B: Two–Letter State and
+	// States. For a list of US state abbreviations, see Appendix B: Two–Letter
-	// Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) on the
+	// State and Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm)
-	// United States Postal Service website.
+	// on the United States Postal Service website. For a list of all supported
-	//
+	// subdivision codes, use the ListGeoLocations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListGeoLocations.html)
-	// If you specify subdivisioncode, you must also specify US for CountryCode.
+	// API.
 	SubdivisionCode *string `location:"querystring" locationName:"subdivisioncode" min:"1" type:"string"`
 }
 
@@ -12380,7 +12415,7 @@ func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary {
 	return s
 }
 
-// A key signing key (KSK) is a complex type that represents a public/private
+// A key-signing key (KSK) is a complex type that represents a public/private
 // key pair. The private key is used to generate a digital signature for the
 // zone signing key (ZSK). The public key is stored in the DNS and is used to
 // authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot
@@ -12388,7 +12423,7 @@ func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary {
 type KeySigningKey struct {
 	_ struct{} `type:"structure"`
 
-	// The date when the key signing key (KSK) was created.
+	// The date when the key-signing key (KSK) was created.
 	CreatedDate *time.Time `type:"timestamp"`
 
 	// A string that represents a DNSKEY record.
@@ -12411,7 +12446,7 @@ type KeySigningKey struct {
 	// system.
 	DigestValue *string `type:"string"`
 
-	// An integer that specifies how the key is used. For key signing key (KSK),
+	// An integer that specifies how the key is used. For key-signing key (KSK),
 	// this value is always 257.
 	Flag *int64 `type:"integer"`
 
@@ -12419,9 +12454,9 @@ type KeySigningKey struct {
 	// used to calculate the value is described in RFC-4034 Appendix B (https://tools.ietf.org/rfc/rfc4034.txt).
 	KeyTag *int64 `type:"integer"`
 
-	// The Amazon resource name (ARN) used to identify the customer managed key
+	// The Amazon resource name (ARN) used to identify the customer managed customer
-	// (CMK) in AWS Key Management Service (KMS). The KmsArn must be unique for
+	// master key (CMK) in AWS Key Management Service (AWS KMS). The KmsArn must
-	// each key signing key (KSK) in a single hosted zone.
+	// be unique for each key-signing key (KSK) in a single hosted zone.
 	//
 	// You must configure the CMK as follows:
 	//
@@ -12452,15 +12487,16 @@ type KeySigningKey struct {
 	//
 	//    * "Service": "api-service.dnssec.route53.aws.internal"
 	//
-	// For more information about working with the customer managed key (CMK) in
+	// For more information about working with the customer managed CMK in AWS KMS,
-	// KMS, see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
+	// see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html).
 	KmsArn *string `type:"string"`
 
-	// The last time that the key signing key (KSK) was changed.
+	// The last time that the key-signing key (KSK) was changed.
 	LastModifiedDate *time.Time `type:"timestamp"`
 
-	// An alphanumeric string used to identify a key signing key (KSK). Name must
+	// A string used to identify a key-signing key (KSK). Name can include numbers,
-	// be unique for each key signing key in the same hosted zone.
+	// letters, and underscores (_). Name must be unique for each key-signing key
+	// in the same hosted zone.
 	Name *string `min:"3" type:"string"`
 
 	// The public key, represented as a Base64 encoding, as required by RFC-4034
@@ -12475,7 +12511,7 @@ type KeySigningKey struct {
 	// the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1).
 	SigningAlgorithmType *int64 `type:"integer"`
 
-	// A string that represents the current key signing key (KSK) status.
+	// A string that represents the current key-signing key (KSK) status.
 	//
 	// Status can have one of the following values:
 	//
@@ -12487,9 +12523,16 @@ type KeySigningKey struct {
 	//
 	// The KSK is not being used for signing.
 	//
+	// DELETING
+	//
+	// The KSK is in the process of being deleted.
+	//
 	// ACTION_NEEDED
 	//
-	// There is an error in the KSK that requires you to take action to resolve.
+	// There is a problem with the KSK that requires you to take action to resolve.
+	// For example, the customer managed customer master key (CMK) might have been
+	// deleted, or the permissions for the customer managed CMK might have been
+	// changed.
 	//
 	// INTERNAL_FAILURE
 	//
@@ -12498,7 +12541,7 @@ type KeySigningKey struct {
 	// the problem. For example, you may need to activate or deactivate the KSK.
 	Status *string `min:"5" type:"string"`
 
-	// The status message provided for the following key signing key (KSK) statuses:
+	// The status message provided for the following key-signing key (KSK) statuses:
 	// ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information
 	// about what the problem might be and steps that you can take to correct the
 	// issue.
@@ -15378,8 +15421,8 @@ type ResourceRecordSet struct {
 	// data is encoded for them, see Supported DNS Resource Record Types (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html)
 	// in the Amazon Route 53 Developer Guide.
 	//
-	// Valid values for basic resource record sets: A | AAAA | CAA | CNAME | MX
+	// Valid values for basic resource record sets: A | AAAA | CAA | CNAME | DS
-	// | NAPTR | NS | PTR | SOA | SPF | SRV | TXT
+	// |MX | NAPTR | NS | PTR | SOA | SPF | SRV | TXT
 	//
 	// Values for weighted, latency, geolocation, and failover resource record sets:
 	// A | AAAA | CAA | CNAME | MX | NAPTR | PTR | SPF | SRV | TXT. When creating

vendor/github.com/aws/aws-sdk-go/service/route53/errors.go

@@ -199,13 +199,13 @@ const (
 	// ErrCodeInvalidKeySigningKeyName for service response error code
 	// "InvalidKeySigningKeyName".
 	//
-	// The key signing key (KSK) name that you specified isn't a valid name.
+	// The key-signing key (KSK) name that you specified isn't a valid name.
 	ErrCodeInvalidKeySigningKeyName = "InvalidKeySigningKeyName"
 
 	// ErrCodeInvalidKeySigningKeyStatus for service response error code
 	// "InvalidKeySigningKeyStatus".
 	//
-	// The key signing key (KSK) status isn't valid or another KSK has the status
+	// The key-signing key (KSK) status isn't valid or another KSK has the status
 	// INTERNAL_FAILURE.
 	ErrCodeInvalidKeySigningKeyStatus = "InvalidKeySigningKeyStatus"
 
@@ -240,20 +240,20 @@ const (
 	// ErrCodeKeySigningKeyAlreadyExists for service response error code
 	// "KeySigningKeyAlreadyExists".
 	//
-	// You've already created a key signing key (KSK) with this name or with the
+	// You've already created a key-signing key (KSK) with this name or with the
-	// same customer managed key (CMK) ARN.
+	// same customer managed customer master key (CMK) ARN.
 	ErrCodeKeySigningKeyAlreadyExists = "KeySigningKeyAlreadyExists"
 
 	// ErrCodeKeySigningKeyInParentDSRecord for service response error code
 	// "KeySigningKeyInParentDSRecord".
 	//
-	// The key signing key (KSK) is specified in a parent DS record.
+	// The key-signing key (KSK) is specified in a parent DS record.
 	ErrCodeKeySigningKeyInParentDSRecord = "KeySigningKeyInParentDSRecord"
 
 	// ErrCodeKeySigningKeyInUse for service response error code
 	// "KeySigningKeyInUse".
 	//
-	// The key signing key (KSK) that you specified can't be deactivated because
+	// The key-signing key (KSK) that you specified can't be deactivated because
 	// it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing,
 	// or add or enable another KSK.
 	ErrCodeKeySigningKeyInUse = "KeySigningKeyInUse"
@@ -261,7 +261,7 @@ const (
 	// ErrCodeKeySigningKeyWithActiveStatusNotFound for service response error code
 	// "KeySigningKeyWithActiveStatusNotFound".
 	//
-	// A key signing key (KSK) with ACTIVE status wasn't found.
+	// A key-signing key (KSK) with ACTIVE status wasn't found.
 	ErrCodeKeySigningKeyWithActiveStatusNotFound = "KeySigningKeyWithActiveStatusNotFound"
 
 	// ErrCodeLastVPCAssociation for service response error code
@@ -327,7 +327,7 @@ const (
 	// ErrCodeNoSuchKeySigningKey for service response error code
 	// "NoSuchKeySigningKey".
 	//
-	// The specified key signing key (KSK) doesn't exist.
+	// The specified key-signing key (KSK) doesn't exist.
 	ErrCodeNoSuchKeySigningKey = "NoSuchKeySigningKey"
 
 	// ErrCodeNoSuchQueryLoggingConfig for service response error code
@@ -428,7 +428,7 @@ const (
 	// ErrCodeTooManyKeySigningKeys for service response error code
 	// "TooManyKeySigningKeys".
 	//
-	// You've reached the limit for the number of key signing keys (KSKs). Remove
+	// You've reached the limit for the number of key-signing keys (KSKs). Remove
 	// at least one KSK, and then try again.
 	ErrCodeTooManyKeySigningKeys = "TooManyKeySigningKeys"
 

vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go

@@ -98,7 +98,7 @@ func endpointHandler(req *request.Request) {
 		Request:  req,
 	}
 
-	if resReq.IsCrossPartition() {
+	if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
 		req.Error = s3shared.NewClientPartitionMismatchError(resource,
 			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
 		return
@@ -110,11 +110,6 @@ func endpointHandler(req *request.Request) {
 		return
 	}
 
-	if resReq.HasCustomEndpoint() {
-		req.Error = s3shared.NewInvalidARNWithCustomEndpointError(resource, nil)
-		return
-	}
-
 	switch tv := resource.(type) {
 	case arn.AccessPointARN:
 		err = updateRequestAccessPointEndpoint(req, tv)
@@ -155,8 +150,7 @@ func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.Acce
 			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
 	}
 
-	// Ignore the disable host prefix for access points since custom endpoints
+	// Ignore the disable host prefix for access points
-	// are not supported.
 	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
 
 	if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
@@ -181,8 +175,7 @@ func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint a
 			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
 	}
 
-	// Ignore the disable host prefix for access points since custom endpoints
+	// Ignore the disable host prefix for access points
-	// are not supported.
 	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
 
 	if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {

vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go

@@ -22,6 +22,11 @@ const (
 	outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}."
 )
 
+// hasCustomEndpoint returns true if endpoint is a custom endpoint
+func hasCustomEndpoint(r *request.Request) bool {
+	return len(aws.StringValue(r.Config.Endpoint)) > 0
+}
+
 // accessPointEndpointBuilder represents the endpoint builder for access point arn
 type accessPointEndpointBuilder arn.AccessPointARN
 
@@ -55,10 +60,12 @@ func (a accessPointEndpointBuilder) build(req *request.Request) error {
 			req.ClientInfo.PartitionID, cfgRegion, err)
 	}
 
+	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+	if !hasCustomEndpoint(req) {
 		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
 			return err
 		}
-
 		const serviceEndpointLabel = "s3-accesspoint"
 
 		// dual stack provided by endpoint resolver
@@ -66,6 +73,7 @@ func (a accessPointEndpointBuilder) build(req *request.Request) error {
 		if strings.HasPrefix(cfgHost, "s3") {
 			req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:]
 		}
+	}
 
 	protocol.HostPrefixBuilder{
 		Prefix:   accessPointPrefixTemplate,
@@ -116,15 +124,18 @@ func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
 			req.ClientInfo.PartitionID, resolveRegion, err)
 	}
 
+	endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+	if !hasCustomEndpoint(req) {
 		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
 			return err
 		}
-
 		// add url host as s3-outposts
 		cfgHost := req.HTTPRequest.URL.Host
 		if strings.HasPrefix(cfgHost, endpointsID) {
 			req.HTTPRequest.URL.Host = resolveService + cfgHost[len(endpointsID):]
 		}
+	}
 
 	protocol.HostPrefixBuilder{
 		Prefix:   outpostAccessPointPrefixTemplate,
@@ -159,7 +170,6 @@ func resolveRegionalEndpoint(r *request.Request, region string, endpointsID stri
 }
 
 func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
-	endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL))
 
 	r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
 	if err != nil {

vendor/github.com/aws/aws-sdk-go/service/s3/errors.go

@@ -48,13 +48,13 @@ const (
 	// ErrCodeObjectAlreadyInActiveTierError for service response error code
 	// "ObjectAlreadyInActiveTierError".
 	//
-	// This operation is not allowed against this storage tier.
+	// This action is not allowed against this storage tier.
 	ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
 
 	// ErrCodeObjectNotInActiveTierError for service response error code
 	// "ObjectNotInActiveTierError".
 	//
-	// The source object of the COPY operation is not in the active tier and is
+	// The source object of the COPY action is not in the active tier and is only
-	// only stored in Amazon S3 Glacier.
+	// stored in Amazon S3 Glacier.
 	ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
 )

vendor/github.com/aws/aws-sdk-go/service/s3/service.go

@@ -48,6 +48,9 @@ const (
 //     svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
 func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
 	c := p.ClientConfig(EndpointsID, cfgs...)
+	if c.SigningNameDerived || len(c.SigningName) == 0 {
+		c.SigningName = "s3"
+	}
 	return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName)
 }
 

vendor/modules.txt

@@ -92,7 +92,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/bytequantity
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/cli
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector
 github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs
-# github.com/aws/aws-sdk-go v1.37.0
+# github.com/aws/aws-sdk-go v1.37.33
 ## explicit
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/arn