diff --git a/go.mod b/go.mod index 589a7294b5..dc6ebe9cee 100644 --- a/go.mod +++ b/go.mod @@ -59,7 +59,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/aliyun/alibaba-cloud-sdk-go v1.61.264 github.com/aws/amazon-ec2-instance-selector/v2 v2.0.1 - github.com/aws/aws-sdk-go v1.36.0 + github.com/aws/aws-sdk-go v1.37.0 github.com/blang/semver/v4 v4.0.0 github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect github.com/denverdino/aliyungo v0.0.0-20191128015008-acd8035bbb1d diff --git a/go.sum b/go.sum index f3d93034e1..03f2bb2cdb 100644 --- a/go.sum +++ b/go.sum @@ -154,8 +154,8 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.28.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.31.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= -github.com/aws/aws-sdk-go v1.36.0 h1:CscTrS+szX5iu34zk2bZrChnGO/GMtUYgMK1Xzs2hYo= -github.com/aws/aws-sdk-go v1.36.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= +github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 3b809e8478..39fa6d5fe7 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -438,13 +438,6 @@ func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config { return c } -// MergeIn merges the passed in configs into the existing config object. -func (c *Config) MergeIn(cfgs ...*Config) { - for _, other := range cfgs { - mergeInConfig(c, other) - } -} - // WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag // when resolving the endpoint for a service func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config { @@ -459,6 +452,27 @@ func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEn return c } +// WithLowerCaseHeaderMaps sets a config LowerCaseHeaderMaps value +// returning a Config pointer for chaining. +func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config { + c.LowerCaseHeaderMaps = &t + return c +} + +// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value +// returning a Config pointer for chaining. +func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config { + c.DisableRestProtocolURICleaning = &t + return c +} + +// MergeIn merges the passed in configs into the existing config object. +func (c *Config) MergeIn(cfgs ...*Config) { + for _, other := range cfgs { + mergeInConfig(c, other) + } +} + func mergeInConfig(dst *Config, other *Config) { if other == nil { return @@ -571,6 +585,10 @@ func mergeInConfig(dst *Config, other *Config) { if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint { dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint } + + if other.LowerCaseHeaderMaps != nil { + dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps + } } // Copy will return a shallow copy of the Config object. If any additional diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/BUILD.bazel new file mode 100644 index 0000000000..e80e53e353 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/BUILD.bazel @@ -0,0 +1,22 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "doc.go", + "os.go", + "os_windows.go", + "provider.go", + ], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds", + importpath = "github.com/aws/aws-sdk-go/aws/credentials/ssocreds", + visibility = ["//visibility:public"], + deps = [ + "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/sso:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface:go_default_library", + ], +) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go new file mode 100644 index 0000000000..18c940ab3c --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go @@ -0,0 +1,60 @@ +// Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token. +// +// IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider +// expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by +// some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in +// ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned. +// +// Loading AWS SSO credentials with the AWS shared configuration file +// +// You can use configure AWS SSO credentials from the AWS shared configuration file by +// providing the specifying the required keys in the profile: +// +// sso_account_id +// sso_region +// sso_role_name +// sso_start_url +// +// For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target +// account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be +// provided, or an error will be returned. +// +// [profile devsso] +// sso_start_url = https://my-sso-portal.awsapps.com/start +// sso_role_name = SSOReadOnlyRole +// sso_region = us-east-1 +// sso_account_id = 123456789012 +// +// Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to +// retrieve credentials. For example: +// +// sess, err := session.NewSessionWithOptions(session.Options{ +// SharedConfigState: session.SharedConfigEnable, +// Profile: "devsso", +// }) +// if err != nil { +// return err +// } +// +// Programmatically loading AWS SSO credentials directly +// +// You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information +// to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache. +// +// svc := sso.New(sess, &aws.Config{ +// Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region +// }) +// +// provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start") +// +// credentials, err := provider.Get() +// if err != nil { +// return err +// } +// +// Additional Resources +// +// Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html +// +// AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html +package ssocreds diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go new file mode 100644 index 0000000000..ceca7dceec --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go @@ -0,0 +1,9 @@ +// +build !windows + +package ssocreds + +import "os" + +func getHomeDirectory() string { + return os.Getenv("HOME") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go new file mode 100644 index 0000000000..eb48f61e5b --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go @@ -0,0 +1,7 @@ +package ssocreds + +import "os" + +func getHomeDirectory() string { + return os.Getenv("USERPROFILE") +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go new file mode 100644 index 0000000000..6eda2a5557 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go @@ -0,0 +1,180 @@ +package ssocreds + +import ( + "crypto/sha1" + "encoding/hex" + "encoding/json" + "fmt" + "io/ioutil" + "path/filepath" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/service/sso" + "github.com/aws/aws-sdk-go/service/sso/ssoiface" +) + +// ErrCodeSSOProviderInvalidToken is the code type that is returned if loaded token has expired or is otherwise invalid. +// To refresh the SSO session run aws sso login with the corresponding profile. +const ErrCodeSSOProviderInvalidToken = "SSOProviderInvalidToken" + +const invalidTokenMessage = "the SSO session has expired or is invalid" + +func init() { + nowTime = time.Now + defaultCacheLocation = defaultCacheLocationImpl +} + +var nowTime func() time.Time + +// ProviderName is the name of the provider used to specify the source of credentials. +const ProviderName = "SSOProvider" + +var defaultCacheLocation func() string + +func defaultCacheLocationImpl() string { + return filepath.Join(getHomeDirectory(), ".aws", "sso", "cache") +} + +// Provider is an AWS credential provider that retrieves temporary AWS credentials by exchanging an SSO login token. +type Provider struct { + credentials.Expiry + + // The Client which is configured for the AWS Region where the AWS SSO user portal is located. + Client ssoiface.SSOAPI + + // The AWS account that is assigned to the user. + AccountID string + + // The role name that is assigned to the user. + RoleName string + + // The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal. + StartURL string +} + +// NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured +// for the AWS Region where the AWS SSO user portal is located. +func NewCredentials(configProvider client.ConfigProvider, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials { + return NewCredentialsWithClient(sso.New(configProvider), accountID, roleName, startURL, optFns...) +} + +// NewCredentialsWithClient returns a new AWS Single Sign-On (AWS SSO) credential provider. The provided client is expected to be configured +// for the AWS Region where the AWS SSO user portal is located. +func NewCredentialsWithClient(client ssoiface.SSOAPI, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials { + p := &Provider{ + Client: client, + AccountID: accountID, + RoleName: roleName, + StartURL: startURL, + } + + for _, fn := range optFns { + fn(p) + } + + return credentials.NewCredentials(p) +} + +// Retrieve retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal +// by exchanging the accessToken present in ~/.aws/sso/cache. +func (p *Provider) Retrieve() (credentials.Value, error) { + return p.RetrieveWithContext(aws.BackgroundContext()) +} + +// RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal +// by exchanging the accessToken present in ~/.aws/sso/cache. +func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) { + tokenFile, err := loadTokenFile(p.StartURL) + if err != nil { + return credentials.Value{}, err + } + + output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{ + AccessToken: &tokenFile.AccessToken, + AccountId: &p.AccountID, + RoleName: &p.RoleName, + }) + if err != nil { + return credentials.Value{}, err + } + + expireTime := time.Unix(0, aws.Int64Value(output.RoleCredentials.Expiration)*int64(time.Millisecond)).UTC() + p.SetExpiration(expireTime, 0) + + return credentials.Value{ + AccessKeyID: aws.StringValue(output.RoleCredentials.AccessKeyId), + SecretAccessKey: aws.StringValue(output.RoleCredentials.SecretAccessKey), + SessionToken: aws.StringValue(output.RoleCredentials.SessionToken), + ProviderName: ProviderName, + }, nil +} + +func getCacheFileName(url string) (string, error) { + hash := sha1.New() + _, err := hash.Write([]byte(url)) + if err != nil { + return "", err + } + return strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json", nil +} + +type rfc3339 time.Time + +func (r *rfc3339) UnmarshalJSON(bytes []byte) error { + var value string + + if err := json.Unmarshal(bytes, &value); err != nil { + return err + } + + parse, err := time.Parse(time.RFC3339, value) + if err != nil { + return fmt.Errorf("expected RFC3339 timestamp: %v", err) + } + + *r = rfc3339(parse) + + return nil +} + +type token struct { + AccessToken string `json:"accessToken"` + ExpiresAt rfc3339 `json:"expiresAt"` + Region string `json:"region,omitempty"` + StartURL string `json:"startUrl,omitempty"` +} + +func (t token) Expired() bool { + return nowTime().Round(0).After(time.Time(t.ExpiresAt)) +} + +func loadTokenFile(startURL string) (t token, err error) { + key, err := getCacheFileName(startURL) + if err != nil { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) + } + + fileBytes, err := ioutil.ReadFile(filepath.Join(defaultCacheLocation(), key)) + if err != nil { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) + } + + if err := json.Unmarshal(fileBytes, &t); err != nil { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err) + } + + if len(t.AccessToken) == 0 { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil) + } + + if t.Expired() { + return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil) + } + + return t, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 6846ef6f80..e42c5cdbb2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -244,9 +244,11 @@ type AssumeRoleProvider struct { MaxJitterFrac float64 } -// NewCredentials returns a pointer to a new Credentials object wrapping the +// NewCredentials returns a pointer to a new Credentials value wrapping the // AssumeRoleProvider. The credentials will expire every 15 minutes and the -// role will be named after a nanosecond timestamp of this operation. +// role will be named after a nanosecond timestamp of this operation. The +// Credentials value will attempt to refresh the credentials using the provider +// when Credentials.Get is called, if the cached credentials are expiring. // // Takes a Config provider to create the STS client. The ConfigProvider is // satisfied by the session.Session type. @@ -268,9 +270,11 @@ func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*As return credentials.NewCredentials(p) } -// NewCredentialsWithClient returns a pointer to a new Credentials object wrapping the +// NewCredentialsWithClient returns a pointer to a new Credentials value wrapping the // AssumeRoleProvider. The credentials will expire every 15 minutes and the -// role will be named after a nanosecond timestamp of this operation. +// role will be named after a nanosecond timestamp of this operation. The +// Credentials value will attempt to refresh the credentials using the provider +// when Credentials.Get is called, if the cached credentials are expiring. // // Takes an AssumeRoler which can be satisfied by the STS client. // diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index fc8c1f9292..3cc48800d6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -380,9 +380,33 @@ var awsPartition = partition{ "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "api.detective-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "api.detective-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "api.detective-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "api.detective-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "api.ecr": service{ @@ -581,6 +605,12 @@ var awsPartition = partition{ }, }, }, + "api.fleethub.iot": service{ + + Endpoints: endpoints{ + "us-east-1": endpoint{}, + }, + }, "api.mediatailor": service{ Endpoints: endpoints{ @@ -740,6 +770,7 @@ var awsPartition = partition{ "appmesh": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -827,12 +858,36 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "athena-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "athena-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "athena-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "athena-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "autoscaling": service{ @@ -1231,6 +1286,7 @@ var awsPartition = partition{ "codebuild": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -1355,9 +1411,25 @@ var awsPartition = partition{ }, }, }, + "codeguru-reviewer": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "codepipeline": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1366,6 +1438,7 @@ var awsPartition = partition{ "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2685,6 +2758,14 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "emr-containers": service{ + + Endpoints: endpoints{ + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "entitlement.marketplace": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -2843,6 +2924,18 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "fips-af-south-1": endpoint{ + Hostname: "fms-fips.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + "fips-ap-east-1": endpoint{ + Hostname: "fms-fips.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, "fips-ap-northeast-1": endpoint{ Hostname: "fms-fips.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2885,6 +2978,12 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + "fips-eu-south-1": endpoint{ + Hostname: "fms-fips.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, "fips-eu-west-1": endpoint{ Hostname: "fms-fips.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2903,6 +3002,12 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + "fips-me-south-1": endpoint{ + Hostname: "fms-fips.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, "fips-sa-east-1": endpoint{ Hostname: "fms-fips.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2974,6 +3079,7 @@ var awsPartition = partition{ "fsx": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -2983,14 +3089,46 @@ var awsPartition = partition{ "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-prod-ca-central-1": endpoint{ + Hostname: "fsx-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "fips-prod-us-east-1": endpoint{ + Hostname: "fsx-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-prod-us-east-2": endpoint{ + Hostname: "fsx-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-prod-us-west-1": endpoint{ + Hostname: "fsx-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-prod-us-west-2": endpoint{ + Hostname: "fsx-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "gamelift": service{ @@ -3224,6 +3362,14 @@ var awsPartition = partition{ }, }, }, + "healthlake": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "us-east-1": endpoint{}, + }, + }, "honeycode": service{ Endpoints: endpoints{ @@ -3480,6 +3626,23 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "iotwireless": service{ + + Endpoints: endpoints{ + "eu-west-1": endpoint{ + Hostname: "api.iotwireless.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + "us-east-1": endpoint{ + Hostname: "api.iotwireless.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "kafka": service{ Endpoints: endpoints{ @@ -3625,6 +3788,7 @@ var awsPartition = partition{ "lakeformation": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3874,6 +4038,7 @@ var awsPartition = partition{ "macie2": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -3883,6 +4048,7 @@ var awsPartition = partition{ "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -3910,11 +4076,12 @@ var awsPartition = partition{ Region: "us-west-2", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "managedblockchain": service{ @@ -4137,7 +4304,19 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "models-fips.lex.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "models-fips.lex.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "monitoring": service{ @@ -4701,6 +4880,18 @@ var awsPartition = partition{ }, }, }, + "profile": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "projects.iot1click": service{ Endpoints: endpoints{ @@ -5039,7 +5230,19 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "runtime-fips.lex.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "runtime-fips.lex.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "runtime.sagemaker": service{ @@ -5584,6 +5787,7 @@ var awsPartition = partition{ "servicediscovery": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -5593,6 +5797,7 @@ var awsPartition = partition{ "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -6786,12 +6991,36 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "me-south-1": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "xray-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "xray-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "xray-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "xray-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, }, @@ -8419,6 +8648,25 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "fsx": service{ + + Endpoints: endpoints{ + "fips-prod-us-gov-east-1": endpoint{ + Hostname: "fsx-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-prod-us-gov-west-1": endpoint{ + Hostname: "fsx-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "glacier": service{ Endpoints: endpoints{ @@ -8480,7 +8728,12 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, - "us-gov-east-1": endpoint{}, + "us-gov-east-1": endpoint{ + Hostname: "greengrass.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, "us-gov-west-1": endpoint{ Hostname: "greengrass.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -9330,12 +9583,24 @@ var awsusgovPartition = partition{ "waf-regional": service{ Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "waf-regional-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, "fips-us-gov-west-1": endpoint{ Hostname: "waf-regional-fips.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, }, + "us-gov-east-1": endpoint{ + Hostname: "waf-regional.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, "us-gov-west-1": endpoint{ Hostname: "waf-regional.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -9359,6 +9624,18 @@ var awsusgovPartition = partition{ "xray": service{ Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "xray-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "xray-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, @@ -9663,6 +9940,12 @@ var awsisoPartition = partition{ }, }, }, + "secretsmanager": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "snowball": service{ Endpoints: endpoints{ @@ -9685,6 +9968,12 @@ var awsisoPartition = partition{ }, }, }, + "ssm": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "states": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/aws/session/BUILD.bazel index 7a758bc754..44b614b268 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/BUILD.bazel +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/BUILD.bazel @@ -3,10 +3,11 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "go_default_library", srcs = [ - "cabundle_transport.go", - "cabundle_transport_1_5.go", - "cabundle_transport_1_6.go", "credentials.go", + "custom_transport.go", + "custom_transport_go1.12.go", + "custom_transport_go1.5.go", + "custom_transport_go1.6.go", "doc.go", "env_config.go", "session.go", @@ -22,6 +23,7 @@ go_library( "//vendor/github.com/aws/aws-sdk-go/aws/corehandlers:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/credentials/processcreds:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/csm:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/defaults:go_default_library", diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index fe6dac1f47..b0cef7575d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -9,6 +9,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials/processcreds" + "github.com/aws/aws-sdk-go/aws/credentials/ssocreds" "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/request" @@ -100,6 +101,9 @@ func resolveCredsFromProfile(cfg *aws.Config, sharedCfg.Creds, ) + case sharedCfg.hasSSOConfiguration(): + creds = resolveSSOCredentials(cfg, sharedCfg, handlers) + case len(sharedCfg.CredentialProcess) != 0: // Get credentials from CredentialProcess creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) @@ -151,6 +155,21 @@ func resolveCredsFromProfile(cfg *aws.Config, return creds, nil } +func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) *credentials.Credentials { + cfgCopy := cfg.Copy() + cfgCopy.Region = &sharedCfg.SSORegion + + return ssocreds.NewCredentials( + &Session{ + Config: cfgCopy, + Handlers: handlers.Copy(), + }, + sharedCfg.SSOAccountID, + sharedCfg.SSORoleName, + sharedCfg.SSOStartURL, + ) +} + // valid credential source values const ( credSourceEc2Metadata = "Ec2InstanceMetadata" diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go new file mode 100644 index 0000000000..593aedc421 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go @@ -0,0 +1,27 @@ +// +build go1.13 + +package session + +import ( + "net" + "net/http" + "time" +) + +// Transport that should be used when a custom CA bundle is specified with the +// SDK. +func getCustomTransport() *http.Transport { + return &http.Transport{ + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + ForceAttemptHTTP2: true, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go similarity index 88% rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go index ea9ebb6f6a..1bf31cf8e5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.12.go @@ -1,4 +1,4 @@ -// +build go1.7 +// +build !go1.13,go1.7 package session @@ -10,7 +10,7 @@ import ( // Transport that should be used when a custom CA bundle is specified with the // SDK. -func getCABundleTransport() *http.Transport { +func getCustomTransport() *http.Transport { return &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go similarity index 88% rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go index fec39dfc12..253d7bc9d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_5.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.5.go @@ -10,7 +10,7 @@ import ( // Transport that should be used when a custom CA bundle is specified with the // SDK. -func getCABundleTransport() *http.Transport { +func getCustomTransport() *http.Transport { return &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go similarity index 90% rename from vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go rename to vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go index 1c5a5391e6..db24060544 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/cabundle_transport_1_6.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport_go1.6.go @@ -10,7 +10,7 @@ import ( // Transport that should be used when a custom CA bundle is specified with the // SDK. -func getCABundleTransport() *http.Transport { +func getCustomTransport() *http.Transport { return &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go index cc461bd323..9419b518d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go @@ -208,6 +208,8 @@ env values as well. AWS_SDK_LOAD_CONFIG=1 +Custom Shared Config and Credential Files + Shared credentials file path can be set to instruct the SDK to use an alternative file for the shared credentials. If not set the file will be loaded from $HOME/.aws/credentials on Linux/Unix based systems, and @@ -222,6 +224,8 @@ $HOME/.aws/config on Linux/Unix based systems, and AWS_CONFIG_FILE=$HOME/my_shared_config +Custom CA Bundle + Path to a custom Credentials Authority (CA) bundle PEM file that the SDK will use instead of the default system's root CA bundle. Use this only if you want to replace the CA bundle the SDK uses for TLS requests. @@ -242,6 +246,29 @@ Setting a custom HTTPClient in the aws.Config options will override this setting To use this option and custom HTTP client, the HTTP client needs to be provided when creating the session. Not the service client. +Custom Client TLS Certificate + +The SDK supports the environment and session option being configured with +Client TLS certificates that are sent as a part of the client's TLS handshake +for client authentication. If used, both Cert and Key values are required. If +one is missing, or either fail to load the contents of the file an error will +be returned. + +HTTP Client's Transport concrete implementation must be a http.Transport +or creating the session will fail. + + AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key + AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert + +This can also be configured via the session.Options ClientTLSCert and ClientTLSKey. + + sess, err := session.NewSessionWithOptions(session.Options{ + ClientTLSCert: myCertFile, + ClientTLSKey: myKeyFile, + }) + +Custom EC2 IMDS Endpoint + The endpoint of the EC2 IMDS client can be configured via the environment variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a Session. See Options.EC2IMDSEndpoint for more details. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index d67c261d74..3cd5d4b5ae 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -101,6 +101,18 @@ type envConfig struct { // AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle CustomCABundle string + // Sets the TLC client certificate that should be used by the SDK's HTTP transport + // when making requests. The certificate must be paired with a TLS client key file. + // + // AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert + ClientTLSCert string + + // Sets the TLC client key that should be used by the SDK's HTTP transport + // when making requests. The key must be paired with a TLS client certificate file. + // + // AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key + ClientTLSKey string + csmEnabled string CSMEnabled *bool CSMPort string @@ -219,6 +231,15 @@ var ( ec2IMDSEndpointEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT", } + useCABundleKey = []string{ + "AWS_CA_BUNDLE", + } + useClientTLSCert = []string{ + "AWS_SDK_GO_CLIENT_TLS_CERT", + } + useClientTLSKey = []string{ + "AWS_SDK_GO_CLIENT_TLS_KEY", + } ) // loadEnvConfig retrieves the SDK's environment configuration. @@ -302,7 +323,9 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { cfg.SharedConfigFile = defaults.SharedConfigFilename() } - cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE") + setFromEnvVal(&cfg.CustomCABundle, useCABundleKey) + setFromEnvVal(&cfg.ClientTLSCert, useClientTLSCert) + setFromEnvVal(&cfg.ClientTLSKey, useClientTLSKey) var err error // STS Regional Endpoint variable diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 6430a7f152..038ae222ff 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -25,11 +25,18 @@ const ( // ErrCodeSharedConfig represents an error that occurs in the shared // configuration logic ErrCodeSharedConfig = "SharedConfigErr" + + // ErrCodeLoadCustomCABundle error code for unable to load custom CA bundle. + ErrCodeLoadCustomCABundle = "LoadCustomCABundleError" + + // ErrCodeLoadClientTLSCert error code for unable to load client TLS + // certificate or key + ErrCodeLoadClientTLSCert = "LoadClientTLSCertError" ) // ErrSharedConfigSourceCollision will be returned if a section contains both // source_profile and credential_source -var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil) +var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso", nil) // ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment // variables are empty and Environment was set as the credential source @@ -229,17 +236,46 @@ type Options struct { // the SDK will use instead of the default system's root CA bundle. Use this // only if you want to replace the CA bundle the SDK uses for TLS requests. // - // Enabling this option will attempt to merge the Transport into the SDK's HTTP - // client. If the client's Transport is not a http.Transport an error will be - // returned. If the Transport's TLS config is set this option will cause the SDK + // HTTP Client's Transport concrete implementation must be a http.Transport + // or creating the session will fail. + // + // If the Transport's TLS config is set this option will cause the SDK // to overwrite the Transport's TLS config's RootCAs value. If the CA // bundle reader contains multiple certificates all of them will be loaded. // - // The Session option CustomCABundle is also available when creating sessions - // to also enable this feature. CustomCABundle session option field has priority - // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. + // Can also be specified via the environment variable: + // + // AWS_CA_BUNDLE=$HOME/ca_bundle + // + // Can also be specified via the shared config field: + // + // ca_bundle = $HOME/ca_bundle CustomCABundle io.Reader + // Reader for the TLC client certificate that should be used by the SDK's + // HTTP transport when making requests. The certificate must be paired with + // a TLS client key file. Will be ignored if both are not provided. + // + // HTTP Client's Transport concrete implementation must be a http.Transport + // or creating the session will fail. + // + // Can also be specified via the environment variable: + // + // AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert + ClientTLSCert io.Reader + + // Reader for the TLC client key that should be used by the SDK's HTTP + // transport when making requests. The key must be paired with a TLS client + // certificate file. Will be ignored if both are not provided. + // + // HTTP Client's Transport concrete implementation must be a http.Transport + // or creating the session will fail. + // + // Can also be specified via the environment variable: + // + // AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key + ClientTLSKey io.Reader + // The handlers that the session and all API clients will be created with. // This must be a complete set of handlers. Use the defaults.Handlers() // function to initialize this value before changing the handlers to be @@ -319,17 +355,6 @@ func NewSessionWithOptions(opts Options) (*Session, error) { envCfg.EnableSharedConfig = true } - // Only use AWS_CA_BUNDLE if session option is not provided. - if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil { - f, err := os.Open(envCfg.CustomCABundle) - if err != nil { - return nil, awserr.New("LoadCustomCABundleError", - "failed to open custom CA bundle PEM file", err) - } - defer f.Close() - opts.CustomCABundle = f - } - return newSession(opts, envCfg, &opts.Config) } @@ -460,6 +485,10 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, return nil, err } + if err := setTLSOptions(&opts, cfg, envCfg, sharedCfg); err != nil { + return nil, err + } + s := &Session{ Config: cfg, Handlers: handlers, @@ -479,13 +508,6 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, } } - // Setup HTTP client with custom cert bundle if enabled - if opts.CustomCABundle != nil { - if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil { - return nil, err - } - } - return s, nil } @@ -529,22 +551,83 @@ func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) { return csmConfig{}, nil } -func loadCustomCABundle(s *Session, bundle io.Reader) error { +func setTLSOptions(opts *Options, cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig) error { + // CA Bundle can be specified in both environment variable shared config file. + var caBundleFilename = envCfg.CustomCABundle + if len(caBundleFilename) == 0 { + caBundleFilename = sharedCfg.CustomCABundle + } + + // Only use environment value if session option is not provided. + customTLSOptions := map[string]struct { + filename string + field *io.Reader + errCode string + }{ + "custom CA bundle PEM": {filename: caBundleFilename, field: &opts.CustomCABundle, errCode: ErrCodeLoadCustomCABundle}, + "custom client TLS cert": {filename: envCfg.ClientTLSCert, field: &opts.ClientTLSCert, errCode: ErrCodeLoadClientTLSCert}, + "custom client TLS key": {filename: envCfg.ClientTLSKey, field: &opts.ClientTLSKey, errCode: ErrCodeLoadClientTLSCert}, + } + for name, v := range customTLSOptions { + if len(v.filename) != 0 && *v.field == nil { + f, err := os.Open(v.filename) + if err != nil { + return awserr.New(v.errCode, fmt.Sprintf("failed to open %s file", name), err) + } + defer f.Close() + *v.field = f + } + } + + // Setup HTTP client with custom cert bundle if enabled + if opts.CustomCABundle != nil { + if err := loadCustomCABundle(cfg.HTTPClient, opts.CustomCABundle); err != nil { + return err + } + } + + // Setup HTTP client TLS certificate and key for client TLS authentication. + if opts.ClientTLSCert != nil && opts.ClientTLSKey != nil { + if err := loadClientTLSCert(cfg.HTTPClient, opts.ClientTLSCert, opts.ClientTLSKey); err != nil { + return err + } + } else if opts.ClientTLSCert == nil && opts.ClientTLSKey == nil { + // Do nothing if neither values are available. + + } else { + return awserr.New(ErrCodeLoadClientTLSCert, + fmt.Sprintf("client TLS cert(%t) and key(%t) must both be provided", + opts.ClientTLSCert != nil, opts.ClientTLSKey != nil), nil) + } + + return nil +} + +func getHTTPTransport(client *http.Client) (*http.Transport, error) { var t *http.Transport - switch v := s.Config.HTTPClient.Transport.(type) { + switch v := client.Transport.(type) { case *http.Transport: t = v default: - if s.Config.HTTPClient.Transport != nil { - return awserr.New("LoadCustomCABundleError", - "unable to load custom CA bundle, HTTPClient's transport unsupported type", nil) + if client.Transport != nil { + return nil, fmt.Errorf("unsupported transport, %T", client.Transport) } } if t == nil { // Nil transport implies `http.DefaultTransport` should be used. Since // the SDK cannot modify, nor copy the `DefaultTransport` specifying // the values the next closest behavior. - t = getCABundleTransport() + t = getCustomTransport() + } + + return t, nil +} + +func loadCustomCABundle(client *http.Client, bundle io.Reader) error { + t, err := getHTTPTransport(client) + if err != nil { + return awserr.New(ErrCodeLoadCustomCABundle, + "unable to load custom CA bundle, HTTPClient's transport unsupported type", err) } p, err := loadCertPool(bundle) @@ -556,7 +639,7 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error { } t.TLSClientConfig.RootCAs = p - s.Config.HTTPClient.Transport = t + client.Transport = t return nil } @@ -564,19 +647,57 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error { func loadCertPool(r io.Reader) (*x509.CertPool, error) { b, err := ioutil.ReadAll(r) if err != nil { - return nil, awserr.New("LoadCustomCABundleError", + return nil, awserr.New(ErrCodeLoadCustomCABundle, "failed to read custom CA bundle PEM file", err) } p := x509.NewCertPool() if !p.AppendCertsFromPEM(b) { - return nil, awserr.New("LoadCustomCABundleError", + return nil, awserr.New(ErrCodeLoadCustomCABundle, "failed to load custom CA bundle PEM file", err) } return p, nil } +func loadClientTLSCert(client *http.Client, certFile, keyFile io.Reader) error { + t, err := getHTTPTransport(client) + if err != nil { + return awserr.New(ErrCodeLoadClientTLSCert, + "unable to get usable HTTP transport from client", err) + } + + cert, err := ioutil.ReadAll(certFile) + if err != nil { + return awserr.New(ErrCodeLoadClientTLSCert, + "unable to get read client TLS cert file", err) + } + + key, err := ioutil.ReadAll(keyFile) + if err != nil { + return awserr.New(ErrCodeLoadClientTLSCert, + "unable to get read client TLS key file", err) + } + + clientCert, err := tls.X509KeyPair(cert, key) + if err != nil { + return awserr.New(ErrCodeLoadClientTLSCert, + "unable to load x509 key pair from client cert", err) + } + + tlsCfg := t.TLSClientConfig + if tlsCfg == nil { + tlsCfg = &tls.Config{} + } + + tlsCfg.Certificates = append(tlsCfg.Certificates, clientCert) + + t.TLSClientConfig = tlsCfg + client.Transport = t + + return nil +} + func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 680805a38a..5ab05d56cc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -2,6 +2,7 @@ package session import ( "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws/awserr" @@ -25,6 +26,12 @@ const ( roleSessionNameKey = `role_session_name` // optional roleDurationSecondsKey = "duration_seconds" // optional + // AWS Single Sign-On (AWS SSO) group + ssoAccountIDKey = "sso_account_id" + ssoRegionKey = "sso_region" + ssoRoleNameKey = "sso_role_name" + ssoStartURL = "sso_start_url" + // CSM options csmEnabledKey = `csm_enabled` csmHostKey = `csm_host` @@ -34,6 +41,9 @@ const ( // Additional Config fields regionKey = `region` + // custom CA Bundle filename + customCABundleKey = `ca_bundle` + // endpoint discovery group enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional @@ -75,6 +85,11 @@ type sharedConfig struct { CredentialProcess string WebIdentityTokenFile string + SSOAccountID string + SSORegion string + SSORoleName string + SSOStartURL string + RoleARN string RoleSessionName string ExternalID string @@ -90,6 +105,15 @@ type sharedConfig struct { // region Region string + // CustomCABundle is the file path to a PEM file the SDK will read and + // use to configure the HTTP transport with additional CA certs that are + // not present in the platforms default CA store. + // + // This value will be ignored if the file does not exist. + // + // ca_bundle + CustomCABundle string + // EnableEndpointDiscovery can be enabled in the shared config by setting // endpoint_discovery_enabled to true // @@ -205,9 +229,9 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s cfg.clearAssumeRoleOptions() } else { // First time a profile has been seen, It must either be a assume role - // or credentials. Assert if the credential type requires a role ARN, - // the ARN is also set. - if err := cfg.validateCredentialsRequireARN(profile); err != nil { + // credentials, or SSO. Assert if the credential type requires a role ARN, + // the ARN is also set, or validate that the SSO configuration is complete. + if err := cfg.validateCredentialsConfig(profile); err != nil { return err } } @@ -276,6 +300,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.SourceProfileName, section, sourceProfileKey) updateString(&cfg.CredentialSource, section, credentialSourceKey) updateString(&cfg.Region, section, regionKey) + updateString(&cfg.CustomCABundle, section, customCABundleKey) if section.Has(roleDurationSecondsKey) { d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second @@ -299,6 +324,12 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e } cfg.S3UsEast1RegionalEndpoint = sre } + + // AWS Single Sign-On (AWS SSO) + updateString(&cfg.SSOAccountID, section, ssoAccountIDKey) + updateString(&cfg.SSORegion, section, ssoRegionKey) + updateString(&cfg.SSORoleName, section, ssoRoleNameKey) + updateString(&cfg.SSOStartURL, section, ssoStartURL) } updateString(&cfg.CredentialProcess, section, credentialProcessKey) @@ -329,6 +360,18 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e return nil } +func (cfg *sharedConfig) validateCredentialsConfig(profile string) error { + if err := cfg.validateCredentialsRequireARN(profile); err != nil { + return err + } + + if err := cfg.validateSSOConfiguration(profile); err != nil { + return err + } + + return nil +} + func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error { var credSource string @@ -358,6 +401,7 @@ func (cfg *sharedConfig) validateCredentialType() error { len(cfg.CredentialSource) != 0, len(cfg.CredentialProcess) != 0, len(cfg.WebIdentityTokenFile) != 0, + cfg.hasSSOConfiguration(), ) { return ErrSharedConfigSourceCollision } @@ -365,12 +409,43 @@ func (cfg *sharedConfig) validateCredentialType() error { return nil } +func (cfg *sharedConfig) validateSSOConfiguration(profile string) error { + if !cfg.hasSSOConfiguration() { + return nil + } + + var missing []string + if len(cfg.SSOAccountID) == 0 { + missing = append(missing, ssoAccountIDKey) + } + + if len(cfg.SSORegion) == 0 { + missing = append(missing, ssoRegionKey) + } + + if len(cfg.SSORoleName) == 0 { + missing = append(missing, ssoRoleNameKey) + } + + if len(cfg.SSOStartURL) == 0 { + missing = append(missing, ssoStartURL) + } + + if len(missing) > 0 { + return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s", + profile, strings.Join(missing, ", ")) + } + + return nil +} + func (cfg *sharedConfig) hasCredentials() bool { switch { case len(cfg.SourceProfileName) != 0: case len(cfg.CredentialSource) != 0: case len(cfg.CredentialProcess) != 0: case len(cfg.WebIdentityTokenFile) != 0: + case cfg.hasSSOConfiguration(): case cfg.Creds.HasKeys(): default: return false @@ -394,6 +469,18 @@ func (cfg *sharedConfig) clearAssumeRoleOptions() { cfg.SourceProfileName = "" } +func (cfg *sharedConfig) hasSSOConfiguration() bool { + switch { + case len(cfg.SSOAccountID) != 0: + case len(cfg.SSORegion) != 0: + case len(cfg.SSORoleName) != 0: + case len(cfg.SSOStartURL) != 0: + default: + return false + } + return true +} + func oneOrNone(bs ...bool) bool { var count int diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index c0e056ea83..cf26997eb2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.36.0" +const SDKVersion = "1.37.0" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go index d7d42db0a6..1f1d27aea4 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/host.go @@ -1,9 +1,10 @@ package protocol import ( - "strings" - "github.com/aws/aws-sdk-go/aws/request" + "net" + "strconv" + "strings" ) // ValidateEndpointHostHandler is a request handler that will validate the @@ -22,8 +23,26 @@ var ValidateEndpointHostHandler = request.NamedHandler{ // 3986 host. Returns error if the host is not valid. func ValidateEndpointHost(opName, host string) error { paramErrs := request.ErrInvalidParams{Context: opName} - labels := strings.Split(host, ".") + var hostname string + var port string + var err error + + if strings.Contains(host, ":") { + hostname, port, err = net.SplitHostPort(host) + + if err != nil { + paramErrs.Add(request.NewErrParamFormat("endpoint", err.Error(), host)) + } + + if !ValidPortNumber(port) { + paramErrs.Add(request.NewErrParamFormat("endpoint port number", "[0-65535]", port)) + } + } else { + hostname = host + } + + labels := strings.Split(hostname, ".") for i, label := range labels { if i == len(labels)-1 && len(label) == 0 { // Allow trailing dot for FQDN hosts. @@ -36,7 +55,11 @@ func ValidateEndpointHost(opName, host string) error { } } - if len(host) > 255 { + if len(hostname) == 0 { + paramErrs.Add(request.NewErrParamMinLen("endpoint host", 1)) + } + + if len(hostname) > 255 { paramErrs.Add(request.NewErrParamMaxLen( "endpoint host", 255, host, )) @@ -66,3 +89,16 @@ func ValidHostLabel(label string) bool { return true } + +// ValidPortNumber return if the port is valid RFC 3986 port +func ValidPortNumber(port string) bool { + i, err := strconv.Atoi(port) + if err != nil { + return false + } + + if i < 0 || i > 65535 { + return false + } + return true +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/BUILD.bazel new file mode 100644 index 0000000000..b68a980a6a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/BUILD.bazel @@ -0,0 +1,20 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "restjson.go", + "unmarshal_error.go", + ], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson", + importpath = "github.com/aws/aws-sdk-go/private/protocol/restjson", + visibility = ["//visibility:public"], + deps = [ + "//vendor/github.com/aws/aws-sdk-go/aws/awserr:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol/rest:go_default_library", + ], +) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go new file mode 100644 index 0000000000..2e0e205af3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go @@ -0,0 +1,59 @@ +// Package restjson provides RESTful JSON serialization of AWS +// requests and responses. +package restjson + +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-json.json build_test.go +//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-json.json unmarshal_test.go + +import ( + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" + "github.com/aws/aws-sdk-go/private/protocol/rest" +) + +// BuildHandler is a named request handler for building restjson protocol +// requests +var BuildHandler = request.NamedHandler{ + Name: "awssdk.restjson.Build", + Fn: Build, +} + +// UnmarshalHandler is a named request handler for unmarshaling restjson +// protocol requests +var UnmarshalHandler = request.NamedHandler{ + Name: "awssdk.restjson.Unmarshal", + Fn: Unmarshal, +} + +// UnmarshalMetaHandler is a named request handler for unmarshaling restjson +// protocol request metadata +var UnmarshalMetaHandler = request.NamedHandler{ + Name: "awssdk.restjson.UnmarshalMeta", + Fn: UnmarshalMeta, +} + +// Build builds a request for the REST JSON protocol. +func Build(r *request.Request) { + rest.Build(r) + + if t := rest.PayloadType(r.Params); t == "structure" || t == "" { + if v := r.HTTPRequest.Header.Get("Content-Type"); len(v) == 0 { + r.HTTPRequest.Header.Set("Content-Type", "application/json") + } + jsonrpc.Build(r) + } +} + +// Unmarshal unmarshals a response body for the REST JSON protocol. +func Unmarshal(r *request.Request) { + if t := rest.PayloadType(r.Data); t == "structure" || t == "" { + jsonrpc.Unmarshal(r) + } else { + rest.Unmarshal(r) + } +} + +// UnmarshalMeta unmarshals response headers for the REST JSON protocol. +func UnmarshalMeta(r *request.Request) { + rest.UnmarshalMeta(r) +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go new file mode 100644 index 0000000000..d756d8cc52 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go @@ -0,0 +1,134 @@ +package restjson + +import ( + "bytes" + "io" + "io/ioutil" + "net/http" + "strings" + + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" + "github.com/aws/aws-sdk-go/private/protocol/rest" +) + +const ( + errorTypeHeader = "X-Amzn-Errortype" + errorMessageHeader = "X-Amzn-Errormessage" +) + +// UnmarshalTypedError provides unmarshaling errors API response errors +// for both typed and untyped errors. +type UnmarshalTypedError struct { + exceptions map[string]func(protocol.ResponseMetadata) error +} + +// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the +// set of exception names to the error unmarshalers +func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError { + return &UnmarshalTypedError{ + exceptions: exceptions, + } +} + +// UnmarshalError attempts to unmarshal the HTTP response error as a known +// error type. If unable to unmarshal the error type, the generic SDK error +// type will be used. +func (u *UnmarshalTypedError) UnmarshalError( + resp *http.Response, + respMeta protocol.ResponseMetadata, +) (error, error) { + + code := resp.Header.Get(errorTypeHeader) + msg := resp.Header.Get(errorMessageHeader) + + body := resp.Body + if len(code) == 0 { + // If unable to get code from HTTP headers have to parse JSON message + // to determine what kind of exception this will be. + var buf bytes.Buffer + var jsonErr jsonErrorResponse + teeReader := io.TeeReader(resp.Body, &buf) + err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader) + if err != nil { + return nil, err + } + + body = ioutil.NopCloser(&buf) + code = jsonErr.Code + msg = jsonErr.Message + } + + // If code has colon separators remove them so can compare against modeled + // exception names. + code = strings.SplitN(code, ":", 2)[0] + + if fn, ok := u.exceptions[code]; ok { + // If exception code is know, use associated constructor to get a value + // for the exception that the JSON body can be unmarshaled into. + v := fn(respMeta) + if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil { + return nil, err + } + + if err := rest.UnmarshalResponse(resp, v, true); err != nil { + return nil, err + } + + return v, nil + } + + // fallback to unmodeled generic exceptions + return awserr.NewRequestFailure( + awserr.New(code, msg, nil), + respMeta.StatusCode, + respMeta.RequestID, + ), nil +} + +// UnmarshalErrorHandler is a named request handler for unmarshaling restjson +// protocol request errors +var UnmarshalErrorHandler = request.NamedHandler{ + Name: "awssdk.restjson.UnmarshalError", + Fn: UnmarshalError, +} + +// UnmarshalError unmarshals a response error for the REST JSON protocol. +func UnmarshalError(r *request.Request) { + defer r.HTTPResponse.Body.Close() + + var jsonErr jsonErrorResponse + err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body) + if err != nil { + r.Error = awserr.NewRequestFailure( + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal response error", err), + r.HTTPResponse.StatusCode, + r.RequestID, + ) + return + } + + code := r.HTTPResponse.Header.Get(errorTypeHeader) + if code == "" { + code = jsonErr.Code + } + msg := r.HTTPResponse.Header.Get(errorMessageHeader) + if msg == "" { + msg = jsonErr.Message + } + + code = strings.SplitN(code, ":", 2)[0] + r.Error = awserr.NewRequestFailure( + awserr.New(code, jsonErr.Message, nil), + r.HTTPResponse.StatusCode, + r.RequestID, + ) +} + +type jsonErrorResponse struct { + Code string `json:"code"` + Message string `json:"message"` +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go index b9257cfcc2..b32db3ee72 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/autoscaling/api.go @@ -727,6 +727,9 @@ func (c *AutoScaling) CreateAutoScalingGroupRequest(input *CreateAutoScalingGrou // CreateAutoScalingGroup API operation for Auto Scaling. // +// We strongly recommend using a launch template when calling this operation +// to ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. +// // Creates an Auto Scaling group with the specified name and attributes. // // If you exceed your maximum limit of Auto Scaling groups, the call fails. @@ -5600,6 +5603,9 @@ func (c *AutoScaling) UpdateAutoScalingGroupRequest(input *UpdateAutoScalingGrou // UpdateAutoScalingGroup API operation for Auto Scaling. // +// We strongly recommend that all Auto Scaling groups use launch templates to +// ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2. +// // Updates the configuration for the specified Auto Scaling group. // // To update an Auto Scaling group, specify the name of the group and the parameter @@ -6511,7 +6517,7 @@ type CreateAutoScalingGroupInput struct { // // Conditional: If your account supports EC2-Classic and VPC, this parameter // is required to launch instances into EC2-Classic. - AvailabilityZones []*string `min:"1" type:"list"` + AvailabilityZones []*string `type:"list"` // Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing // is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling @@ -6572,8 +6578,8 @@ type CreateAutoScalingGroupInput struct { // or InstanceId). LaunchConfigurationName *string `min:"1" type:"string"` - // Parameters used to specify the launch template (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) - // and version to use to launch instances. + // Parameters used to specify the launch template and version to use to launch + // instances. // // Conditional: You must specify either a launch template (LaunchTemplate or // MixedInstancesPolicy) or a launch configuration (LaunchConfigurationName @@ -6707,9 +6713,6 @@ func (s *CreateAutoScalingGroupInput) Validate() error { if s.AutoScalingGroupName != nil && len(*s.AutoScalingGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AutoScalingGroupName", 1)) } - if s.AvailabilityZones != nil && len(s.AvailabilityZones) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AvailabilityZones", 1)) - } if s.HealthCheckType != nil && len(*s.HealthCheckType) < 1 { invalidParams.Add(request.NewErrParamMinLen("HealthCheckType", 1)) } @@ -7092,9 +7095,12 @@ type CreateLaunchConfigurationInput struct { // running instances is higher than the current Spot price. SpotPrice *string `min:"1" type:"string"` - // The Base64-encoded user data to make available to the launched EC2 instances. - // For more information, see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) - // in the Amazon EC2 User Guide for Linux Instances. + // The user data to make available to the launched EC2 instances. For more information, + // see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // (Linux) and Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html) + // (Windows). If you are using a command line tool, base64-encoding is performed + // for you, and you can load the text from a file. Otherwise, you must provide + // base64-encoded text. User data is limited to 16 KB. UserData *string `type:"string"` } @@ -10354,7 +10360,7 @@ type Group struct { // One or more Availability Zones for the group. // // AvailabilityZones is a required field - AvailabilityZones []*string `min:"1" type:"list" required:"true"` + AvailabilityZones []*string `type:"list" required:"true"` // Indicates whether Capacity Rebalancing is enabled. CapacityRebalance *bool `type:"boolean"` @@ -10654,7 +10660,8 @@ type Instance struct { LaunchTemplate *LaunchTemplateSpecification `type:"structure"` // A description of the current lifecycle state. The Quarantined state is not - // used. + // used. For information about lifecycle states, see Instance lifecycle (https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroupLifecycle.html) + // in the Amazon EC2 Auto Scaling User Guide. // // LifecycleState is a required field LifecycleState *string `type:"string" required:"true" enum:"LifecycleState"` @@ -10773,7 +10780,13 @@ type InstanceDetails struct { // The launch template for the instance. LaunchTemplate *LaunchTemplateSpecification `type:"structure"` - // The lifecycle state for the instance. + // The lifecycle state for the instance. The Quarantined state is not used. + // For information about lifecycle states, see Instance lifecycle (https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroupLifecycle.html) + // in the Amazon EC2 Auto Scaling User Guide. + // + // Valid Values: Pending | Pending:Wait | Pending:Proceed | Quarantined | InService + // | Terminating | Terminating:Wait | Terminating:Proceed | Terminated | Detaching + // | Detached | EnteringStandby | Standby // // LifecycleState is a required field LifecycleState *string `min:"1" type:"string" required:"true"` @@ -10878,8 +10891,6 @@ type InstanceMetadataOptions struct { // larger the number, the further instance metadata requests can travel. // // Default: 1 - // - // Possible values: Integers from 1 to 64 HttpPutResponseHopLimit *int64 `min:"1" type:"integer"` // The state of token usage for your instance metadata requests. If the parameter @@ -11297,9 +11308,12 @@ type LaunchConfiguration struct { // in the Amazon EC2 Auto Scaling User Guide. SpotPrice *string `min:"1" type:"string"` - // The Base64-encoded user data to make available to the launched EC2 instances. - // For more information, see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) - // in the Amazon EC2 User Guide for Linux Instances. + // The user data to make available to the launched EC2 instances. For more information, + // see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // (Linux) and Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html) + // (Windows). If you are using a command line tool, base64-encoding is performed + // for you, and you can load the text from a file. Otherwise, you must provide + // base64-encoded text. User data is limited to 16 KB. UserData *string `type:"string"` } @@ -11501,8 +11515,10 @@ func (s *LaunchTemplate) SetOverrides(v []*LaunchTemplateOverrides) *LaunchTempl } // Describes an override for a launch template. The maximum number of instance -// types that can be associated with an Auto Scaling group is 20. For more information, -// see Configuring overrides (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-override-options.html) +// types that can be associated with an Auto Scaling group is 40. The maximum +// number of distinct launch templates you can define for an Auto Scaling group +// is 20. For more information about configuring overrides, see Configuring +// overrides (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-override-options.html) // in the Amazon EC2 Auto Scaling User Guide. type LaunchTemplateOverrides struct { _ struct{} `type:"structure"` @@ -11712,7 +11728,7 @@ type LifecycleHook struct { // The ARN of the target that Amazon EC2 Auto Scaling sends notifications to // when an instance is in the transition state for the lifecycle hook. The notification // target can be either an SQS queue or an SNS topic. - NotificationTargetARN *string `min:"1" type:"string"` + NotificationTargetARN *string `type:"string"` // The ARN of the IAM role that allows the Auto Scaling group to publish to // the specified notification target. @@ -14540,7 +14556,7 @@ type UpdateAutoScalingGroupInput struct { AutoScalingGroupName *string `min:"1" type:"string" required:"true"` // One or more Availability Zones for the group. - AvailabilityZones []*string `min:"1" type:"list"` + AvailabilityZones []*string `type:"list"` // Enables or disables Capacity Rebalancing. For more information, see Amazon // EC2 Auto Scaling Capacity Rebalancing (https://docs.aws.amazon.com/autoscaling/ec2/userguide/capacity-rebalance.html) @@ -14663,9 +14679,6 @@ func (s *UpdateAutoScalingGroupInput) Validate() error { if s.AutoScalingGroupName != nil && len(*s.AutoScalingGroupName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AutoScalingGroupName", 1)) } - if s.AvailabilityZones != nil && len(s.AvailabilityZones) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AvailabilityZones", 1)) - } if s.HealthCheckType != nil && len(*s.HealthCheckType) < 1 { invalidParams.Add(request.NewErrParamMinLen("HealthCheckType", 1)) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 6f0f6fbb1e..96e47192d8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -88,6 +88,80 @@ func (c *EC2) AcceptReservedInstancesExchangeQuoteWithContext(ctx aws.Context, i return out, req.Send() } +const opAcceptTransitGatewayMulticastDomainAssociations = "AcceptTransitGatewayMulticastDomainAssociations" + +// AcceptTransitGatewayMulticastDomainAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the AcceptTransitGatewayMulticastDomainAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AcceptTransitGatewayMulticastDomainAssociations for more information on using the AcceptTransitGatewayMulticastDomainAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AcceptTransitGatewayMulticastDomainAssociationsRequest method. +// req, resp := client.AcceptTransitGatewayMulticastDomainAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptTransitGatewayMulticastDomainAssociations +func (c *EC2) AcceptTransitGatewayMulticastDomainAssociationsRequest(input *AcceptTransitGatewayMulticastDomainAssociationsInput) (req *request.Request, output *AcceptTransitGatewayMulticastDomainAssociationsOutput) { + op := &request.Operation{ + Name: opAcceptTransitGatewayMulticastDomainAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AcceptTransitGatewayMulticastDomainAssociationsInput{} + } + + output = &AcceptTransitGatewayMulticastDomainAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// AcceptTransitGatewayMulticastDomainAssociations API operation for Amazon Elastic Compute Cloud. +// +// Accepts a request to associate subnets with a transit gateway multicast domain. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation AcceptTransitGatewayMulticastDomainAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/AcceptTransitGatewayMulticastDomainAssociations +func (c *EC2) AcceptTransitGatewayMulticastDomainAssociations(input *AcceptTransitGatewayMulticastDomainAssociationsInput) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.AcceptTransitGatewayMulticastDomainAssociationsRequest(input) + return out, req.Send() +} + +// AcceptTransitGatewayMulticastDomainAssociationsWithContext is the same as AcceptTransitGatewayMulticastDomainAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See AcceptTransitGatewayMulticastDomainAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) AcceptTransitGatewayMulticastDomainAssociationsWithContext(ctx aws.Context, input *AcceptTransitGatewayMulticastDomainAssociationsInput, opts ...request.Option) (*AcceptTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.AcceptTransitGatewayMulticastDomainAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAcceptTransitGatewayPeeringAttachment = "AcceptTransitGatewayPeeringAttachment" // AcceptTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the @@ -2941,7 +3015,7 @@ func (c *EC2) CancelReservedInstancesListingRequest(input *CancelReservedInstanc // Marketplace. // // For more information, see Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3509,7 +3583,7 @@ func (c *EC2) CreateCapacityReservationRequest(input *CreateCapacityReservationI // you ensure that you always have access to Amazon EC2 capacity when you need // it, for as long as you need it. For more information, see Capacity Reservations // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Your request to create a Capacity Reservation could fail if Amazon EC2 does // not have sufficient capacity to fulfill the request. If your request fails @@ -3522,8 +3596,8 @@ func (c *EC2) CreateCapacityReservationRequest(input *CreateCapacityReservationI // Instance limit for the selected instance type. If your request fails due // to limit constraints, increase your On-Demand Instance limit for the required // instance type and try again. For more information about increasing your instance -// limits, see Amazon EC2 Service Limits (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) -// in the Amazon Elastic Compute Cloud User Guide. +// limits, see Amazon EC2 Service Quotas (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html) +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4288,7 +4362,7 @@ func (c *EC2) CreateFleetRequest(input *CreateFleetInput) (req *request.Request, // that vary by instance type, AMI, Availability Zone, or subnet. // // For more information, see Launching an EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5448,6 +5522,84 @@ func (c *EC2) CreateNetworkAclEntryWithContext(ctx aws.Context, input *CreateNet return out, req.Send() } +const opCreateNetworkInsightsPath = "CreateNetworkInsightsPath" + +// CreateNetworkInsightsPathRequest generates a "aws/request.Request" representing the +// client's request for the CreateNetworkInsightsPath operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateNetworkInsightsPath for more information on using the CreateNetworkInsightsPath +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateNetworkInsightsPathRequest method. +// req, resp := client.CreateNetworkInsightsPathRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInsightsPath +func (c *EC2) CreateNetworkInsightsPathRequest(input *CreateNetworkInsightsPathInput) (req *request.Request, output *CreateNetworkInsightsPathOutput) { + op := &request.Operation{ + Name: opCreateNetworkInsightsPath, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateNetworkInsightsPathInput{} + } + + output = &CreateNetworkInsightsPathOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateNetworkInsightsPath API operation for Amazon Elastic Compute Cloud. +// +// Creates a path to analyze for reachability. +// +// Reachability Analyzer enables you to analyze and debug network reachability +// between two resources in your virtual private cloud (VPC). For more information, +// see What is Reachability Analyzer (https://docs.aws.amazon.com/vpc/latest/reachability/). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateNetworkInsightsPath for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateNetworkInsightsPath +func (c *EC2) CreateNetworkInsightsPath(input *CreateNetworkInsightsPathInput) (*CreateNetworkInsightsPathOutput, error) { + req, out := c.CreateNetworkInsightsPathRequest(input) + return out, req.Send() +} + +// CreateNetworkInsightsPathWithContext is the same as CreateNetworkInsightsPath with the addition of +// the ability to pass a context and additional request options. +// +// See CreateNetworkInsightsPath for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateNetworkInsightsPathWithContext(ctx aws.Context, input *CreateNetworkInsightsPathInput, opts ...request.Option) (*CreateNetworkInsightsPathOutput, error) { + req, out := c.CreateNetworkInsightsPathRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateNetworkInterface = "CreateNetworkInterface" // CreateNetworkInterfaceRequest generates a "aws/request.Request" representing the @@ -5659,7 +5811,7 @@ func (c *EC2) CreatePlacementGroupRequest(input *CreatePlacementGroupInput) (req // in another partition. // // For more information, see Placement groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5755,7 +5907,7 @@ func (c *EC2) CreateReservedInstancesListingRequest(input *CreateReservedInstanc // you can use the DescribeReservedInstancesListings operation. // // For more information, see Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6916,6 +7068,166 @@ func (c *EC2) CreateTransitGatewayWithContext(ctx aws.Context, input *CreateTran return out, req.Send() } +const opCreateTransitGatewayConnect = "CreateTransitGatewayConnect" + +// CreateTransitGatewayConnectRequest generates a "aws/request.Request" representing the +// client's request for the CreateTransitGatewayConnect operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTransitGatewayConnect for more information on using the CreateTransitGatewayConnect +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTransitGatewayConnectRequest method. +// req, resp := client.CreateTransitGatewayConnectRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayConnect +func (c *EC2) CreateTransitGatewayConnectRequest(input *CreateTransitGatewayConnectInput) (req *request.Request, output *CreateTransitGatewayConnectOutput) { + op := &request.Operation{ + Name: opCreateTransitGatewayConnect, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTransitGatewayConnectInput{} + } + + output = &CreateTransitGatewayConnectOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTransitGatewayConnect API operation for Amazon Elastic Compute Cloud. +// +// Creates a Connect attachment from a specified transit gateway attachment. +// A Connect attachment is a GRE-based tunnel attachment that you can use to +// establish a connection between a transit gateway and an appliance. +// +// A Connect attachment uses an existing VPC or AWS Direct Connect attachment +// as the underlying transport mechanism. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTransitGatewayConnect for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayConnect +func (c *EC2) CreateTransitGatewayConnect(input *CreateTransitGatewayConnectInput) (*CreateTransitGatewayConnectOutput, error) { + req, out := c.CreateTransitGatewayConnectRequest(input) + return out, req.Send() +} + +// CreateTransitGatewayConnectWithContext is the same as CreateTransitGatewayConnect with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTransitGatewayConnect for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTransitGatewayConnectWithContext(ctx aws.Context, input *CreateTransitGatewayConnectInput, opts ...request.Option) (*CreateTransitGatewayConnectOutput, error) { + req, out := c.CreateTransitGatewayConnectRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTransitGatewayConnectPeer = "CreateTransitGatewayConnectPeer" + +// CreateTransitGatewayConnectPeerRequest generates a "aws/request.Request" representing the +// client's request for the CreateTransitGatewayConnectPeer operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTransitGatewayConnectPeer for more information on using the CreateTransitGatewayConnectPeer +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTransitGatewayConnectPeerRequest method. +// req, resp := client.CreateTransitGatewayConnectPeerRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayConnectPeer +func (c *EC2) CreateTransitGatewayConnectPeerRequest(input *CreateTransitGatewayConnectPeerInput) (req *request.Request, output *CreateTransitGatewayConnectPeerOutput) { + op := &request.Operation{ + Name: opCreateTransitGatewayConnectPeer, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTransitGatewayConnectPeerInput{} + } + + output = &CreateTransitGatewayConnectPeerOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTransitGatewayConnectPeer API operation for Amazon Elastic Compute Cloud. +// +// Creates a Connect peer for a specified transit gateway Connect attachment +// between a transit gateway and an appliance. +// +// The peer address and transit gateway address must be the same IP address +// family (IPv4 or IPv6). +// +// For more information, see Connect peers (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-connect.html#tgw-connect-peer) +// in the Transit Gateways Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTransitGatewayConnectPeer for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTransitGatewayConnectPeer +func (c *EC2) CreateTransitGatewayConnectPeer(input *CreateTransitGatewayConnectPeerInput) (*CreateTransitGatewayConnectPeerOutput, error) { + req, out := c.CreateTransitGatewayConnectPeerRequest(input) + return out, req.Send() +} + +// CreateTransitGatewayConnectPeerWithContext is the same as CreateTransitGatewayConnectPeer with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTransitGatewayConnectPeer for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTransitGatewayConnectPeerWithContext(ctx aws.Context, input *CreateTransitGatewayConnectPeerInput, opts ...request.Option) (*CreateTransitGatewayConnectPeerOutput, error) { + req, out := c.CreateTransitGatewayConnectPeerRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateTransitGatewayMulticastDomain = "CreateTransitGatewayMulticastDomain" // CreateTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the @@ -8698,7 +9010,7 @@ func (c *EC2) DeleteFleetsRequest(input *DeleteFleetsInput) (req *request.Reques // instant fleets. // // For more information, see Deleting an EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html#delete-fleet) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9630,6 +9942,154 @@ func (c *EC2) DeleteNetworkAclEntryWithContext(ctx aws.Context, input *DeleteNet return out, req.Send() } +const opDeleteNetworkInsightsAnalysis = "DeleteNetworkInsightsAnalysis" + +// DeleteNetworkInsightsAnalysisRequest generates a "aws/request.Request" representing the +// client's request for the DeleteNetworkInsightsAnalysis operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteNetworkInsightsAnalysis for more information on using the DeleteNetworkInsightsAnalysis +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteNetworkInsightsAnalysisRequest method. +// req, resp := client.DeleteNetworkInsightsAnalysisRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInsightsAnalysis +func (c *EC2) DeleteNetworkInsightsAnalysisRequest(input *DeleteNetworkInsightsAnalysisInput) (req *request.Request, output *DeleteNetworkInsightsAnalysisOutput) { + op := &request.Operation{ + Name: opDeleteNetworkInsightsAnalysis, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteNetworkInsightsAnalysisInput{} + } + + output = &DeleteNetworkInsightsAnalysisOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteNetworkInsightsAnalysis API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified network insights analysis. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteNetworkInsightsAnalysis for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInsightsAnalysis +func (c *EC2) DeleteNetworkInsightsAnalysis(input *DeleteNetworkInsightsAnalysisInput) (*DeleteNetworkInsightsAnalysisOutput, error) { + req, out := c.DeleteNetworkInsightsAnalysisRequest(input) + return out, req.Send() +} + +// DeleteNetworkInsightsAnalysisWithContext is the same as DeleteNetworkInsightsAnalysis with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteNetworkInsightsAnalysis for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteNetworkInsightsAnalysisWithContext(ctx aws.Context, input *DeleteNetworkInsightsAnalysisInput, opts ...request.Option) (*DeleteNetworkInsightsAnalysisOutput, error) { + req, out := c.DeleteNetworkInsightsAnalysisRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteNetworkInsightsPath = "DeleteNetworkInsightsPath" + +// DeleteNetworkInsightsPathRequest generates a "aws/request.Request" representing the +// client's request for the DeleteNetworkInsightsPath operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteNetworkInsightsPath for more information on using the DeleteNetworkInsightsPath +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteNetworkInsightsPathRequest method. +// req, resp := client.DeleteNetworkInsightsPathRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInsightsPath +func (c *EC2) DeleteNetworkInsightsPathRequest(input *DeleteNetworkInsightsPathInput) (req *request.Request, output *DeleteNetworkInsightsPathOutput) { + op := &request.Operation{ + Name: opDeleteNetworkInsightsPath, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteNetworkInsightsPathInput{} + } + + output = &DeleteNetworkInsightsPathOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteNetworkInsightsPath API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified path. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteNetworkInsightsPath for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteNetworkInsightsPath +func (c *EC2) DeleteNetworkInsightsPath(input *DeleteNetworkInsightsPathInput) (*DeleteNetworkInsightsPathOutput, error) { + req, out := c.DeleteNetworkInsightsPathRequest(input) + return out, req.Send() +} + +// DeleteNetworkInsightsPathWithContext is the same as DeleteNetworkInsightsPath with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteNetworkInsightsPath for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteNetworkInsightsPathWithContext(ctx aws.Context, input *DeleteNetworkInsightsPathInput, opts ...request.Option) (*DeleteNetworkInsightsPathOutput, error) { + req, out := c.DeleteNetworkInsightsPathRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteNetworkInterface = "DeleteNetworkInterface" // DeleteNetworkInterfaceRequest generates a "aws/request.Request" representing the @@ -9831,7 +10291,7 @@ func (c *EC2) DeletePlacementGroupRequest(input *DeletePlacementGroupInput) (req // Deletes the specified placement group. You must terminate all instances in // the placement group before you can delete the placement group. For more information, // see Placement groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10861,6 +11321,155 @@ func (c *EC2) DeleteTransitGatewayWithContext(ctx aws.Context, input *DeleteTran return out, req.Send() } +const opDeleteTransitGatewayConnect = "DeleteTransitGatewayConnect" + +// DeleteTransitGatewayConnectRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTransitGatewayConnect operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTransitGatewayConnect for more information on using the DeleteTransitGatewayConnect +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTransitGatewayConnectRequest method. +// req, resp := client.DeleteTransitGatewayConnectRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayConnect +func (c *EC2) DeleteTransitGatewayConnectRequest(input *DeleteTransitGatewayConnectInput) (req *request.Request, output *DeleteTransitGatewayConnectOutput) { + op := &request.Operation{ + Name: opDeleteTransitGatewayConnect, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTransitGatewayConnectInput{} + } + + output = &DeleteTransitGatewayConnectOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTransitGatewayConnect API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Connect attachment. You must first delete any Connect +// peers for the attachment. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTransitGatewayConnect for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayConnect +func (c *EC2) DeleteTransitGatewayConnect(input *DeleteTransitGatewayConnectInput) (*DeleteTransitGatewayConnectOutput, error) { + req, out := c.DeleteTransitGatewayConnectRequest(input) + return out, req.Send() +} + +// DeleteTransitGatewayConnectWithContext is the same as DeleteTransitGatewayConnect with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTransitGatewayConnect for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTransitGatewayConnectWithContext(ctx aws.Context, input *DeleteTransitGatewayConnectInput, opts ...request.Option) (*DeleteTransitGatewayConnectOutput, error) { + req, out := c.DeleteTransitGatewayConnectRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTransitGatewayConnectPeer = "DeleteTransitGatewayConnectPeer" + +// DeleteTransitGatewayConnectPeerRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTransitGatewayConnectPeer operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTransitGatewayConnectPeer for more information on using the DeleteTransitGatewayConnectPeer +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTransitGatewayConnectPeerRequest method. +// req, resp := client.DeleteTransitGatewayConnectPeerRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayConnectPeer +func (c *EC2) DeleteTransitGatewayConnectPeerRequest(input *DeleteTransitGatewayConnectPeerInput) (req *request.Request, output *DeleteTransitGatewayConnectPeerOutput) { + op := &request.Operation{ + Name: opDeleteTransitGatewayConnectPeer, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTransitGatewayConnectPeerInput{} + } + + output = &DeleteTransitGatewayConnectPeerOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTransitGatewayConnectPeer API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Connect peer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTransitGatewayConnectPeer for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTransitGatewayConnectPeer +func (c *EC2) DeleteTransitGatewayConnectPeer(input *DeleteTransitGatewayConnectPeerInput) (*DeleteTransitGatewayConnectPeerOutput, error) { + req, out := c.DeleteTransitGatewayConnectPeerRequest(input) + return out, req.Send() +} + +// DeleteTransitGatewayConnectPeerWithContext is the same as DeleteTransitGatewayConnectPeer with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTransitGatewayConnectPeer for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTransitGatewayConnectPeerWithContext(ctx aws.Context, input *DeleteTransitGatewayConnectPeerInput, opts ...request.Option) (*DeleteTransitGatewayConnectPeerOutput, error) { + req, out := c.DeleteTransitGatewayConnectPeerRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTransitGatewayMulticastDomain = "DeleteTransitGatewayMulticastDomain" // DeleteTransitGatewayMulticastDomainRequest generates a "aws/request.Request" representing the @@ -15043,6 +15652,9 @@ func (c *EC2) DescribeFleetHistoryRequest(input *DescribeFleetHistoryInput) (req // This ensures that you can query by the last evaluated time and not miss a // recorded event. EC2 Fleet events are available for 48 hours. // +// For more information, see Monitoring your EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html#monitor-ec2-fleet) +// in the Amazon EC2 User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -15117,6 +15729,9 @@ func (c *EC2) DescribeFleetInstancesRequest(input *DescribeFleetInstancesInput) // // Describes the running instances for the specified EC2 Fleet. // +// For more information, see Monitoring your EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html#monitor-ec2-fleet) +// in the Amazon EC2 User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -15197,6 +15812,9 @@ func (c *EC2) DescribeFleetsRequest(input *DescribeFleetsInput) (req *request.Re // // Describes the specified EC2 Fleets or all of your EC2 Fleets. // +// For more information, see Monitoring your EC2 Fleet (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet.html#monitor-ec2-fleet) +// in the Amazon EC2 User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -15676,8 +16294,8 @@ func (c *EC2) DescribeHostReservationOfferingsRequest(input *DescribeHostReserva // Hosts. When purchasing an offering, ensure that the instance family and Region // of the offering matches that of the Dedicated Hosts with which it is to be // associated. For more information about supported instance types, see Dedicated -// Hosts Overview (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) -// in the Amazon Elastic Compute Cloud User Guide. +// Hosts (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16916,7 +17534,7 @@ func (c *EC2) DescribeInstanceCreditSpecificationsRequest(input *DescribeInstanc // the call works normally. // // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17133,18 +17751,18 @@ func (c *EC2) DescribeInstanceStatusRequest(input *DescribeInstanceStatusInput) // to identify hardware and software issues. For more information, see Status // checks for your instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html) // and Troubleshooting instances with failed status checks (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // * Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, // or terminate) for your instances related to hardware issues, software // updates, or system maintenance. For more information, see Scheduled events // for your instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // * Instance state - You can manage your instances from the moment you launch // them through their termination. For more information, see Instance lifecycle // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -19583,6 +20201,270 @@ func (c *EC2) DescribeNetworkAclsPagesWithContext(ctx aws.Context, input *Descri return p.Err() } +const opDescribeNetworkInsightsAnalyses = "DescribeNetworkInsightsAnalyses" + +// DescribeNetworkInsightsAnalysesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeNetworkInsightsAnalyses operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeNetworkInsightsAnalyses for more information on using the DescribeNetworkInsightsAnalyses +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeNetworkInsightsAnalysesRequest method. +// req, resp := client.DescribeNetworkInsightsAnalysesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInsightsAnalyses +func (c *EC2) DescribeNetworkInsightsAnalysesRequest(input *DescribeNetworkInsightsAnalysesInput) (req *request.Request, output *DescribeNetworkInsightsAnalysesOutput) { + op := &request.Operation{ + Name: opDescribeNetworkInsightsAnalyses, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeNetworkInsightsAnalysesInput{} + } + + output = &DescribeNetworkInsightsAnalysesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeNetworkInsightsAnalyses API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more of your network insights analyses. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeNetworkInsightsAnalyses for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInsightsAnalyses +func (c *EC2) DescribeNetworkInsightsAnalyses(input *DescribeNetworkInsightsAnalysesInput) (*DescribeNetworkInsightsAnalysesOutput, error) { + req, out := c.DescribeNetworkInsightsAnalysesRequest(input) + return out, req.Send() +} + +// DescribeNetworkInsightsAnalysesWithContext is the same as DescribeNetworkInsightsAnalyses with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeNetworkInsightsAnalyses for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeNetworkInsightsAnalysesWithContext(ctx aws.Context, input *DescribeNetworkInsightsAnalysesInput, opts ...request.Option) (*DescribeNetworkInsightsAnalysesOutput, error) { + req, out := c.DescribeNetworkInsightsAnalysesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeNetworkInsightsAnalysesPages iterates over the pages of a DescribeNetworkInsightsAnalyses operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeNetworkInsightsAnalyses method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeNetworkInsightsAnalyses operation. +// pageNum := 0 +// err := client.DescribeNetworkInsightsAnalysesPages(params, +// func(page *ec2.DescribeNetworkInsightsAnalysesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeNetworkInsightsAnalysesPages(input *DescribeNetworkInsightsAnalysesInput, fn func(*DescribeNetworkInsightsAnalysesOutput, bool) bool) error { + return c.DescribeNetworkInsightsAnalysesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeNetworkInsightsAnalysesPagesWithContext same as DescribeNetworkInsightsAnalysesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeNetworkInsightsAnalysesPagesWithContext(ctx aws.Context, input *DescribeNetworkInsightsAnalysesInput, fn func(*DescribeNetworkInsightsAnalysesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeNetworkInsightsAnalysesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeNetworkInsightsAnalysesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeNetworkInsightsAnalysesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeNetworkInsightsPaths = "DescribeNetworkInsightsPaths" + +// DescribeNetworkInsightsPathsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeNetworkInsightsPaths operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeNetworkInsightsPaths for more information on using the DescribeNetworkInsightsPaths +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeNetworkInsightsPathsRequest method. +// req, resp := client.DescribeNetworkInsightsPathsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInsightsPaths +func (c *EC2) DescribeNetworkInsightsPathsRequest(input *DescribeNetworkInsightsPathsInput) (req *request.Request, output *DescribeNetworkInsightsPathsOutput) { + op := &request.Operation{ + Name: opDescribeNetworkInsightsPaths, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeNetworkInsightsPathsInput{} + } + + output = &DescribeNetworkInsightsPathsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeNetworkInsightsPaths API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more of your paths. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeNetworkInsightsPaths for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeNetworkInsightsPaths +func (c *EC2) DescribeNetworkInsightsPaths(input *DescribeNetworkInsightsPathsInput) (*DescribeNetworkInsightsPathsOutput, error) { + req, out := c.DescribeNetworkInsightsPathsRequest(input) + return out, req.Send() +} + +// DescribeNetworkInsightsPathsWithContext is the same as DescribeNetworkInsightsPaths with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeNetworkInsightsPaths for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeNetworkInsightsPathsWithContext(ctx aws.Context, input *DescribeNetworkInsightsPathsInput, opts ...request.Option) (*DescribeNetworkInsightsPathsOutput, error) { + req, out := c.DescribeNetworkInsightsPathsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeNetworkInsightsPathsPages iterates over the pages of a DescribeNetworkInsightsPaths operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeNetworkInsightsPaths method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeNetworkInsightsPaths operation. +// pageNum := 0 +// err := client.DescribeNetworkInsightsPathsPages(params, +// func(page *ec2.DescribeNetworkInsightsPathsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeNetworkInsightsPathsPages(input *DescribeNetworkInsightsPathsInput, fn func(*DescribeNetworkInsightsPathsOutput, bool) bool) error { + return c.DescribeNetworkInsightsPathsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeNetworkInsightsPathsPagesWithContext same as DescribeNetworkInsightsPathsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeNetworkInsightsPathsPagesWithContext(ctx aws.Context, input *DescribeNetworkInsightsPathsInput, fn func(*DescribeNetworkInsightsPathsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeNetworkInsightsPathsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeNetworkInsightsPathsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeNetworkInsightsPathsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeNetworkInterfaceAttribute = "DescribeNetworkInterfaceAttribute" // DescribeNetworkInterfaceAttributeRequest generates a "aws/request.Request" representing the @@ -19968,7 +20850,7 @@ func (c *EC2) DescribePlacementGroupsRequest(input *DescribePlacementGroupsInput // // Describes the specified placement groups or all of your placement groups. // For more information, see Placement groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20540,7 +21422,7 @@ func (c *EC2) DescribeReservedInstancesRequest(input *DescribeReservedInstancesI // Describes one or more of the Reserved Instances that you purchased. // // For more information about Reserved Instances, see Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20635,7 +21517,7 @@ func (c *EC2) DescribeReservedInstancesListingsRequest(input *DescribeReservedIn // that you purchase. // // For more information, see Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20721,7 +21603,7 @@ func (c *EC2) DescribeReservedInstancesModificationsRequest(input *DescribeReser // about the specific modification is returned. // // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -20864,7 +21746,7 @@ func (c *EC2) DescribeReservedInstancesOfferingsRequest(input *DescribeReservedI // that you do not purchase your own Reserved Instances. // // For more information, see Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -23419,6 +24301,270 @@ func (c *EC2) DescribeTransitGatewayAttachmentsPagesWithContext(ctx aws.Context, return p.Err() } +const opDescribeTransitGatewayConnectPeers = "DescribeTransitGatewayConnectPeers" + +// DescribeTransitGatewayConnectPeersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTransitGatewayConnectPeers operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTransitGatewayConnectPeers for more information on using the DescribeTransitGatewayConnectPeers +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTransitGatewayConnectPeersRequest method. +// req, resp := client.DescribeTransitGatewayConnectPeersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayConnectPeers +func (c *EC2) DescribeTransitGatewayConnectPeersRequest(input *DescribeTransitGatewayConnectPeersInput) (req *request.Request, output *DescribeTransitGatewayConnectPeersOutput) { + op := &request.Operation{ + Name: opDescribeTransitGatewayConnectPeers, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTransitGatewayConnectPeersInput{} + } + + output = &DescribeTransitGatewayConnectPeersOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTransitGatewayConnectPeers API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more Connect peers. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTransitGatewayConnectPeers for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayConnectPeers +func (c *EC2) DescribeTransitGatewayConnectPeers(input *DescribeTransitGatewayConnectPeersInput) (*DescribeTransitGatewayConnectPeersOutput, error) { + req, out := c.DescribeTransitGatewayConnectPeersRequest(input) + return out, req.Send() +} + +// DescribeTransitGatewayConnectPeersWithContext is the same as DescribeTransitGatewayConnectPeers with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTransitGatewayConnectPeers for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayConnectPeersWithContext(ctx aws.Context, input *DescribeTransitGatewayConnectPeersInput, opts ...request.Option) (*DescribeTransitGatewayConnectPeersOutput, error) { + req, out := c.DescribeTransitGatewayConnectPeersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTransitGatewayConnectPeersPages iterates over the pages of a DescribeTransitGatewayConnectPeers operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTransitGatewayConnectPeers method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTransitGatewayConnectPeers operation. +// pageNum := 0 +// err := client.DescribeTransitGatewayConnectPeersPages(params, +// func(page *ec2.DescribeTransitGatewayConnectPeersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTransitGatewayConnectPeersPages(input *DescribeTransitGatewayConnectPeersInput, fn func(*DescribeTransitGatewayConnectPeersOutput, bool) bool) error { + return c.DescribeTransitGatewayConnectPeersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTransitGatewayConnectPeersPagesWithContext same as DescribeTransitGatewayConnectPeersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayConnectPeersPagesWithContext(ctx aws.Context, input *DescribeTransitGatewayConnectPeersInput, fn func(*DescribeTransitGatewayConnectPeersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTransitGatewayConnectPeersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTransitGatewayConnectPeersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTransitGatewayConnectPeersOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opDescribeTransitGatewayConnects = "DescribeTransitGatewayConnects" + +// DescribeTransitGatewayConnectsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTransitGatewayConnects operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTransitGatewayConnects for more information on using the DescribeTransitGatewayConnects +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTransitGatewayConnectsRequest method. +// req, resp := client.DescribeTransitGatewayConnectsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayConnects +func (c *EC2) DescribeTransitGatewayConnectsRequest(input *DescribeTransitGatewayConnectsInput) (req *request.Request, output *DescribeTransitGatewayConnectsOutput) { + op := &request.Operation{ + Name: opDescribeTransitGatewayConnects, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTransitGatewayConnectsInput{} + } + + output = &DescribeTransitGatewayConnectsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTransitGatewayConnects API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more Connect attachments. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTransitGatewayConnects for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTransitGatewayConnects +func (c *EC2) DescribeTransitGatewayConnects(input *DescribeTransitGatewayConnectsInput) (*DescribeTransitGatewayConnectsOutput, error) { + req, out := c.DescribeTransitGatewayConnectsRequest(input) + return out, req.Send() +} + +// DescribeTransitGatewayConnectsWithContext is the same as DescribeTransitGatewayConnects with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTransitGatewayConnects for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayConnectsWithContext(ctx aws.Context, input *DescribeTransitGatewayConnectsInput, opts ...request.Option) (*DescribeTransitGatewayConnectsOutput, error) { + req, out := c.DescribeTransitGatewayConnectsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTransitGatewayConnectsPages iterates over the pages of a DescribeTransitGatewayConnects operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTransitGatewayConnects method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTransitGatewayConnects operation. +// pageNum := 0 +// err := client.DescribeTransitGatewayConnectsPages(params, +// func(page *ec2.DescribeTransitGatewayConnectsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTransitGatewayConnectsPages(input *DescribeTransitGatewayConnectsInput, fn func(*DescribeTransitGatewayConnectsOutput, bool) bool) error { + return c.DescribeTransitGatewayConnectsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTransitGatewayConnectsPagesWithContext same as DescribeTransitGatewayConnectsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTransitGatewayConnectsPagesWithContext(ctx aws.Context, input *DescribeTransitGatewayConnectsInput, fn func(*DescribeTransitGatewayConnectsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTransitGatewayConnectsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTransitGatewayConnectsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeTransitGatewayConnectsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeTransitGatewayMulticastDomains = "DescribeTransitGatewayMulticastDomains" // DescribeTransitGatewayMulticastDomainsRequest generates a "aws/request.Request" representing the @@ -28921,8 +30067,8 @@ func (c *EC2) GetConsoleOutputRequest(input *GetConsoleOutputInput) (req *reques // during the instance lifecycle. This option is supported on instance types // that use the Nitro hypervisor. // -// For more information, see Instance Console Output (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output) -// in the Amazon Elastic Compute Cloud User Guide. +// For more information, see Instance console output (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html#instance-console-console-output) +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29076,7 +30222,7 @@ func (c *EC2) GetDefaultCreditSpecificationRequest(input *GetDefaultCreditSpecif // instance family. // // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29870,7 +31016,7 @@ func (c *EC2) GetPasswordDataRequest(input *GetPasswordDataInput) (req *request. // scripts (Windows Server 2016 and later). This usually only happens the first // time an instance is launched. For more information, see EC2Config (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/UsingConfig_WinAMI.html) // and EC2Launch (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For the EC2Config service, the password is not generated for rebundled AMIs // unless Ec2SetPassword is enabled before bundling. @@ -31411,7 +32557,7 @@ func (c *EC2) ModifyDefaultCreditSpecificationRequest(input *ModifyDefaultCredit // for updates. // // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32123,7 +33269,7 @@ func (c *EC2) ModifyInstanceAttributeRequest(input *ModifyInstanceAttributeInput // // To modify some attributes, the instance must be stopped. For more information, // see Modifying attributes of a stopped instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32278,7 +33424,7 @@ func (c *EC2) ModifyInstanceCreditSpecificationRequest(input *ModifyInstanceCred // performance instance. The credit options are standard and unlimited. // // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32432,7 +33578,8 @@ func (c *EC2) ModifyInstanceMetadataOptionsRequest(input *ModifyInstanceMetadata // the API responds with a state of “pending”. After the parameter modifications // are successfully applied to the instance, the state of the modifications // changes from “pending” to “applied” in subsequent describe-instances -// API calls. For more information, see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). +// API calls. For more information, see Instance metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -32840,7 +33987,7 @@ func (c *EC2) ModifyReservedInstancesRequest(input *ModifyReservedInstancesInput // network platform, and instance type. // // For more information, see Modifying Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-modifying.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -34747,7 +35894,7 @@ func (c *EC2) MonitorInstancesRequest(input *MonitorInstancesInput) (req *reques // Enables detailed monitoring for a running instance. Otherwise, basic monitoring // is enabled. For more information, see Monitoring your instances and volumes // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // To disable detailed monitoring, see . // @@ -35083,7 +36230,7 @@ func (c *EC2) PurchaseReservedInstancesOfferingRequest(input *PurchaseReservedIn // // For more information, see Reserved Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts-on-demand-reserved-instances.html) // and Reserved Instance Marketplace (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35251,7 +36398,7 @@ func (c *EC2) RebootInstancesRequest(input *RebootInstancesInput) (req *request. // // For more information about troubleshooting, see Getting console output and // rebooting instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -35638,6 +36785,81 @@ func (c *EC2) RegisterTransitGatewayMulticastGroupSourcesWithContext(ctx aws.Con return out, req.Send() } +const opRejectTransitGatewayMulticastDomainAssociations = "RejectTransitGatewayMulticastDomainAssociations" + +// RejectTransitGatewayMulticastDomainAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the RejectTransitGatewayMulticastDomainAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RejectTransitGatewayMulticastDomainAssociations for more information on using the RejectTransitGatewayMulticastDomainAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the RejectTransitGatewayMulticastDomainAssociationsRequest method. +// req, resp := client.RejectTransitGatewayMulticastDomainAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectTransitGatewayMulticastDomainAssociations +func (c *EC2) RejectTransitGatewayMulticastDomainAssociationsRequest(input *RejectTransitGatewayMulticastDomainAssociationsInput) (req *request.Request, output *RejectTransitGatewayMulticastDomainAssociationsOutput) { + op := &request.Operation{ + Name: opRejectTransitGatewayMulticastDomainAssociations, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RejectTransitGatewayMulticastDomainAssociationsInput{} + } + + output = &RejectTransitGatewayMulticastDomainAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// RejectTransitGatewayMulticastDomainAssociations API operation for Amazon Elastic Compute Cloud. +// +// Rejects a request to associate cross-account subnets with a transit gateway +// multicast domain. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation RejectTransitGatewayMulticastDomainAssociations for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/RejectTransitGatewayMulticastDomainAssociations +func (c *EC2) RejectTransitGatewayMulticastDomainAssociations(input *RejectTransitGatewayMulticastDomainAssociationsInput) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.RejectTransitGatewayMulticastDomainAssociationsRequest(input) + return out, req.Send() +} + +// RejectTransitGatewayMulticastDomainAssociationsWithContext is the same as RejectTransitGatewayMulticastDomainAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See RejectTransitGatewayMulticastDomainAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) RejectTransitGatewayMulticastDomainAssociationsWithContext(ctx aws.Context, input *RejectTransitGatewayMulticastDomainAssociationsInput, opts ...request.Option) (*RejectTransitGatewayMulticastDomainAssociationsOutput, error) { + req, out := c.RejectTransitGatewayMulticastDomainAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRejectTransitGatewayPeeringAttachment = "RejectTransitGatewayPeeringAttachment" // RejectTransitGatewayPeeringAttachmentRequest generates a "aws/request.Request" representing the @@ -37132,7 +38354,7 @@ func (c *EC2) ResetInstanceAttributeRequest(input *ResetInstanceAttributeInput) // is enabled. The default value is true, which means checking is enabled. This // value must be false for a NAT instance to perform NAT. For more information, // see NAT Instances (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) -// in the Amazon Virtual Private Cloud User Guide. +// in the Amazon VPC User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37819,13 +39041,11 @@ func (c *EC2) RunInstancesRequest(input *RunInstancesInput) (req *request.Reques // Linux instances have access to the public key of the key pair at boot. You // can use this key to provide secure access to the instance. Amazon EC2 public // images use this feature to provide secure access without passwords. For more -// information, see Key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) -// in the Amazon Elastic Compute Cloud User Guide. +// information, see Key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). // // For troubleshooting, see What to do if an instance immediately terminates // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html), -// and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html) -// in the Amazon Elastic Compute Cloud User Guide. +// and Troubleshooting connecting to your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -37909,7 +39129,7 @@ func (c *EC2) RunScheduledInstancesRequest(input *RunScheduledInstancesInput) (r // If you terminate a Scheduled Instance before the current scheduled time period // ends, you can launch it again after a few minutes. For more information, // see Scheduled Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -38436,7 +39656,7 @@ func (c *EC2) StartInstancesRequest(input *StartInstancesInput) (req *request.Re // root device returns an error. // // For more information, see Stopping instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -38466,6 +39686,81 @@ func (c *EC2) StartInstancesWithContext(ctx aws.Context, input *StartInstancesIn return out, req.Send() } +const opStartNetworkInsightsAnalysis = "StartNetworkInsightsAnalysis" + +// StartNetworkInsightsAnalysisRequest generates a "aws/request.Request" representing the +// client's request for the StartNetworkInsightsAnalysis operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartNetworkInsightsAnalysis for more information on using the StartNetworkInsightsAnalysis +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the StartNetworkInsightsAnalysisRequest method. +// req, resp := client.StartNetworkInsightsAnalysisRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartNetworkInsightsAnalysis +func (c *EC2) StartNetworkInsightsAnalysisRequest(input *StartNetworkInsightsAnalysisInput) (req *request.Request, output *StartNetworkInsightsAnalysisOutput) { + op := &request.Operation{ + Name: opStartNetworkInsightsAnalysis, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartNetworkInsightsAnalysisInput{} + } + + output = &StartNetworkInsightsAnalysisOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartNetworkInsightsAnalysis API operation for Amazon Elastic Compute Cloud. +// +// Starts analyzing the specified path. If the path is reachable, the operation +// returns the shortest feasible path. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation StartNetworkInsightsAnalysis for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/StartNetworkInsightsAnalysis +func (c *EC2) StartNetworkInsightsAnalysis(input *StartNetworkInsightsAnalysisInput) (*StartNetworkInsightsAnalysisOutput, error) { + req, out := c.StartNetworkInsightsAnalysisRequest(input) + return out, req.Send() +} + +// StartNetworkInsightsAnalysisWithContext is the same as StartNetworkInsightsAnalysis with the addition of +// the ability to pass a context and additional request options. +// +// See StartNetworkInsightsAnalysis for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) StartNetworkInsightsAnalysisWithContext(ctx aws.Context, input *StartNetworkInsightsAnalysisInput, opts ...request.Option) (*StartNetworkInsightsAnalysisOutput, error) { + req, out := c.StartNetworkInsightsAnalysisRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opStartVpcEndpointServicePrivateDnsVerification = "StartVpcEndpointServicePrivateDnsVerification" // StartVpcEndpointServicePrivateDnsVerificationRequest generates a "aws/request.Request" representing the @@ -38599,7 +39894,7 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // for hibernation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation) // and it meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // We don't charge usage for a stopped instance, or data transfer fees; however, // your root partition Amazon EBS volume remains and continues to persist your @@ -38615,7 +39910,7 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // the Stop action to hibernate Spot Instances, but you can specify that Amazon // EC2 should hibernate Spot Instances when they are interrupted. For more information, // see Hibernating interrupted Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // When you stop or hibernate an instance, we shut it down. You can restart // your instance at any time. Before stopping or hibernating an instance, make @@ -38631,13 +39926,13 @@ func (c *EC2) StopInstancesRequest(input *StopInstancesInput) (req *request.Requ // launch are automatically deleted. For more information about the differences // between rebooting, stopping, hibernating, and terminating instances, see // Instance lifecycle (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // When you stop an instance, we attempt to shut it down forcibly after a short // while. If your instance appears stuck in the stopping state after a period // of time, there may be an issue with the underlying host computer. For more // information, see Troubleshooting stopping your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -38807,11 +40102,11 @@ func (c *EC2) TerminateInstancesRequest(input *TerminateInstancesInput) (req *re // device mapping parameter set to true are automatically deleted. For more // information about the differences between stopping and terminating instances, // see Instance lifecycle (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // For more information about troubleshooting, see Troubleshooting terminating // your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesShuttingDown.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -39036,7 +40331,7 @@ func (c *EC2) UnmonitorInstancesRequest(input *UnmonitorInstancesInput) (req *re // // Disables detailed monitoring for a running instance. For more information, // see Monitoring your instances and volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -39402,6 +40697,82 @@ func (s *AcceptReservedInstancesExchangeQuoteOutput) SetExchangeId(v string) *Ac return s } +type AcceptTransitGatewayMulticastDomainAssociationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of the subnets to associate with the transit gateway multicast domain. + SubnetIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway attachment. + TransitGatewayAttachmentId *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s AcceptTransitGatewayMulticastDomainAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptTransitGatewayMulticastDomainAssociationsInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetDryRun(v bool) *AcceptTransitGatewayMulticastDomainAssociationsInput { + s.DryRun = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetSubnetIds(v []*string) *AcceptTransitGatewayMulticastDomainAssociationsInput { + s.SubnetIds = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetTransitGatewayAttachmentId(v string) *AcceptTransitGatewayMulticastDomainAssociationsInput { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *AcceptTransitGatewayMulticastDomainAssociationsInput) SetTransitGatewayMulticastDomainId(v string) *AcceptTransitGatewayMulticastDomainAssociationsInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type AcceptTransitGatewayMulticastDomainAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Describes the multicast domain associations. + Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` +} + +// String returns the string representation +func (s AcceptTransitGatewayMulticastDomainAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptTransitGatewayMulticastDomainAssociationsOutput) GoString() string { + return s.String() +} + +// SetAssociations sets the Associations field's value. +func (s *AcceptTransitGatewayMulticastDomainAssociationsOutput) SetAssociations(v *TransitGatewayMulticastDomainAssociations) *AcceptTransitGatewayMulticastDomainAssociationsOutput { + s.Associations = v + return s +} + type AcceptTransitGatewayPeeringAttachmentInput struct { _ struct{} `type:"structure"` @@ -40115,6 +41486,9 @@ type AllocateAddressInput struct { // EC2 select an address from the address pool. To specify a specific address // from the address pool, use the Address parameter instead. PublicIpv4Pool *string `type:"string"` + + // The tags to assign to the Elastic IP address. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } // String returns the string representation @@ -40163,6 +41537,12 @@ func (s *AllocateAddressInput) SetPublicIpv4Pool(v string) *AllocateAddressInput return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AllocateAddressInput) SetTagSpecifications(v []*TagSpecification) *AllocateAddressInput { + s.TagSpecifications = v + return s +} + type AllocateAddressOutput struct { _ struct{} `type:"structure"` @@ -40259,8 +41639,8 @@ type AllocateHostsInput struct { // Indicates whether the host accepts any untargeted instance launches that // match its instance type configuration, or if it only accepts Host tenancy // instance launches that specify its unique host ID. For more information, - // see Understanding Instance Placement and Host Affinity (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html#dedicated-hosts-understanding) - // in the Amazon EC2 User Guide for Linux Instances. + // see Understanding auto-placement and affinity (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html#dedicated-hosts-understanding) + // in the Amazon EC2 User Guide. // // Default: on AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` @@ -40271,13 +41651,13 @@ type AllocateHostsInput struct { AvailabilityZone *string `locationName:"availabilityZone" type:"string" required:"true"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` // Indicates whether to enable or disable host recovery for the Dedicated Host. - // Host recovery is disabled by default. For more information, see Host Recovery + // Host recovery is disabled by default. For more information, see Host recovery // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // Default: off HostRecovery *string `type:"string" enum:"HostRecovery"` @@ -40441,6 +41821,472 @@ func (s *AllowedPrincipal) SetPrincipalType(v string) *AllowedPrincipal { return s } +// Describes an potential intermediate component of a feasible path. +type AlternatePathHint struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the component. + ComponentArn *string `locationName:"componentArn" type:"string"` + + // The ID of the component. + ComponentId *string `locationName:"componentId" type:"string"` +} + +// String returns the string representation +func (s AlternatePathHint) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AlternatePathHint) GoString() string { + return s.String() +} + +// SetComponentArn sets the ComponentArn field's value. +func (s *AlternatePathHint) SetComponentArn(v string) *AlternatePathHint { + s.ComponentArn = &v + return s +} + +// SetComponentId sets the ComponentId field's value. +func (s *AlternatePathHint) SetComponentId(v string) *AlternatePathHint { + s.ComponentId = &v + return s +} + +// Describes a network access control (ACL) rule. +type AnalysisAclRule struct { + _ struct{} `type:"structure"` + + // The IPv4 address range, in CIDR notation. + Cidr *string `locationName:"cidr" type:"string"` + + // Indicates whether the rule is an outbound rule. + Egress *bool `locationName:"egress" type:"boolean"` + + // The range of ports. + PortRange *PortRange `locationName:"portRange" type:"structure"` + + // The protocol. + Protocol *string `locationName:"protocol" type:"string"` + + // Indicates whether to allow or deny traffic that matches the rule. + RuleAction *string `locationName:"ruleAction" type:"string"` + + // The rule number. + RuleNumber *int64 `locationName:"ruleNumber" type:"integer"` +} + +// String returns the string representation +func (s AnalysisAclRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisAclRule) GoString() string { + return s.String() +} + +// SetCidr sets the Cidr field's value. +func (s *AnalysisAclRule) SetCidr(v string) *AnalysisAclRule { + s.Cidr = &v + return s +} + +// SetEgress sets the Egress field's value. +func (s *AnalysisAclRule) SetEgress(v bool) *AnalysisAclRule { + s.Egress = &v + return s +} + +// SetPortRange sets the PortRange field's value. +func (s *AnalysisAclRule) SetPortRange(v *PortRange) *AnalysisAclRule { + s.PortRange = v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *AnalysisAclRule) SetProtocol(v string) *AnalysisAclRule { + s.Protocol = &v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *AnalysisAclRule) SetRuleAction(v string) *AnalysisAclRule { + s.RuleAction = &v + return s +} + +// SetRuleNumber sets the RuleNumber field's value. +func (s *AnalysisAclRule) SetRuleNumber(v int64) *AnalysisAclRule { + s.RuleNumber = &v + return s +} + +// Describes a path component. +type AnalysisComponent struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the component. + Arn *string `locationName:"arn" type:"string"` + + // The ID of the component. + Id *string `locationName:"id" type:"string"` +} + +// String returns the string representation +func (s AnalysisComponent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisComponent) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *AnalysisComponent) SetArn(v string) *AnalysisComponent { + s.Arn = &v + return s +} + +// SetId sets the Id field's value. +func (s *AnalysisComponent) SetId(v string) *AnalysisComponent { + s.Id = &v + return s +} + +// Describes a load balancer listener. +type AnalysisLoadBalancerListener struct { + _ struct{} `type:"structure"` + + // [Classic Load Balancers] The back-end port for the listener. + InstancePort *int64 `locationName:"instancePort" min:"1" type:"integer"` + + // The port on which the load balancer is listening. + LoadBalancerPort *int64 `locationName:"loadBalancerPort" min:"1" type:"integer"` +} + +// String returns the string representation +func (s AnalysisLoadBalancerListener) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisLoadBalancerListener) GoString() string { + return s.String() +} + +// SetInstancePort sets the InstancePort field's value. +func (s *AnalysisLoadBalancerListener) SetInstancePort(v int64) *AnalysisLoadBalancerListener { + s.InstancePort = &v + return s +} + +// SetLoadBalancerPort sets the LoadBalancerPort field's value. +func (s *AnalysisLoadBalancerListener) SetLoadBalancerPort(v int64) *AnalysisLoadBalancerListener { + s.LoadBalancerPort = &v + return s +} + +// Describes a load balancer target. +type AnalysisLoadBalancerTarget struct { + _ struct{} `type:"structure"` + + // The IP address. + Address *string `locationName:"address" type:"string"` + + // The Availability Zone. + AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + + // Information about the instance. + Instance *AnalysisComponent `locationName:"instance" type:"structure"` + + // The port on which the target is listening. + Port *int64 `locationName:"port" min:"1" type:"integer"` +} + +// String returns the string representation +func (s AnalysisLoadBalancerTarget) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisLoadBalancerTarget) GoString() string { + return s.String() +} + +// SetAddress sets the Address field's value. +func (s *AnalysisLoadBalancerTarget) SetAddress(v string) *AnalysisLoadBalancerTarget { + s.Address = &v + return s +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *AnalysisLoadBalancerTarget) SetAvailabilityZone(v string) *AnalysisLoadBalancerTarget { + s.AvailabilityZone = &v + return s +} + +// SetInstance sets the Instance field's value. +func (s *AnalysisLoadBalancerTarget) SetInstance(v *AnalysisComponent) *AnalysisLoadBalancerTarget { + s.Instance = v + return s +} + +// SetPort sets the Port field's value. +func (s *AnalysisLoadBalancerTarget) SetPort(v int64) *AnalysisLoadBalancerTarget { + s.Port = &v + return s +} + +// Describes a header. Reflects any changes made by a component as traffic passes +// through. The fields of an inbound header are null except for the first component +// of a path. +type AnalysisPacketHeader struct { + _ struct{} `type:"structure"` + + // The destination addresses. + DestinationAddresses []*string `locationName:"destinationAddressSet" locationNameList:"item" type:"list"` + + // The destination port ranges. + DestinationPortRanges []*PortRange `locationName:"destinationPortRangeSet" locationNameList:"item" type:"list"` + + // The protocol. + Protocol *string `locationName:"protocol" type:"string"` + + // The source addresses. + SourceAddresses []*string `locationName:"sourceAddressSet" locationNameList:"item" type:"list"` + + // The source port ranges. + SourcePortRanges []*PortRange `locationName:"sourcePortRangeSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s AnalysisPacketHeader) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisPacketHeader) GoString() string { + return s.String() +} + +// SetDestinationAddresses sets the DestinationAddresses field's value. +func (s *AnalysisPacketHeader) SetDestinationAddresses(v []*string) *AnalysisPacketHeader { + s.DestinationAddresses = v + return s +} + +// SetDestinationPortRanges sets the DestinationPortRanges field's value. +func (s *AnalysisPacketHeader) SetDestinationPortRanges(v []*PortRange) *AnalysisPacketHeader { + s.DestinationPortRanges = v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *AnalysisPacketHeader) SetProtocol(v string) *AnalysisPacketHeader { + s.Protocol = &v + return s +} + +// SetSourceAddresses sets the SourceAddresses field's value. +func (s *AnalysisPacketHeader) SetSourceAddresses(v []*string) *AnalysisPacketHeader { + s.SourceAddresses = v + return s +} + +// SetSourcePortRanges sets the SourcePortRanges field's value. +func (s *AnalysisPacketHeader) SetSourcePortRanges(v []*PortRange) *AnalysisPacketHeader { + s.SourcePortRanges = v + return s +} + +// Describes a route table route. +type AnalysisRouteTableRoute struct { + _ struct{} `type:"structure"` + + // The destination IPv4 address, in CIDR notation. + DestinationCidr *string `locationName:"destinationCidr" type:"string"` + + // The prefix of the AWS service. + DestinationPrefixListId *string `locationName:"destinationPrefixListId" type:"string"` + + // The ID of an egress-only internet gateway. + EgressOnlyInternetGatewayId *string `locationName:"egressOnlyInternetGatewayId" type:"string"` + + // The ID of the gateway, such as an internet gateway or virtual private gateway. + GatewayId *string `locationName:"gatewayId" type:"string"` + + // The ID of the instance, such as a NAT instance. + InstanceId *string `locationName:"instanceId" type:"string"` + + // The ID of a NAT gateway. + NatGatewayId *string `locationName:"natGatewayId" type:"string"` + + // The ID of a network interface. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // Describes how the route was created. The following are possible values: + // + // * CreateRouteTable - The route was automatically created when the route + // table was created. + // + // * CreateRoute - The route was manually added to the route table. + // + // * EnableVgwRoutePropagation - The route was propagated by route propagation. + Origin *string `locationName:"origin" type:"string"` + + // The ID of a transit gateway. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of a VPC peering connection. + VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` +} + +// String returns the string representation +func (s AnalysisRouteTableRoute) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisRouteTableRoute) GoString() string { + return s.String() +} + +// SetDestinationCidr sets the DestinationCidr field's value. +func (s *AnalysisRouteTableRoute) SetDestinationCidr(v string) *AnalysisRouteTableRoute { + s.DestinationCidr = &v + return s +} + +// SetDestinationPrefixListId sets the DestinationPrefixListId field's value. +func (s *AnalysisRouteTableRoute) SetDestinationPrefixListId(v string) *AnalysisRouteTableRoute { + s.DestinationPrefixListId = &v + return s +} + +// SetEgressOnlyInternetGatewayId sets the EgressOnlyInternetGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetEgressOnlyInternetGatewayId(v string) *AnalysisRouteTableRoute { + s.EgressOnlyInternetGatewayId = &v + return s +} + +// SetGatewayId sets the GatewayId field's value. +func (s *AnalysisRouteTableRoute) SetGatewayId(v string) *AnalysisRouteTableRoute { + s.GatewayId = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *AnalysisRouteTableRoute) SetInstanceId(v string) *AnalysisRouteTableRoute { + s.InstanceId = &v + return s +} + +// SetNatGatewayId sets the NatGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetNatGatewayId(v string) *AnalysisRouteTableRoute { + s.NatGatewayId = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *AnalysisRouteTableRoute) SetNetworkInterfaceId(v string) *AnalysisRouteTableRoute { + s.NetworkInterfaceId = &v + return s +} + +// SetOrigin sets the Origin field's value. +func (s *AnalysisRouteTableRoute) SetOrigin(v string) *AnalysisRouteTableRoute { + s.Origin = &v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *AnalysisRouteTableRoute) SetTransitGatewayId(v string) *AnalysisRouteTableRoute { + s.TransitGatewayId = &v + return s +} + +// SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. +func (s *AnalysisRouteTableRoute) SetVpcPeeringConnectionId(v string) *AnalysisRouteTableRoute { + s.VpcPeeringConnectionId = &v + return s +} + +// Describes a security group rule. +type AnalysisSecurityGroupRule struct { + _ struct{} `type:"structure"` + + // The IPv4 address range, in CIDR notation. + Cidr *string `locationName:"cidr" type:"string"` + + // The direction. The following are possible values: + // + // * egress + // + // * ingress + Direction *string `locationName:"direction" type:"string"` + + // The port range. + PortRange *PortRange `locationName:"portRange" type:"structure"` + + // The prefix list ID. + PrefixListId *string `locationName:"prefixListId" type:"string"` + + // The protocol name. + Protocol *string `locationName:"protocol" type:"string"` + + // The security group ID. + SecurityGroupId *string `locationName:"securityGroupId" type:"string"` +} + +// String returns the string representation +func (s AnalysisSecurityGroupRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalysisSecurityGroupRule) GoString() string { + return s.String() +} + +// SetCidr sets the Cidr field's value. +func (s *AnalysisSecurityGroupRule) SetCidr(v string) *AnalysisSecurityGroupRule { + s.Cidr = &v + return s +} + +// SetDirection sets the Direction field's value. +func (s *AnalysisSecurityGroupRule) SetDirection(v string) *AnalysisSecurityGroupRule { + s.Direction = &v + return s +} + +// SetPortRange sets the PortRange field's value. +func (s *AnalysisSecurityGroupRule) SetPortRange(v *PortRange) *AnalysisSecurityGroupRule { + s.PortRange = v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *AnalysisSecurityGroupRule) SetPrefixListId(v string) *AnalysisSecurityGroupRule { + s.PrefixListId = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *AnalysisSecurityGroupRule) SetProtocol(v string) *AnalysisSecurityGroupRule { + s.Protocol = &v + return s +} + +// SetSecurityGroupId sets the SecurityGroupId field's value. +func (s *AnalysisSecurityGroupRule) SetSecurityGroupId(v string) *AnalysisSecurityGroupRule { + s.SecurityGroupId = &v + return s +} + type ApplySecurityGroupsToClientVpnTargetNetworkInput struct { _ struct{} `type:"structure"` @@ -43077,8 +44923,7 @@ type BlockDeviceMapping struct { // launched. Ebs *EbsBlockDevice `locationName:"ebs" type:"structure"` - // Suppresses the specified device included in the block device mapping of the - // AMI. + // To omit the device from the block device mapping, specify an empty string. NoDevice *string `locationName:"noDevice" type:"string"` // The virtual device name (ephemeralN). Instance store volumes are numbered @@ -44211,6 +46056,9 @@ type CapacityReservation struct { // The ID of the AWS account that owns the Capacity Reservation. OwnerId *string `locationName:"ownerId" type:"string"` + // The date and time at which the Capacity Reservation was started. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + // The current state of the Capacity Reservation. A Capacity Reservation can // be in one of the following states: // @@ -44221,8 +46069,8 @@ type CapacityReservation struct { // and time specified in your request. The reserved capacity is no longer // available for your use. // - // * cancelled - The Capacity Reservation was manually cancelled. The reserved - // capacity is no longer available for your use. + // * cancelled - The Capacity Reservation was cancelled. The reserved capacity + // is no longer available for your use. // // * pending - The Capacity Reservation request was successful but the capacity // provisioning is still pending. @@ -44344,6 +46192,12 @@ func (s *CapacityReservation) SetOwnerId(v string) *CapacityReservation { return s } +// SetStartDate sets the StartDate field's value. +func (s *CapacityReservation) SetStartDate(v time.Time) *CapacityReservation { + s.StartDate = &v + return s +} + // SetState sets the State field's value. func (s *CapacityReservation) SetState(v string) *CapacityReservation { s.State = &v @@ -44408,9 +46262,9 @@ func (s *CapacityReservationGroup) SetOwnerId(v string) *CapacityReservationGrou // // For more information about Capacity Reservations, see On-Demand Capacity // Reservations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) -// in the Amazon Elastic Compute Cloud User Guide. For examples of using Capacity -// Reservations in an EC2 Fleet, see EC2 Fleet example configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. For examples of using Capacity Reservations +// in an EC2 Fleet, see EC2 Fleet example configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) +// in the Amazon EC2 User Guide. type CapacityReservationOptions struct { _ struct{} `type:"structure"` @@ -44453,9 +46307,9 @@ func (s *CapacityReservationOptions) SetUsageStrategy(v string) *CapacityReserva // // For more information about Capacity Reservations, see On-Demand Capacity // Reservations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) -// in the Amazon Elastic Compute Cloud User Guide. For examples of using Capacity -// Reservations in an EC2 Fleet, see EC2 Fleet example configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. For examples of using Capacity Reservations +// in an EC2 Fleet, see EC2 Fleet example configurations (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-examples.html) +// in the Amazon EC2 User Guide. type CapacityReservationOptionsRequest struct { _ struct{} `type:"structure"` @@ -46887,7 +48741,7 @@ type CreateCapacityReservationInput struct { AvailabilityZoneId *string `type:"string"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -46959,8 +48813,8 @@ type CreateCapacityReservationInput struct { InstancePlatform *string `type:"string" required:"true" enum:"CapacityReservationInstancePlatform"` // The instance type for which to reserve capacity. For more information, see - // Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. // // InstanceType is a required field InstanceType *string `type:"string" required:"true"` @@ -48148,7 +50002,7 @@ type CreateFleetInput struct { // The type of request. The default value is maintain. // - // * maintain - The EC2 Fleet plaees an asynchronous request for your desired + // * maintain - The EC2 Fleet places an asynchronous request for your desired // capacity, and continues to maintain your desired Spot capacity by replenishing // interrupted Spot Instances. // @@ -48162,7 +50016,7 @@ type CreateFleetInput struct { // be launched. // // For more information, see EC2 Fleet request types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-request-type) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. Type *string `type:"string" enum:"FleetType"` // The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). @@ -48804,10 +50658,25 @@ type CreateImageInput struct { Name *string `locationName:"name" type:"string" required:"true"` // By default, Amazon EC2 attempts to shut down and reboot the instance before - // creating the image. If the 'No Reboot' option is set, Amazon EC2 doesn't - // shut down the instance before creating the image. When this option is used, - // file system integrity on the created image can't be guaranteed. + // creating the image. If the No Reboot option is set, Amazon EC2 doesn't shut + // down the instance before creating the image. When this option is used, file + // system integrity on the created image can't be guaranteed. NoReboot *bool `locationName:"noReboot" type:"boolean"` + + // The tags to apply to the AMI and snapshots on creation. You can tag the AMI, + // the snapshots, or both. + // + // * To tag the AMI, the value for ResourceType must be image. + // + // * To tag the snapshots that are created of the root volume and of other + // EBS volumes that are attached to the instance, the value for ResourceType + // must be snapshot. The same tag is applied to all of the snapshots that + // are created. + // + // If you specify other values for ResourceType, the request fails. + // + // To tag an AMI or snapshot after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` } // String returns the string representation @@ -48872,6 +50741,12 @@ func (s *CreateImageInput) SetNoReboot(v bool) *CreateImageInput { return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateImageInput) SetTagSpecifications(v []*TagSpecification) *CreateImageInput { + s.TagSpecifications = v + return s +} + type CreateImageOutput struct { _ struct{} `type:"structure"` @@ -50180,6 +52055,156 @@ func (s *CreateNetworkAclOutput) SetNetworkAcl(v *NetworkAcl) *CreateNetworkAclO return s } +type CreateNetworkInsightsPathInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // The AWS resource that is the destination of the path. + // + // Destination is a required field + Destination *string `type:"string" required:"true"` + + // The IP address of the AWS resource that is the destination of the path. + DestinationIp *string `type:"string"` + + // The destination port. + DestinationPort *int64 `min:"1" type:"integer"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The protocol. + // + // Protocol is a required field + Protocol *string `type:"string" required:"true" enum:"Protocol"` + + // The AWS resource that is the source of the path. + // + // Source is a required field + Source *string `type:"string" required:"true"` + + // The IP address of the AWS resource that is the source of the path. + SourceIp *string `type:"string"` + + // The tags to add to the path. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateNetworkInsightsPathInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateNetworkInsightsPathInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateNetworkInsightsPathInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateNetworkInsightsPathInput"} + if s.Destination == nil { + invalidParams.Add(request.NewErrParamRequired("Destination")) + } + if s.DestinationPort != nil && *s.DestinationPort < 1 { + invalidParams.Add(request.NewErrParamMinValue("DestinationPort", 1)) + } + if s.Protocol == nil { + invalidParams.Add(request.NewErrParamRequired("Protocol")) + } + if s.Source == nil { + invalidParams.Add(request.NewErrParamRequired("Source")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateNetworkInsightsPathInput) SetClientToken(v string) *CreateNetworkInsightsPathInput { + s.ClientToken = &v + return s +} + +// SetDestination sets the Destination field's value. +func (s *CreateNetworkInsightsPathInput) SetDestination(v string) *CreateNetworkInsightsPathInput { + s.Destination = &v + return s +} + +// SetDestinationIp sets the DestinationIp field's value. +func (s *CreateNetworkInsightsPathInput) SetDestinationIp(v string) *CreateNetworkInsightsPathInput { + s.DestinationIp = &v + return s +} + +// SetDestinationPort sets the DestinationPort field's value. +func (s *CreateNetworkInsightsPathInput) SetDestinationPort(v int64) *CreateNetworkInsightsPathInput { + s.DestinationPort = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateNetworkInsightsPathInput) SetDryRun(v bool) *CreateNetworkInsightsPathInput { + s.DryRun = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateNetworkInsightsPathInput) SetProtocol(v string) *CreateNetworkInsightsPathInput { + s.Protocol = &v + return s +} + +// SetSource sets the Source field's value. +func (s *CreateNetworkInsightsPathInput) SetSource(v string) *CreateNetworkInsightsPathInput { + s.Source = &v + return s +} + +// SetSourceIp sets the SourceIp field's value. +func (s *CreateNetworkInsightsPathInput) SetSourceIp(v string) *CreateNetworkInsightsPathInput { + s.SourceIp = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateNetworkInsightsPathInput) SetTagSpecifications(v []*TagSpecification) *CreateNetworkInsightsPathInput { + s.TagSpecifications = v + return s +} + +type CreateNetworkInsightsPathOutput struct { + _ struct{} `type:"structure"` + + // Information about the path. + NetworkInsightsPath *NetworkInsightsPath `locationName:"networkInsightsPath" type:"structure"` +} + +// String returns the string representation +func (s CreateNetworkInsightsPathOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateNetworkInsightsPathOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsPath sets the NetworkInsightsPath field's value. +func (s *CreateNetworkInsightsPathOutput) SetNetworkInsightsPath(v *NetworkInsightsPath) *CreateNetworkInsightsPathOutput { + s.NetworkInsightsPath = v + return s +} + // Contains the parameters for CreateNetworkInterface. type CreateNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -52135,6 +54160,283 @@ func (s *CreateTrafficMirrorTargetOutput) SetTrafficMirrorTarget(v *TrafficMirro return s } +type CreateTransitGatewayConnectInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Connect attachment options. + // + // Options is a required field + Options *CreateTransitGatewayConnectRequestOptions `type:"structure" required:"true"` + + // The tags to apply to the Connect attachment. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the transit gateway attachment. You can specify a VPC attachment + // or a AWS Direct Connect attachment. + // + // TransportTransitGatewayAttachmentId is a required field + TransportTransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateTransitGatewayConnectInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayConnectInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTransitGatewayConnectInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTransitGatewayConnectInput"} + if s.Options == nil { + invalidParams.Add(request.NewErrParamRequired("Options")) + } + if s.TransportTransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransportTransitGatewayAttachmentId")) + } + if s.Options != nil { + if err := s.Options.Validate(); err != nil { + invalidParams.AddNested("Options", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTransitGatewayConnectInput) SetDryRun(v bool) *CreateTransitGatewayConnectInput { + s.DryRun = &v + return s +} + +// SetOptions sets the Options field's value. +func (s *CreateTransitGatewayConnectInput) SetOptions(v *CreateTransitGatewayConnectRequestOptions) *CreateTransitGatewayConnectInput { + s.Options = v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTransitGatewayConnectInput) SetTagSpecifications(v []*TagSpecification) *CreateTransitGatewayConnectInput { + s.TagSpecifications = v + return s +} + +// SetTransportTransitGatewayAttachmentId sets the TransportTransitGatewayAttachmentId field's value. +func (s *CreateTransitGatewayConnectInput) SetTransportTransitGatewayAttachmentId(v string) *CreateTransitGatewayConnectInput { + s.TransportTransitGatewayAttachmentId = &v + return s +} + +type CreateTransitGatewayConnectOutput struct { + _ struct{} `type:"structure"` + + // Information about the Connect attachment. + TransitGatewayConnect *TransitGatewayConnect `locationName:"transitGatewayConnect" type:"structure"` +} + +// String returns the string representation +func (s CreateTransitGatewayConnectOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayConnectOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayConnect sets the TransitGatewayConnect field's value. +func (s *CreateTransitGatewayConnectOutput) SetTransitGatewayConnect(v *TransitGatewayConnect) *CreateTransitGatewayConnectOutput { + s.TransitGatewayConnect = v + return s +} + +type CreateTransitGatewayConnectPeerInput struct { + _ struct{} `type:"structure"` + + // The BGP options for the Connect peer. + BgpOptions *TransitGatewayConnectRequestBgpOptions `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The range of inside IP addresses that are used for BGP peering. You must + // specify a size /29 IPv4 CIDR block from the 169.254.0.0/16 range. The first + // address from the range must be configured on the appliance as the BGP IP + // address. You can also optionally specify a size /125 IPv6 CIDR block from + // the fd00::/8 range. + // + // InsideCidrBlocks is a required field + InsideCidrBlocks []*string `locationNameList:"item" type:"list" required:"true"` + + // The peer IP address (GRE outer IP address) on the appliance side of the Connect + // peer. + // + // PeerAddress is a required field + PeerAddress *string `type:"string" required:"true"` + + // The tags to apply to the Connect peer. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The peer IP address (GRE outer IP address) on the transit gateway side of + // the Connect peer, which must be specified from a transit gateway CIDR block. + // If not specified, Amazon automatically assigns the first available IP address + // from the transit gateway CIDR block. + TransitGatewayAddress *string `type:"string"` + + // The ID of the Connect attachment. + // + // TransitGatewayAttachmentId is a required field + TransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateTransitGatewayConnectPeerInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayConnectPeerInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTransitGatewayConnectPeerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTransitGatewayConnectPeerInput"} + if s.InsideCidrBlocks == nil { + invalidParams.Add(request.NewErrParamRequired("InsideCidrBlocks")) + } + if s.PeerAddress == nil { + invalidParams.Add(request.NewErrParamRequired("PeerAddress")) + } + if s.TransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayAttachmentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBgpOptions sets the BgpOptions field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetBgpOptions(v *TransitGatewayConnectRequestBgpOptions) *CreateTransitGatewayConnectPeerInput { + s.BgpOptions = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetDryRun(v bool) *CreateTransitGatewayConnectPeerInput { + s.DryRun = &v + return s +} + +// SetInsideCidrBlocks sets the InsideCidrBlocks field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetInsideCidrBlocks(v []*string) *CreateTransitGatewayConnectPeerInput { + s.InsideCidrBlocks = v + return s +} + +// SetPeerAddress sets the PeerAddress field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetPeerAddress(v string) *CreateTransitGatewayConnectPeerInput { + s.PeerAddress = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetTagSpecifications(v []*TagSpecification) *CreateTransitGatewayConnectPeerInput { + s.TagSpecifications = v + return s +} + +// SetTransitGatewayAddress sets the TransitGatewayAddress field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetTransitGatewayAddress(v string) *CreateTransitGatewayConnectPeerInput { + s.TransitGatewayAddress = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *CreateTransitGatewayConnectPeerInput) SetTransitGatewayAttachmentId(v string) *CreateTransitGatewayConnectPeerInput { + s.TransitGatewayAttachmentId = &v + return s +} + +type CreateTransitGatewayConnectPeerOutput struct { + _ struct{} `type:"structure"` + + // Information about the Connect peer. + TransitGatewayConnectPeer *TransitGatewayConnectPeer `locationName:"transitGatewayConnectPeer" type:"structure"` +} + +// String returns the string representation +func (s CreateTransitGatewayConnectPeerOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayConnectPeerOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayConnectPeer sets the TransitGatewayConnectPeer field's value. +func (s *CreateTransitGatewayConnectPeerOutput) SetTransitGatewayConnectPeer(v *TransitGatewayConnectPeer) *CreateTransitGatewayConnectPeerOutput { + s.TransitGatewayConnectPeer = v + return s +} + +// The options for a Connect attachment. +type CreateTransitGatewayConnectRequestOptions struct { + _ struct{} `type:"structure"` + + // The tunnel protocol. + // + // Protocol is a required field + Protocol *string `type:"string" required:"true" enum:"ProtocolValue"` +} + +// String returns the string representation +func (s CreateTransitGatewayConnectRequestOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayConnectRequestOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTransitGatewayConnectRequestOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTransitGatewayConnectRequestOptions"} + if s.Protocol == nil { + invalidParams.Add(request.NewErrParamRequired("Protocol")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateTransitGatewayConnectRequestOptions) SetProtocol(v string) *CreateTransitGatewayConnectRequestOptions { + s.Protocol = &v + return s +} + type CreateTransitGatewayInput struct { _ struct{} `type:"structure"` @@ -52197,6 +54499,9 @@ type CreateTransitGatewayMulticastDomainInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` + // The options for the transit gateway multicast domain. + Options *CreateTransitGatewayMulticastDomainRequestOptions `type:"structure"` + // The tags for the transit gateway multicast domain. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -52235,6 +54540,12 @@ func (s *CreateTransitGatewayMulticastDomainInput) SetDryRun(v bool) *CreateTran return s } +// SetOptions sets the Options field's value. +func (s *CreateTransitGatewayMulticastDomainInput) SetOptions(v *CreateTransitGatewayMulticastDomainRequestOptions) *CreateTransitGatewayMulticastDomainInput { + s.Options = v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateTransitGatewayMulticastDomainInput) SetTagSpecifications(v []*TagSpecification) *CreateTransitGatewayMulticastDomainInput { s.TagSpecifications = v @@ -52270,6 +54581,51 @@ func (s *CreateTransitGatewayMulticastDomainOutput) SetTransitGatewayMulticastDo return s } +// The options for the transit gateway multicast domain. +type CreateTransitGatewayMulticastDomainRequestOptions struct { + _ struct{} `type:"structure"` + + // Indicates whether to automatically accept cross-account subnet associations + // that are associated with the transit gateway multicast domain. + AutoAcceptSharedAssociations *string `type:"string" enum:"AutoAcceptSharedAssociationsValue"` + + // Specify whether to enable Internet Group Management Protocol (IGMP) version + // 2 for the transit gateway multicast domain. + Igmpv2Support *string `type:"string" enum:"Igmpv2SupportValue"` + + // Specify whether to enable support for statically configuring multicast group + // sources for a domain. + StaticSourcesSupport *string `type:"string" enum:"StaticSourcesSupportValue"` +} + +// String returns the string representation +func (s CreateTransitGatewayMulticastDomainRequestOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTransitGatewayMulticastDomainRequestOptions) GoString() string { + return s.String() +} + +// SetAutoAcceptSharedAssociations sets the AutoAcceptSharedAssociations field's value. +func (s *CreateTransitGatewayMulticastDomainRequestOptions) SetAutoAcceptSharedAssociations(v string) *CreateTransitGatewayMulticastDomainRequestOptions { + s.AutoAcceptSharedAssociations = &v + return s +} + +// SetIgmpv2Support sets the Igmpv2Support field's value. +func (s *CreateTransitGatewayMulticastDomainRequestOptions) SetIgmpv2Support(v string) *CreateTransitGatewayMulticastDomainRequestOptions { + s.Igmpv2Support = &v + return s +} + +// SetStaticSourcesSupport sets the StaticSourcesSupport field's value. +func (s *CreateTransitGatewayMulticastDomainRequestOptions) SetStaticSourcesSupport(v string) *CreateTransitGatewayMulticastDomainRequestOptions { + s.StaticSourcesSupport = &v + return s +} + type CreateTransitGatewayOutput struct { _ struct{} `type:"structure"` @@ -52844,7 +55200,7 @@ type CreateTransitGatewayVpcAttachmentRequestOptions struct { // Enable or disable DNS support. The default is enable. DnsSupport *string `type:"string" enum:"DnsSupportValue"` - // Enable or disable IPv6 support. + // Enable or disable IPv6 support. The default is disable. Ipv6Support *string `type:"string" enum:"Ipv6SupportValue"` } @@ -52945,8 +55301,8 @@ type CreateVolumeInput struct { // Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, // you can attach the volume to up to 16 Instances built on the Nitro System // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) - // in the same Availability Zone. This parameter is supported with io1 volumes - // only. For more information, see Amazon EBS Multi-Attach (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html) + // in the same Availability Zone. This parameter is supported with io1 and io2 + // volumes only. For more information, see Amazon EBS Multi-Attach (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html) // in the Amazon Elastic Compute Cloud User Guide. MultiAttachEnabled *bool `type:"boolean"` @@ -55967,6 +58323,152 @@ func (s DeleteNetworkAclOutput) GoString() string { return s.String() } +type DeleteNetworkInsightsAnalysisInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the network insights analysis. + // + // NetworkInsightsAnalysisId is a required field + NetworkInsightsAnalysisId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteNetworkInsightsAnalysisInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteNetworkInsightsAnalysisInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteNetworkInsightsAnalysisInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteNetworkInsightsAnalysisInput"} + if s.NetworkInsightsAnalysisId == nil { + invalidParams.Add(request.NewErrParamRequired("NetworkInsightsAnalysisId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteNetworkInsightsAnalysisInput) SetDryRun(v bool) *DeleteNetworkInsightsAnalysisInput { + s.DryRun = &v + return s +} + +// SetNetworkInsightsAnalysisId sets the NetworkInsightsAnalysisId field's value. +func (s *DeleteNetworkInsightsAnalysisInput) SetNetworkInsightsAnalysisId(v string) *DeleteNetworkInsightsAnalysisInput { + s.NetworkInsightsAnalysisId = &v + return s +} + +type DeleteNetworkInsightsAnalysisOutput struct { + _ struct{} `type:"structure"` + + // The ID of the network insights analysis. + NetworkInsightsAnalysisId *string `locationName:"networkInsightsAnalysisId" type:"string"` +} + +// String returns the string representation +func (s DeleteNetworkInsightsAnalysisOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteNetworkInsightsAnalysisOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsAnalysisId sets the NetworkInsightsAnalysisId field's value. +func (s *DeleteNetworkInsightsAnalysisOutput) SetNetworkInsightsAnalysisId(v string) *DeleteNetworkInsightsAnalysisOutput { + s.NetworkInsightsAnalysisId = &v + return s +} + +type DeleteNetworkInsightsPathInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the path. + // + // NetworkInsightsPathId is a required field + NetworkInsightsPathId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteNetworkInsightsPathInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteNetworkInsightsPathInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteNetworkInsightsPathInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteNetworkInsightsPathInput"} + if s.NetworkInsightsPathId == nil { + invalidParams.Add(request.NewErrParamRequired("NetworkInsightsPathId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteNetworkInsightsPathInput) SetDryRun(v bool) *DeleteNetworkInsightsPathInput { + s.DryRun = &v + return s +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *DeleteNetworkInsightsPathInput) SetNetworkInsightsPathId(v string) *DeleteNetworkInsightsPathInput { + s.NetworkInsightsPathId = &v + return s +} + +type DeleteNetworkInsightsPathOutput struct { + _ struct{} `type:"structure"` + + // The ID of the path. + NetworkInsightsPathId *string `locationName:"networkInsightsPathId" type:"string"` +} + +// String returns the string representation +func (s DeleteNetworkInsightsPathOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteNetworkInsightsPathOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *DeleteNetworkInsightsPathOutput) SetNetworkInsightsPathId(v string) *DeleteNetworkInsightsPathOutput { + s.NetworkInsightsPathId = &v + return s +} + // Contains the parameters for DeleteNetworkInterface. type DeleteNetworkInterfaceInput struct { _ struct{} `type:"structure"` @@ -57060,6 +59562,152 @@ func (s *DeleteTrafficMirrorTargetOutput) SetTrafficMirrorTargetId(v string) *De return s } +type DeleteTransitGatewayConnectInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Connect attachment. + // + // TransitGatewayAttachmentId is a required field + TransitGatewayAttachmentId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTransitGatewayConnectInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayConnectInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTransitGatewayConnectInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTransitGatewayConnectInput"} + if s.TransitGatewayAttachmentId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayAttachmentId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTransitGatewayConnectInput) SetDryRun(v bool) *DeleteTransitGatewayConnectInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *DeleteTransitGatewayConnectInput) SetTransitGatewayAttachmentId(v string) *DeleteTransitGatewayConnectInput { + s.TransitGatewayAttachmentId = &v + return s +} + +type DeleteTransitGatewayConnectOutput struct { + _ struct{} `type:"structure"` + + // Information about the deleted Connect attachment. + TransitGatewayConnect *TransitGatewayConnect `locationName:"transitGatewayConnect" type:"structure"` +} + +// String returns the string representation +func (s DeleteTransitGatewayConnectOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayConnectOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayConnect sets the TransitGatewayConnect field's value. +func (s *DeleteTransitGatewayConnectOutput) SetTransitGatewayConnect(v *TransitGatewayConnect) *DeleteTransitGatewayConnectOutput { + s.TransitGatewayConnect = v + return s +} + +type DeleteTransitGatewayConnectPeerInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Connect peer. + // + // TransitGatewayConnectPeerId is a required field + TransitGatewayConnectPeerId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTransitGatewayConnectPeerInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayConnectPeerInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTransitGatewayConnectPeerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTransitGatewayConnectPeerInput"} + if s.TransitGatewayConnectPeerId == nil { + invalidParams.Add(request.NewErrParamRequired("TransitGatewayConnectPeerId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTransitGatewayConnectPeerInput) SetDryRun(v bool) *DeleteTransitGatewayConnectPeerInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayConnectPeerId sets the TransitGatewayConnectPeerId field's value. +func (s *DeleteTransitGatewayConnectPeerInput) SetTransitGatewayConnectPeerId(v string) *DeleteTransitGatewayConnectPeerInput { + s.TransitGatewayConnectPeerId = &v + return s +} + +type DeleteTransitGatewayConnectPeerOutput struct { + _ struct{} `type:"structure"` + + // Information about the deleted Connect peer. + TransitGatewayConnectPeer *TransitGatewayConnectPeer `locationName:"transitGatewayConnectPeer" type:"structure"` +} + +// String returns the string representation +func (s DeleteTransitGatewayConnectPeerOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTransitGatewayConnectPeerOutput) GoString() string { + return s.String() +} + +// SetTransitGatewayConnectPeer sets the TransitGatewayConnectPeer field's value. +func (s *DeleteTransitGatewayConnectPeerOutput) SetTransitGatewayConnectPeer(v *TransitGatewayConnectPeer) *DeleteTransitGatewayConnectPeerOutput { + s.TransitGatewayConnectPeer = v + return s +} + type DeleteTransitGatewayInput struct { _ struct{} `type:"structure"` @@ -59178,12 +61826,12 @@ type DescribeCapacityReservationsInput struct { // is active and the capacity is available for your use. expired - The Capacity // Reservation expired automatically at the date and time specified in your // request. The reserved capacity is no longer available for your use. cancelled - // - The Capacity Reservation was manually cancelled. The reserved capacity - // is no longer available for your use. pending - The Capacity Reservation - // request was successful but the capacity provisioning is still pending. - // failed - The Capacity Reservation request has failed. A request might - // fail due to invalid request parameters, capacity constraints, or instance - // limit constraints. Failed requests are retained for 60 minutes. + // - The Capacity Reservation was cancelled. The reserved capacity is no + // longer available for your use. pending - The Capacity Reservation request + // was successful but the capacity provisioning is still pending. failed + // - The Capacity Reservation request has failed. A request might fail due + // to invalid request parameters, capacity constraints, or instance limit + // constraints. Failed requests are retained for 60 minutes. // // * end-date - The date and time at which the Capacity Reservation expires. // When a Capacity Reservation expires, the reserved capacity is released @@ -63955,8 +66603,8 @@ type DescribeInstanceTypesInput struct { // can be configured for the instance type. For example, "1" or "1,2". Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The instance types. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // The instance types. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. InstanceTypes []*string `locationName:"InstanceType" type:"list"` // The maximum number of results to return for the request in a single page. @@ -64024,8 +66672,8 @@ func (s *DescribeInstanceTypesInput) SetNextToken(v string) *DescribeInstanceTyp type DescribeInstanceTypesOutput struct { _ struct{} `type:"structure"` - // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. InstanceTypes []*InstanceTypeInfo `locationName:"instanceTypeSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -66280,6 +68928,267 @@ func (s *DescribeNetworkAclsOutput) SetNextToken(v string) *DescribeNetworkAclsO return s } +type DescribeNetworkInsightsAnalysesInput struct { + _ struct{} `type:"structure"` + + // The time when the network insights analyses ended. + AnalysisEndTime *time.Time `type:"timestamp"` + + // The time when the network insights analyses started. + AnalysisStartTime *time.Time `type:"timestamp"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. The following are possible values: + // + // * PathFound - A Boolean value that indicates whether a feasible path is + // found. + // + // * Status - The status of the analysis (running | succeeded | failed). + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The ID of the network insights analyses. You must specify either analysis + // IDs or a path ID. + NetworkInsightsAnalysisIds []*string `locationName:"NetworkInsightsAnalysisId" locationNameList:"item" type:"list"` + + // The ID of the path. You must specify either a path ID or analysis IDs. + NetworkInsightsPathId *string `type:"string"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeNetworkInsightsAnalysesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeNetworkInsightsAnalysesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeNetworkInsightsAnalysesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeNetworkInsightsAnalysesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAnalysisEndTime sets the AnalysisEndTime field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetAnalysisEndTime(v time.Time) *DescribeNetworkInsightsAnalysesInput { + s.AnalysisEndTime = &v + return s +} + +// SetAnalysisStartTime sets the AnalysisStartTime field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetAnalysisStartTime(v time.Time) *DescribeNetworkInsightsAnalysesInput { + s.AnalysisStartTime = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetDryRun(v bool) *DescribeNetworkInsightsAnalysesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetFilters(v []*Filter) *DescribeNetworkInsightsAnalysesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetMaxResults(v int64) *DescribeNetworkInsightsAnalysesInput { + s.MaxResults = &v + return s +} + +// SetNetworkInsightsAnalysisIds sets the NetworkInsightsAnalysisIds field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetNetworkInsightsAnalysisIds(v []*string) *DescribeNetworkInsightsAnalysesInput { + s.NetworkInsightsAnalysisIds = v + return s +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetNetworkInsightsPathId(v string) *DescribeNetworkInsightsAnalysesInput { + s.NetworkInsightsPathId = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeNetworkInsightsAnalysesInput) SetNextToken(v string) *DescribeNetworkInsightsAnalysesInput { + s.NextToken = &v + return s +} + +type DescribeNetworkInsightsAnalysesOutput struct { + _ struct{} `type:"structure"` + + // Information about the network insights analyses. + NetworkInsightsAnalyses []*NetworkInsightsAnalysis `locationName:"networkInsightsAnalysisSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeNetworkInsightsAnalysesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeNetworkInsightsAnalysesOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsAnalyses sets the NetworkInsightsAnalyses field's value. +func (s *DescribeNetworkInsightsAnalysesOutput) SetNetworkInsightsAnalyses(v []*NetworkInsightsAnalysis) *DescribeNetworkInsightsAnalysesOutput { + s.NetworkInsightsAnalyses = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeNetworkInsightsAnalysesOutput) SetNextToken(v string) *DescribeNetworkInsightsAnalysesOutput { + s.NextToken = &v + return s +} + +type DescribeNetworkInsightsPathsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The filters. The following are possible values: + // + // * Destination - The ID of the resource. + // + // * DestinationPort - The destination port. + // + // * Name - The path name. + // + // * Protocol - The protocol. + // + // * Source - The ID of the resource. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"1" type:"integer"` + + // The IDs of the paths. + NetworkInsightsPathIds []*string `locationName:"NetworkInsightsPathId" locationNameList:"item" type:"list"` + + // The token for the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeNetworkInsightsPathsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeNetworkInsightsPathsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeNetworkInsightsPathsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeNetworkInsightsPathsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeNetworkInsightsPathsInput) SetDryRun(v bool) *DescribeNetworkInsightsPathsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeNetworkInsightsPathsInput) SetFilters(v []*Filter) *DescribeNetworkInsightsPathsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeNetworkInsightsPathsInput) SetMaxResults(v int64) *DescribeNetworkInsightsPathsInput { + s.MaxResults = &v + return s +} + +// SetNetworkInsightsPathIds sets the NetworkInsightsPathIds field's value. +func (s *DescribeNetworkInsightsPathsInput) SetNetworkInsightsPathIds(v []*string) *DescribeNetworkInsightsPathsInput { + s.NetworkInsightsPathIds = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeNetworkInsightsPathsInput) SetNextToken(v string) *DescribeNetworkInsightsPathsInput { + s.NextToken = &v + return s +} + +type DescribeNetworkInsightsPathsOutput struct { + _ struct{} `type:"structure"` + + // Information about the paths. + NetworkInsightsPaths []*NetworkInsightsPath `locationName:"networkInsightsPathSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeNetworkInsightsPathsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeNetworkInsightsPathsOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsPaths sets the NetworkInsightsPaths field's value. +func (s *DescribeNetworkInsightsPathsOutput) SetNetworkInsightsPaths(v []*NetworkInsightsPath) *DescribeNetworkInsightsPathsOutput { + s.NetworkInsightsPaths = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeNetworkInsightsPathsOutput) SetNextToken(v string) *DescribeNetworkInsightsPathsOutput { + s.NextToken = &v + return s +} + // Contains the parameters for DescribeNetworkInterfaceAttribute. type DescribeNetworkInterfaceAttributeInput struct { _ struct{} `type:"structure"` @@ -67582,8 +70491,8 @@ type DescribeReservedInstancesOfferingsInput struct { InstanceTenancy *string `locationName:"instanceTenancy" type:"string" enum:"Tenancy"` // The instance type that the reservation will cover (for example, m1.small). - // For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. InstanceType *string `type:"string" enum:"InstanceType"` // The maximum duration (in seconds) to filter when searching for offerings. @@ -70323,7 +73232,7 @@ type DescribeTransitGatewayAttachmentsInput struct { // * resource-owner-id - The ID of the AWS account that owns the resource. // // * resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway - // | peering. + // | peering | connect. // // * state - The state of the attachment. Valid values are available | deleted // | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance @@ -70434,6 +73343,244 @@ func (s *DescribeTransitGatewayAttachmentsOutput) SetTransitGatewayAttachments(v return s } +type DescribeTransitGatewayConnectPeersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * state - The state of the Connect peer (pending | available | deleting + // | deleted). + // + // * transit-gateway-attachment-id - The ID of the attachment. + // + // * transit-gateway-connect-peer-id - The ID of the Connect peer. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the Connect peers. + TransitGatewayConnectPeerIds []*string `locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayConnectPeersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayConnectPeersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTransitGatewayConnectPeersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTransitGatewayConnectPeersInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTransitGatewayConnectPeersInput) SetDryRun(v bool) *DescribeTransitGatewayConnectPeersInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTransitGatewayConnectPeersInput) SetFilters(v []*Filter) *DescribeTransitGatewayConnectPeersInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTransitGatewayConnectPeersInput) SetMaxResults(v int64) *DescribeTransitGatewayConnectPeersInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayConnectPeersInput) SetNextToken(v string) *DescribeTransitGatewayConnectPeersInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayConnectPeerIds sets the TransitGatewayConnectPeerIds field's value. +func (s *DescribeTransitGatewayConnectPeersInput) SetTransitGatewayConnectPeerIds(v []*string) *DescribeTransitGatewayConnectPeersInput { + s.TransitGatewayConnectPeerIds = v + return s +} + +type DescribeTransitGatewayConnectPeersOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the Connect peers. + TransitGatewayConnectPeers []*TransitGatewayConnectPeer `locationName:"transitGatewayConnectPeerSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayConnectPeersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayConnectPeersOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayConnectPeersOutput) SetNextToken(v string) *DescribeTransitGatewayConnectPeersOutput { + s.NextToken = &v + return s +} + +// SetTransitGatewayConnectPeers sets the TransitGatewayConnectPeers field's value. +func (s *DescribeTransitGatewayConnectPeersOutput) SetTransitGatewayConnectPeers(v []*TransitGatewayConnectPeer) *DescribeTransitGatewayConnectPeersOutput { + s.TransitGatewayConnectPeers = v + return s +} + +type DescribeTransitGatewayConnectsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * options.protocol - The tunnel protocol (gre). + // + // * state - The state of the attachment (initiating | initiatingRequest + // | pendingAcceptance | rollingBack | pending | available | modifying | + // deleting | deleted | failed | rejected | rejecting | failing). + // + // * transit-gateway-attachment-id - The ID of the Connect attachment. + // + // * transit-gateway-id - The ID of the transit gateway. + // + // * transport-transit-gateway-attachment-id - The ID of the transit gateway + // attachment from which the Connect attachment was created. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the attachments. + TransitGatewayAttachmentIds []*string `type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayConnectsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayConnectsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTransitGatewayConnectsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTransitGatewayConnectsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTransitGatewayConnectsInput) SetDryRun(v bool) *DescribeTransitGatewayConnectsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTransitGatewayConnectsInput) SetFilters(v []*Filter) *DescribeTransitGatewayConnectsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTransitGatewayConnectsInput) SetMaxResults(v int64) *DescribeTransitGatewayConnectsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayConnectsInput) SetNextToken(v string) *DescribeTransitGatewayConnectsInput { + s.NextToken = &v + return s +} + +// SetTransitGatewayAttachmentIds sets the TransitGatewayAttachmentIds field's value. +func (s *DescribeTransitGatewayConnectsInput) SetTransitGatewayAttachmentIds(v []*string) *DescribeTransitGatewayConnectsInput { + s.TransitGatewayAttachmentIds = v + return s +} + +type DescribeTransitGatewayConnectsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about the Connect attachments. + TransitGatewayConnects []*TransitGatewayConnect `locationName:"transitGatewayConnectSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTransitGatewayConnectsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTransitGatewayConnectsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTransitGatewayConnectsOutput) SetNextToken(v string) *DescribeTransitGatewayConnectsOutput { + s.NextToken = &v + return s +} + +// SetTransitGatewayConnects sets the TransitGatewayConnects field's value. +func (s *DescribeTransitGatewayConnectsOutput) SetTransitGatewayConnects(v []*TransitGatewayConnect) *DescribeTransitGatewayConnectsOutput { + s.TransitGatewayConnects = v + return s +} + type DescribeTransitGatewayMulticastDomainsInput struct { _ struct{} `type:"structure"` @@ -75291,15 +78438,15 @@ type EbsBlockDevice struct { // Indicates whether the EBS volume is deleted on instance termination. For // more information, see Preserving Amazon EBS volumes on instance termination // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#preserving-volumes-on-termination) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` // Indicates whether the encryption state of an EBS volume is changed while // being restored from a backing snapshot. The effect of setting the encryption // state to true depends on the volume origin (new or from a snapshot), starting // encryption state, ownership, and whether encryption by default is enabled. - // For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) - // in the Amazon Elastic Compute Cloud User Guide. + // For more information, see Amazon EBS encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) + // in the Amazon EC2 User Guide. // // In no case can you remove encryption from an encrypted volume. // @@ -75361,16 +78508,14 @@ type EbsBlockDevice struct { // // * io1 and io2: 4-16,384 // - // * st1: 500-16,384 - // - // * sc1: 500-16,384 + // * st1 and sc1: 125-16,384 // // * standard: 1-1,024 VolumeSize *int64 `locationName:"volumeSize" type:"integer"` // The volume type. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon Elastic Compute Cloud User Guide. If the volume type is io1 - // or io2, you must specify the IOPS that the volume supports. + // in the Amazon EC2 User Guide. If the volume type is io1 or io2, you must + // specify the IOPS that the volume supports. VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` } @@ -75440,8 +78585,8 @@ type EbsInfo struct { EbsOptimizedInfo *EbsOptimizedInfo `locationName:"ebsOptimizedInfo" type:"structure"` // Indicates whether the instance type is Amazon EBS-optimized. For more information, - // see Amazon EBS-Optimized Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) - // in Amazon EC2 User Guide for Linux Instances. + // see Amazon EBS-optimized instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) + // in Amazon EC2 User Guide. EbsOptimizedSupport *string `locationName:"ebsOptimizedSupport" type:"string" enum:"EbsOptimizedSupport"` // Indicates whether Amazon EBS encryption is supported. @@ -76891,6 +80036,431 @@ func (s *EventInformation) SetInstanceId(v string) *EventInformation { return s } +// Describes an explanation code for an unreachable path. For more information, +// see Reachability Analyzer explanation codes (https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html). +type Explanation struct { + _ struct{} `type:"structure"` + + // The network ACL. + Acl *AnalysisComponent `locationName:"acl" type:"structure"` + + // The network ACL rule. + AclRule *AnalysisAclRule `locationName:"aclRule" type:"structure"` + + // The IPv4 address, in CIDR notation. + Address *string `locationName:"address" type:"string"` + + // The IPv4 addresses, in CIDR notation. + Addresses []*string `locationName:"addressSet" locationNameList:"item" type:"list"` + + // The resource to which the component is attached. + AttachedTo *AnalysisComponent `locationName:"attachedTo" type:"structure"` + + // The Availability Zones. + AvailabilityZones []*string `locationName:"availabilityZoneSet" locationNameList:"item" type:"list"` + + // The CIDR ranges. + Cidrs []*string `locationName:"cidrSet" locationNameList:"item" type:"list"` + + // The listener for a Classic Load Balancer. + ClassicLoadBalancerListener *AnalysisLoadBalancerListener `locationName:"classicLoadBalancerListener" type:"structure"` + + // The component. + Component *AnalysisComponent `locationName:"component" type:"structure"` + + // The customer gateway. + CustomerGateway *AnalysisComponent `locationName:"customerGateway" type:"structure"` + + // The destination. + Destination *AnalysisComponent `locationName:"destination" type:"structure"` + + // The destination VPC. + DestinationVpc *AnalysisComponent `locationName:"destinationVpc" type:"structure"` + + // The direction. The following are possible values: + // + // * egress + // + // * ingress + Direction *string `locationName:"direction" type:"string"` + + // The load balancer listener. + ElasticLoadBalancerListener *AnalysisComponent `locationName:"elasticLoadBalancerListener" type:"structure"` + + // The explanation code. + ExplanationCode *string `locationName:"explanationCode" type:"string"` + + // The route table. + IngressRouteTable *AnalysisComponent `locationName:"ingressRouteTable" type:"structure"` + + // The internet gateway. + InternetGateway *AnalysisComponent `locationName:"internetGateway" type:"structure"` + + // The Amazon Resource Name (ARN) of the load balancer. + LoadBalancerArn *string `locationName:"loadBalancerArn" min:"1" type:"string"` + + // The listener port of the load balancer. + LoadBalancerListenerPort *int64 `locationName:"loadBalancerListenerPort" min:"1" type:"integer"` + + // The target. + LoadBalancerTarget *AnalysisLoadBalancerTarget `locationName:"loadBalancerTarget" type:"structure"` + + // The target group. + LoadBalancerTargetGroup *AnalysisComponent `locationName:"loadBalancerTargetGroup" type:"structure"` + + // The target groups. + LoadBalancerTargetGroups []*AnalysisComponent `locationName:"loadBalancerTargetGroupSet" locationNameList:"item" type:"list"` + + // The target port. + LoadBalancerTargetPort *int64 `locationName:"loadBalancerTargetPort" min:"1" type:"integer"` + + // The missing component. + MissingComponent *string `locationName:"missingComponent" type:"string"` + + // The NAT gateway. + NatGateway *AnalysisComponent `locationName:"natGateway" type:"structure"` + + // The network interface. + NetworkInterface *AnalysisComponent `locationName:"networkInterface" type:"structure"` + + // The packet field. + PacketField *string `locationName:"packetField" type:"string"` + + // The port. + Port *int64 `locationName:"port" min:"1" type:"integer"` + + // The port ranges. + PortRanges []*PortRange `locationName:"portRangeSet" locationNameList:"item" type:"list"` + + // The prefix list. + PrefixList *AnalysisComponent `locationName:"prefixList" type:"structure"` + + // The protocols. + Protocols []*string `locationName:"protocolSet" locationNameList:"item" type:"list"` + + // The route table. + RouteTable *AnalysisComponent `locationName:"routeTable" type:"structure"` + + // The route table route. + RouteTableRoute *AnalysisRouteTableRoute `locationName:"routeTableRoute" type:"structure"` + + // The security group. + SecurityGroup *AnalysisComponent `locationName:"securityGroup" type:"structure"` + + // The security group rule. + SecurityGroupRule *AnalysisSecurityGroupRule `locationName:"securityGroupRule" type:"structure"` + + // The security groups. + SecurityGroups []*AnalysisComponent `locationName:"securityGroupSet" locationNameList:"item" type:"list"` + + // The source VPC. + SourceVpc *AnalysisComponent `locationName:"sourceVpc" type:"structure"` + + // The state. + State *string `locationName:"state" type:"string"` + + // The subnet. + Subnet *AnalysisComponent `locationName:"subnet" type:"structure"` + + // The route table for the subnet. + SubnetRouteTable *AnalysisComponent `locationName:"subnetRouteTable" type:"structure"` + + // The component VPC. + Vpc *AnalysisComponent `locationName:"vpc" type:"structure"` + + // The VPC endpoint. + VpcEndpoint *AnalysisComponent `locationName:"vpcEndpoint" type:"structure"` + + // The VPC peering connection. + VpcPeeringConnection *AnalysisComponent `locationName:"vpcPeeringConnection" type:"structure"` + + // The VPN connection. + VpnConnection *AnalysisComponent `locationName:"vpnConnection" type:"structure"` + + // The VPN gateway. + VpnGateway *AnalysisComponent `locationName:"vpnGateway" type:"structure"` +} + +// String returns the string representation +func (s Explanation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Explanation) GoString() string { + return s.String() +} + +// SetAcl sets the Acl field's value. +func (s *Explanation) SetAcl(v *AnalysisComponent) *Explanation { + s.Acl = v + return s +} + +// SetAclRule sets the AclRule field's value. +func (s *Explanation) SetAclRule(v *AnalysisAclRule) *Explanation { + s.AclRule = v + return s +} + +// SetAddress sets the Address field's value. +func (s *Explanation) SetAddress(v string) *Explanation { + s.Address = &v + return s +} + +// SetAddresses sets the Addresses field's value. +func (s *Explanation) SetAddresses(v []*string) *Explanation { + s.Addresses = v + return s +} + +// SetAttachedTo sets the AttachedTo field's value. +func (s *Explanation) SetAttachedTo(v *AnalysisComponent) *Explanation { + s.AttachedTo = v + return s +} + +// SetAvailabilityZones sets the AvailabilityZones field's value. +func (s *Explanation) SetAvailabilityZones(v []*string) *Explanation { + s.AvailabilityZones = v + return s +} + +// SetCidrs sets the Cidrs field's value. +func (s *Explanation) SetCidrs(v []*string) *Explanation { + s.Cidrs = v + return s +} + +// SetClassicLoadBalancerListener sets the ClassicLoadBalancerListener field's value. +func (s *Explanation) SetClassicLoadBalancerListener(v *AnalysisLoadBalancerListener) *Explanation { + s.ClassicLoadBalancerListener = v + return s +} + +// SetComponent sets the Component field's value. +func (s *Explanation) SetComponent(v *AnalysisComponent) *Explanation { + s.Component = v + return s +} + +// SetCustomerGateway sets the CustomerGateway field's value. +func (s *Explanation) SetCustomerGateway(v *AnalysisComponent) *Explanation { + s.CustomerGateway = v + return s +} + +// SetDestination sets the Destination field's value. +func (s *Explanation) SetDestination(v *AnalysisComponent) *Explanation { + s.Destination = v + return s +} + +// SetDestinationVpc sets the DestinationVpc field's value. +func (s *Explanation) SetDestinationVpc(v *AnalysisComponent) *Explanation { + s.DestinationVpc = v + return s +} + +// SetDirection sets the Direction field's value. +func (s *Explanation) SetDirection(v string) *Explanation { + s.Direction = &v + return s +} + +// SetElasticLoadBalancerListener sets the ElasticLoadBalancerListener field's value. +func (s *Explanation) SetElasticLoadBalancerListener(v *AnalysisComponent) *Explanation { + s.ElasticLoadBalancerListener = v + return s +} + +// SetExplanationCode sets the ExplanationCode field's value. +func (s *Explanation) SetExplanationCode(v string) *Explanation { + s.ExplanationCode = &v + return s +} + +// SetIngressRouteTable sets the IngressRouteTable field's value. +func (s *Explanation) SetIngressRouteTable(v *AnalysisComponent) *Explanation { + s.IngressRouteTable = v + return s +} + +// SetInternetGateway sets the InternetGateway field's value. +func (s *Explanation) SetInternetGateway(v *AnalysisComponent) *Explanation { + s.InternetGateway = v + return s +} + +// SetLoadBalancerArn sets the LoadBalancerArn field's value. +func (s *Explanation) SetLoadBalancerArn(v string) *Explanation { + s.LoadBalancerArn = &v + return s +} + +// SetLoadBalancerListenerPort sets the LoadBalancerListenerPort field's value. +func (s *Explanation) SetLoadBalancerListenerPort(v int64) *Explanation { + s.LoadBalancerListenerPort = &v + return s +} + +// SetLoadBalancerTarget sets the LoadBalancerTarget field's value. +func (s *Explanation) SetLoadBalancerTarget(v *AnalysisLoadBalancerTarget) *Explanation { + s.LoadBalancerTarget = v + return s +} + +// SetLoadBalancerTargetGroup sets the LoadBalancerTargetGroup field's value. +func (s *Explanation) SetLoadBalancerTargetGroup(v *AnalysisComponent) *Explanation { + s.LoadBalancerTargetGroup = v + return s +} + +// SetLoadBalancerTargetGroups sets the LoadBalancerTargetGroups field's value. +func (s *Explanation) SetLoadBalancerTargetGroups(v []*AnalysisComponent) *Explanation { + s.LoadBalancerTargetGroups = v + return s +} + +// SetLoadBalancerTargetPort sets the LoadBalancerTargetPort field's value. +func (s *Explanation) SetLoadBalancerTargetPort(v int64) *Explanation { + s.LoadBalancerTargetPort = &v + return s +} + +// SetMissingComponent sets the MissingComponent field's value. +func (s *Explanation) SetMissingComponent(v string) *Explanation { + s.MissingComponent = &v + return s +} + +// SetNatGateway sets the NatGateway field's value. +func (s *Explanation) SetNatGateway(v *AnalysisComponent) *Explanation { + s.NatGateway = v + return s +} + +// SetNetworkInterface sets the NetworkInterface field's value. +func (s *Explanation) SetNetworkInterface(v *AnalysisComponent) *Explanation { + s.NetworkInterface = v + return s +} + +// SetPacketField sets the PacketField field's value. +func (s *Explanation) SetPacketField(v string) *Explanation { + s.PacketField = &v + return s +} + +// SetPort sets the Port field's value. +func (s *Explanation) SetPort(v int64) *Explanation { + s.Port = &v + return s +} + +// SetPortRanges sets the PortRanges field's value. +func (s *Explanation) SetPortRanges(v []*PortRange) *Explanation { + s.PortRanges = v + return s +} + +// SetPrefixList sets the PrefixList field's value. +func (s *Explanation) SetPrefixList(v *AnalysisComponent) *Explanation { + s.PrefixList = v + return s +} + +// SetProtocols sets the Protocols field's value. +func (s *Explanation) SetProtocols(v []*string) *Explanation { + s.Protocols = v + return s +} + +// SetRouteTable sets the RouteTable field's value. +func (s *Explanation) SetRouteTable(v *AnalysisComponent) *Explanation { + s.RouteTable = v + return s +} + +// SetRouteTableRoute sets the RouteTableRoute field's value. +func (s *Explanation) SetRouteTableRoute(v *AnalysisRouteTableRoute) *Explanation { + s.RouteTableRoute = v + return s +} + +// SetSecurityGroup sets the SecurityGroup field's value. +func (s *Explanation) SetSecurityGroup(v *AnalysisComponent) *Explanation { + s.SecurityGroup = v + return s +} + +// SetSecurityGroupRule sets the SecurityGroupRule field's value. +func (s *Explanation) SetSecurityGroupRule(v *AnalysisSecurityGroupRule) *Explanation { + s.SecurityGroupRule = v + return s +} + +// SetSecurityGroups sets the SecurityGroups field's value. +func (s *Explanation) SetSecurityGroups(v []*AnalysisComponent) *Explanation { + s.SecurityGroups = v + return s +} + +// SetSourceVpc sets the SourceVpc field's value. +func (s *Explanation) SetSourceVpc(v *AnalysisComponent) *Explanation { + s.SourceVpc = v + return s +} + +// SetState sets the State field's value. +func (s *Explanation) SetState(v string) *Explanation { + s.State = &v + return s +} + +// SetSubnet sets the Subnet field's value. +func (s *Explanation) SetSubnet(v *AnalysisComponent) *Explanation { + s.Subnet = v + return s +} + +// SetSubnetRouteTable sets the SubnetRouteTable field's value. +func (s *Explanation) SetSubnetRouteTable(v *AnalysisComponent) *Explanation { + s.SubnetRouteTable = v + return s +} + +// SetVpc sets the Vpc field's value. +func (s *Explanation) SetVpc(v *AnalysisComponent) *Explanation { + s.Vpc = v + return s +} + +// SetVpcEndpoint sets the VpcEndpoint field's value. +func (s *Explanation) SetVpcEndpoint(v *AnalysisComponent) *Explanation { + s.VpcEndpoint = v + return s +} + +// SetVpcPeeringConnection sets the VpcPeeringConnection field's value. +func (s *Explanation) SetVpcPeeringConnection(v *AnalysisComponent) *Explanation { + s.VpcPeeringConnection = v + return s +} + +// SetVpnConnection sets the VpnConnection field's value. +func (s *Explanation) SetVpnConnection(v *AnalysisComponent) *Explanation { + s.VpnConnection = v + return s +} + +// SetVpnGateway sets the VpnGateway field's value. +func (s *Explanation) SetVpnGateway(v *AnalysisComponent) *Explanation { + s.VpnGateway = v + return s +} + type ExportClientVpnClientCertificateRevocationListInput struct { _ struct{} `type:"structure"` @@ -78452,7 +82022,7 @@ func (s *FleetLaunchTemplateSpecification) SetVersion(v string) *FleetLaunchTemp // that can be used by an EC2 Fleet to configure Amazon EC2 instances. For information // about launch templates, see Launching an instance from a launch template // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. type FleetLaunchTemplateSpecificationRequest struct { _ struct{} `type:"structure"` @@ -78550,7 +82120,7 @@ func (s *FleetSpotCapacityRebalance) SetReplacementStrategy(v string) *FleetSpot // The Spot Instance replacement strategy to use when Amazon EC2 emits a signal // that your Spot Instance is at an elevated risk of being interrupted. For // more information, see Capacity rebalancing (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-capacity-rebalance) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. type FleetSpotCapacityRebalanceRequest struct { _ struct{} `type:"structure"` @@ -79436,8 +83006,8 @@ type GetCapacityReservationUsageOutput struct { // and time specified in your request. The reserved capacity is no longer // available for your use. // - // * cancelled - The Capacity Reservation was manually cancelled. The reserved - // capacity is no longer available for your use. + // * cancelled - The Capacity Reservation was cancelled. The reserved capacity + // is no longer available for your use. // // * pending - The Capacity Reservation request was successful but the capacity // provisioning is still pending. @@ -81145,7 +84715,7 @@ type GetTransitGatewayRouteTableAssociationsInput struct { // * resource-id - The ID of the resource. // // * resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway - // | peering. + // | peering | connect. // // * transit-gateway-attachment-id - The ID of the attachment. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -81266,7 +84836,7 @@ type GetTransitGatewayRouteTablePropagationsInput struct { // * resource-id - The ID of the resource. // // * resource-type - The resource type. Valid values are vpc | vpn | direct-connect-gateway - // | peering. + // | peering | connect. // // * transit-gateway-attachment-id - The ID of the attachment. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -81518,7 +85088,7 @@ func (s *GroupIdentifier) SetGroupName(v string) *GroupIdentifier { // Indicates whether your instance is configured for hibernation. This parameter // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. type HibernationOptions struct { _ struct{} `type:"structure"` @@ -81546,7 +85116,7 @@ func (s *HibernationOptions) SetConfigured(v bool) *HibernationOptions { // Indicates whether your instance is configured for hibernation. This parameter // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) -// in the Amazon Elastic Compute Cloud User Guide. +// in the Amazon EC2 User Guide. type HibernationOptionsRequest struct { _ struct{} `type:"structure"` @@ -81673,10 +85243,9 @@ type Host struct { AllocationTime *time.Time `locationName:"allocationTime" type:"timestamp"` // Indicates whether the Dedicated Host supports multiple instance types of - // the same instance family, or a specific instance type only. one indicates - // that the Dedicated Host supports multiple instance types in the instance - // family. off indicates that the Dedicated Host supports a single instance - // type only. + // the same instance family. If the value is on, the Dedicated Host supports + // multiple instance types in the instance family. If the value is off, the + // Dedicated Host supports a single instance type only. AllowsMultipleInstanceTypes *string `locationName:"allowsMultipleInstanceTypes" type:"string" enum:"AllowsMultipleInstanceTypes"` // Whether auto-placement is on or off. @@ -81692,7 +85261,7 @@ type Host struct { AvailableCapacity *AvailableCapacity `locationName:"availableCapacity" type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` // The ID of the Dedicated Host. @@ -84493,8 +88062,8 @@ type Instance struct { // This controls whether source/destination checking is enabled on the instance. // A value of true means that checking is enabled, and false means that checking // is disabled. The value must be false for the instance to perform NAT. For - // more information, see NAT Instances (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) - // in the Amazon Virtual Private Cloud User Guide. + // more information, see NAT instances (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) + // in the Amazon VPC User Guide. SourceDestCheck *bool `locationName:"sourceDestCheck" type:"boolean"` // If the request is a Spot Instance request, the ID of the request. @@ -86398,8 +89967,8 @@ type InstanceTypeInfo struct { // Indicates whether instance storage is supported. InstanceStorageSupported *bool `locationName:"instanceStorageSupported" type:"boolean"` - // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // Describes the memory for the instance type. @@ -86579,8 +90148,8 @@ func (s *InstanceTypeInfo) SetVCpuInfo(v *VCpuInfo) *InstanceTypeInfo { type InstanceTypeOffering struct { _ struct{} `type:"structure"` - // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. InstanceType *string `locationName:"instanceType" type:"string" enum:"InstanceType"` // The identifier for the location. This depends on the location type. For example, @@ -90412,6 +93981,9 @@ func (s *ModifyAvailabilityZoneGroupOutput) SetReturn(v bool) *ModifyAvailabilit type ModifyCapacityReservationInput struct { _ struct{} `type:"structure"` + // Reserved. Capacity Reservations you have created are accepted by default. + Accept *bool `type:"boolean"` + // The ID of the Capacity Reservation. // // CapacityReservationId is a required field @@ -90473,6 +94045,12 @@ func (s *ModifyCapacityReservationInput) Validate() error { return nil } +// SetAccept sets the Accept field's value. +func (s *ModifyCapacityReservationInput) SetAccept(v bool) *ModifyCapacityReservationInput { + s.Accept = &v + return s +} + // SetCapacityReservationId sets the CapacityReservationId field's value. func (s *ModifyCapacityReservationInput) SetCapacityReservationId(v string) *ModifyCapacityReservationInput { s.CapacityReservationId = &v @@ -91168,8 +94746,8 @@ type ModifyHostsInput struct { HostIds []*string `locationName:"hostId" locationNameList:"item" type:"list" required:"true"` // Indicates whether to enable or disable host recovery for the Dedicated Host. - // For more information, see Host Recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) - // in the Amazon Elastic Compute Cloud User Guide. + // For more information, see Host recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) + // in the Amazon EC2 User Guide. HostRecovery *string `type:"string" enum:"HostRecovery"` // Specifies the instance family to be supported by the Dedicated Host. Specify @@ -91600,7 +95178,7 @@ type ModifyInstanceAttributeInput struct { // To add instance store volumes to an Amazon EBS-backed instance, you must // add them when you launch the instance. For more information, see Updating // the block device mapping when launching an instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html#Using_OverridingAMIBDM) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. BlockDeviceMappings []*InstanceBlockDeviceMappingSpecification `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // If the value is true, you can't terminate the instance using the Amazon EC2 @@ -91642,8 +95220,9 @@ type ModifyInstanceAttributeInput struct { InstanceInitiatedShutdownBehavior *AttributeValue `locationName:"instanceInitiatedShutdownBehavior" type:"structure"` // Changes the instance type to the specified value. For more information, see - // Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html). - // If the instance type is not valid, the error returned is InvalidInstanceAttributeValue. + // Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // in the Amazon EC2 User Guide. If the instance type is not valid, the error + // returned is InvalidInstanceAttributeValue. InstanceType *AttributeValue `locationName:"instanceType" type:"structure"` // Changes the instance's kernel to the specified value. We recommend that you @@ -93580,6 +97159,10 @@ func (s *ModifyTransitGatewayInput) SetTransitGatewayId(v string) *ModifyTransit type ModifyTransitGatewayOptions struct { _ struct{} `type:"structure"` + // Adds IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 + // CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6. + AddTransitGatewayCidrBlocks []*string `locationNameList:"item" type:"list"` + // The ID of the default association route table. AssociationDefaultRouteTableId *string `type:"string"` @@ -93600,6 +97183,9 @@ type ModifyTransitGatewayOptions struct { // The ID of the default propagation route table. PropagationDefaultRouteTableId *string `type:"string"` + // Removes CIDR blocks for the transit gateway. + RemoveTransitGatewayCidrBlocks []*string `locationNameList:"item" type:"list"` + // Enable or disable Equal Cost Multipath Protocol support. VpnEcmpSupport *string `type:"string" enum:"VpnEcmpSupportValue"` } @@ -93614,6 +97200,12 @@ func (s ModifyTransitGatewayOptions) GoString() string { return s.String() } +// SetAddTransitGatewayCidrBlocks sets the AddTransitGatewayCidrBlocks field's value. +func (s *ModifyTransitGatewayOptions) SetAddTransitGatewayCidrBlocks(v []*string) *ModifyTransitGatewayOptions { + s.AddTransitGatewayCidrBlocks = v + return s +} + // SetAssociationDefaultRouteTableId sets the AssociationDefaultRouteTableId field's value. func (s *ModifyTransitGatewayOptions) SetAssociationDefaultRouteTableId(v string) *ModifyTransitGatewayOptions { s.AssociationDefaultRouteTableId = &v @@ -93650,6 +97242,12 @@ func (s *ModifyTransitGatewayOptions) SetPropagationDefaultRouteTableId(v string return s } +// SetRemoveTransitGatewayCidrBlocks sets the RemoveTransitGatewayCidrBlocks field's value. +func (s *ModifyTransitGatewayOptions) SetRemoveTransitGatewayCidrBlocks(v []*string) *ModifyTransitGatewayOptions { + s.RemoveTransitGatewayCidrBlocks = v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *ModifyTransitGatewayOptions) SetVpnEcmpSupport(v string) *ModifyTransitGatewayOptions { s.VpnEcmpSupport = &v @@ -94027,6 +97625,13 @@ type ModifyVolumeInput struct { // Default: If no IOPS value is specified, the existing value is retained. Iops *int64 `type:"integer"` + // Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, + // you can attach the volume to up to 16 Nitro-based instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) + // in the same Availability Zone. This parameter is supported with io1 and io2 + // volumes only. For more information, see Amazon EBS Multi-Attach (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html) + // in the Amazon Elastic Compute Cloud User Guide. + MultiAttachEnabled *bool `type:"boolean"` + // The target size of the volume, in GiB. The target volume size must be greater // than or equal to the existing size of the volume. // @@ -94099,6 +97704,12 @@ func (s *ModifyVolumeInput) SetIops(v int64) *ModifyVolumeInput { return s } +// SetMultiAttachEnabled sets the MultiAttachEnabled field's value. +func (s *ModifyVolumeInput) SetMultiAttachEnabled(v bool) *ModifyVolumeInput { + s.MultiAttachEnabled = &v + return s +} + // SetSize sets the Size field's value. func (s *ModifyVolumeInput) SetSize(v int64) *ModifyVolumeInput { s.Size = &v @@ -96351,6 +99962,244 @@ func (s *NetworkInfo) SetNetworkPerformance(v string) *NetworkInfo { return s } +// Describes a network insights analysis. +type NetworkInsightsAnalysis struct { + _ struct{} `type:"structure"` + + // Potential intermediate components. + AlternatePathHints []*AlternatePathHint `locationName:"alternatePathHintSet" locationNameList:"item" type:"list"` + + // The explanations. For more information, see Reachability Analyzer explanation + // codes (https://docs.aws.amazon.com/vpc/latest/reachability/explanation-codes.html). + Explanations []*Explanation `locationName:"explanationSet" locationNameList:"item" type:"list"` + + // The Amazon Resource Names (ARN) of the AWS resources that the path must traverse. + FilterInArns []*string `locationName:"filterInArnSet" locationNameList:"item" type:"list"` + + // The components in the path from source to destination. + ForwardPathComponents []*PathComponent `locationName:"forwardPathComponentSet" locationNameList:"item" type:"list"` + + // The Amazon Resource Name (ARN) of the network insights analysis. + NetworkInsightsAnalysisArn *string `locationName:"networkInsightsAnalysisArn" min:"1" type:"string"` + + // The ID of the network insights analysis. + NetworkInsightsAnalysisId *string `locationName:"networkInsightsAnalysisId" type:"string"` + + // The ID of the path. + NetworkInsightsPathId *string `locationName:"networkInsightsPathId" type:"string"` + + // Indicates whether the destination is reachable from the source. + NetworkPathFound *bool `locationName:"networkPathFound" type:"boolean"` + + // The components in the path from destination to source. + ReturnPathComponents []*PathComponent `locationName:"returnPathComponentSet" locationNameList:"item" type:"list"` + + // The time the analysis started. + StartDate *time.Time `locationName:"startDate" type:"timestamp"` + + // The status of the network insights analysis. + Status *string `locationName:"status" type:"string" enum:"AnalysisStatus"` + + // The status message, if the status is failed. + StatusMessage *string `locationName:"statusMessage" type:"string"` + + // The tags. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s NetworkInsightsAnalysis) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NetworkInsightsAnalysis) GoString() string { + return s.String() +} + +// SetAlternatePathHints sets the AlternatePathHints field's value. +func (s *NetworkInsightsAnalysis) SetAlternatePathHints(v []*AlternatePathHint) *NetworkInsightsAnalysis { + s.AlternatePathHints = v + return s +} + +// SetExplanations sets the Explanations field's value. +func (s *NetworkInsightsAnalysis) SetExplanations(v []*Explanation) *NetworkInsightsAnalysis { + s.Explanations = v + return s +} + +// SetFilterInArns sets the FilterInArns field's value. +func (s *NetworkInsightsAnalysis) SetFilterInArns(v []*string) *NetworkInsightsAnalysis { + s.FilterInArns = v + return s +} + +// SetForwardPathComponents sets the ForwardPathComponents field's value. +func (s *NetworkInsightsAnalysis) SetForwardPathComponents(v []*PathComponent) *NetworkInsightsAnalysis { + s.ForwardPathComponents = v + return s +} + +// SetNetworkInsightsAnalysisArn sets the NetworkInsightsAnalysisArn field's value. +func (s *NetworkInsightsAnalysis) SetNetworkInsightsAnalysisArn(v string) *NetworkInsightsAnalysis { + s.NetworkInsightsAnalysisArn = &v + return s +} + +// SetNetworkInsightsAnalysisId sets the NetworkInsightsAnalysisId field's value. +func (s *NetworkInsightsAnalysis) SetNetworkInsightsAnalysisId(v string) *NetworkInsightsAnalysis { + s.NetworkInsightsAnalysisId = &v + return s +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *NetworkInsightsAnalysis) SetNetworkInsightsPathId(v string) *NetworkInsightsAnalysis { + s.NetworkInsightsPathId = &v + return s +} + +// SetNetworkPathFound sets the NetworkPathFound field's value. +func (s *NetworkInsightsAnalysis) SetNetworkPathFound(v bool) *NetworkInsightsAnalysis { + s.NetworkPathFound = &v + return s +} + +// SetReturnPathComponents sets the ReturnPathComponents field's value. +func (s *NetworkInsightsAnalysis) SetReturnPathComponents(v []*PathComponent) *NetworkInsightsAnalysis { + s.ReturnPathComponents = v + return s +} + +// SetStartDate sets the StartDate field's value. +func (s *NetworkInsightsAnalysis) SetStartDate(v time.Time) *NetworkInsightsAnalysis { + s.StartDate = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *NetworkInsightsAnalysis) SetStatus(v string) *NetworkInsightsAnalysis { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *NetworkInsightsAnalysis) SetStatusMessage(v string) *NetworkInsightsAnalysis { + s.StatusMessage = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *NetworkInsightsAnalysis) SetTags(v []*Tag) *NetworkInsightsAnalysis { + s.Tags = v + return s +} + +// Describes a path. +type NetworkInsightsPath struct { + _ struct{} `type:"structure"` + + // The time stamp when the path was created. + CreatedDate *time.Time `locationName:"createdDate" type:"timestamp"` + + // The AWS resource that is the destination of the path. + Destination *string `locationName:"destination" type:"string"` + + // The IP address of the AWS resource that is the destination of the path. + DestinationIp *string `locationName:"destinationIp" type:"string"` + + // The destination port. + DestinationPort *int64 `locationName:"destinationPort" type:"integer"` + + // The Amazon Resource Name (ARN) of the path. + NetworkInsightsPathArn *string `locationName:"networkInsightsPathArn" min:"1" type:"string"` + + // The ID of the path. + NetworkInsightsPathId *string `locationName:"networkInsightsPathId" type:"string"` + + // The protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"Protocol"` + + // The AWS resource that is the source of the path. + Source *string `locationName:"source" type:"string"` + + // The IP address of the AWS resource that is the source of the path. + SourceIp *string `locationName:"sourceIp" type:"string"` + + // The tags associated with the path. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s NetworkInsightsPath) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NetworkInsightsPath) GoString() string { + return s.String() +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *NetworkInsightsPath) SetCreatedDate(v time.Time) *NetworkInsightsPath { + s.CreatedDate = &v + return s +} + +// SetDestination sets the Destination field's value. +func (s *NetworkInsightsPath) SetDestination(v string) *NetworkInsightsPath { + s.Destination = &v + return s +} + +// SetDestinationIp sets the DestinationIp field's value. +func (s *NetworkInsightsPath) SetDestinationIp(v string) *NetworkInsightsPath { + s.DestinationIp = &v + return s +} + +// SetDestinationPort sets the DestinationPort field's value. +func (s *NetworkInsightsPath) SetDestinationPort(v int64) *NetworkInsightsPath { + s.DestinationPort = &v + return s +} + +// SetNetworkInsightsPathArn sets the NetworkInsightsPathArn field's value. +func (s *NetworkInsightsPath) SetNetworkInsightsPathArn(v string) *NetworkInsightsPath { + s.NetworkInsightsPathArn = &v + return s +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *NetworkInsightsPath) SetNetworkInsightsPathId(v string) *NetworkInsightsPath { + s.NetworkInsightsPathId = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *NetworkInsightsPath) SetProtocol(v string) *NetworkInsightsPath { + s.Protocol = &v + return s +} + +// SetSource sets the Source field's value. +func (s *NetworkInsightsPath) SetSource(v string) *NetworkInsightsPath { + s.Source = &v + return s +} + +// SetSourceIp sets the SourceIp field's value. +func (s *NetworkInsightsPath) SetSourceIp(v string) *NetworkInsightsPath { + s.SourceIp = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *NetworkInsightsPath) SetTags(v []*Tag) *NetworkInsightsPath { + s.Tags = v + return s +} + // Describes a network interface. type NetworkInterface struct { _ struct{} `type:"structure"` @@ -97127,6 +100976,120 @@ func (s *OnDemandOptionsRequest) SetSingleInstanceType(v bool) *OnDemandOptionsR return s } +// Describes a path component. +type PathComponent struct { + _ struct{} `type:"structure"` + + // The network ACL rule. + AclRule *AnalysisAclRule `locationName:"aclRule" type:"structure"` + + // The component. + Component *AnalysisComponent `locationName:"component" type:"structure"` + + // The destination VPC. + DestinationVpc *AnalysisComponent `locationName:"destinationVpc" type:"structure"` + + // The inbound header. + InboundHeader *AnalysisPacketHeader `locationName:"inboundHeader" type:"structure"` + + // The outbound header. + OutboundHeader *AnalysisPacketHeader `locationName:"outboundHeader" type:"structure"` + + // The route table route. + RouteTableRoute *AnalysisRouteTableRoute `locationName:"routeTableRoute" type:"structure"` + + // The security group rule. + SecurityGroupRule *AnalysisSecurityGroupRule `locationName:"securityGroupRule" type:"structure"` + + // The sequence number. + SequenceNumber *int64 `locationName:"sequenceNumber" type:"integer"` + + // The source VPC. + SourceVpc *AnalysisComponent `locationName:"sourceVpc" type:"structure"` + + // The subnet. + Subnet *AnalysisComponent `locationName:"subnet" type:"structure"` + + // The component VPC. + Vpc *AnalysisComponent `locationName:"vpc" type:"structure"` +} + +// String returns the string representation +func (s PathComponent) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PathComponent) GoString() string { + return s.String() +} + +// SetAclRule sets the AclRule field's value. +func (s *PathComponent) SetAclRule(v *AnalysisAclRule) *PathComponent { + s.AclRule = v + return s +} + +// SetComponent sets the Component field's value. +func (s *PathComponent) SetComponent(v *AnalysisComponent) *PathComponent { + s.Component = v + return s +} + +// SetDestinationVpc sets the DestinationVpc field's value. +func (s *PathComponent) SetDestinationVpc(v *AnalysisComponent) *PathComponent { + s.DestinationVpc = v + return s +} + +// SetInboundHeader sets the InboundHeader field's value. +func (s *PathComponent) SetInboundHeader(v *AnalysisPacketHeader) *PathComponent { + s.InboundHeader = v + return s +} + +// SetOutboundHeader sets the OutboundHeader field's value. +func (s *PathComponent) SetOutboundHeader(v *AnalysisPacketHeader) *PathComponent { + s.OutboundHeader = v + return s +} + +// SetRouteTableRoute sets the RouteTableRoute field's value. +func (s *PathComponent) SetRouteTableRoute(v *AnalysisRouteTableRoute) *PathComponent { + s.RouteTableRoute = v + return s +} + +// SetSecurityGroupRule sets the SecurityGroupRule field's value. +func (s *PathComponent) SetSecurityGroupRule(v *AnalysisSecurityGroupRule) *PathComponent { + s.SecurityGroupRule = v + return s +} + +// SetSequenceNumber sets the SequenceNumber field's value. +func (s *PathComponent) SetSequenceNumber(v int64) *PathComponent { + s.SequenceNumber = &v + return s +} + +// SetSourceVpc sets the SourceVpc field's value. +func (s *PathComponent) SetSourceVpc(v *AnalysisComponent) *PathComponent { + s.SourceVpc = v + return s +} + +// SetSubnet sets the Subnet field's value. +func (s *PathComponent) SetSubnet(v *AnalysisComponent) *PathComponent { + s.Subnet = v + return s +} + +// SetVpc sets the Vpc field's value. +func (s *PathComponent) SetVpc(v *AnalysisComponent) *PathComponent { + s.Vpc = v + return s +} + // Describes the data that identifies an Amazon FPGA image (AFI) on the PCI // bus. type PciId struct { @@ -98863,7 +102826,7 @@ type PurchaseHostReservationInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // The currency in which the totalUpfrontPrice, LimitPrice, and totalHourlyPrice @@ -98958,7 +102921,7 @@ type PurchaseHostReservationOutput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // of the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` // The currency in which the totalUpfrontPrice and totalHourlyPrice amounts @@ -99864,6 +103827,82 @@ func (s *RegisterTransitGatewayMulticastGroupSourcesOutput) SetRegisteredMultica return s } +type RejectTransitGatewayMulticastDomainAssociationsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of the subnets to associate with the transit gateway multicast domain. + SubnetIds []*string `locationNameList:"item" type:"list"` + + // The ID of the transit gateway attachment. + TransitGatewayAttachmentId *string `type:"string"` + + // The ID of the transit gateway multicast domain. + TransitGatewayMulticastDomainId *string `type:"string"` +} + +// String returns the string representation +func (s RejectTransitGatewayMulticastDomainAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RejectTransitGatewayMulticastDomainAssociationsInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetDryRun(v bool) *RejectTransitGatewayMulticastDomainAssociationsInput { + s.DryRun = &v + return s +} + +// SetSubnetIds sets the SubnetIds field's value. +func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetSubnetIds(v []*string) *RejectTransitGatewayMulticastDomainAssociationsInput { + s.SubnetIds = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetTransitGatewayAttachmentId(v string) *RejectTransitGatewayMulticastDomainAssociationsInput { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. +func (s *RejectTransitGatewayMulticastDomainAssociationsInput) SetTransitGatewayMulticastDomainId(v string) *RejectTransitGatewayMulticastDomainAssociationsInput { + s.TransitGatewayMulticastDomainId = &v + return s +} + +type RejectTransitGatewayMulticastDomainAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Describes the multicast domain associations. + Associations *TransitGatewayMulticastDomainAssociations `locationName:"associations" type:"structure"` +} + +// String returns the string representation +func (s RejectTransitGatewayMulticastDomainAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RejectTransitGatewayMulticastDomainAssociationsOutput) GoString() string { + return s.String() +} + +// SetAssociations sets the Associations field's value. +func (s *RejectTransitGatewayMulticastDomainAssociationsOutput) SetAssociations(v *TransitGatewayMulticastDomainAssociations) *RejectTransitGatewayMulticastDomainAssociationsOutput { + s.Associations = v + return s +} + type RejectTransitGatewayPeeringAttachmentInput struct { _ struct{} `type:"structure"` @@ -104614,14 +108653,14 @@ type RunInstancesInput struct { // The CPU options for the instance. For more information, see Optimizing CPU // options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. CpuOptions *CpuOptionsRequest `type:"structure"` // The credit option for CPU usage of the burstable performance instance. Valid // values are standard and unlimited. To change this attribute after launch, // use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). // For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // Default: standard (T2 instances) or unlimited (T3/T3a instances) CreditSpecification *CreditSpecificationRequest `type:"structure"` @@ -104653,7 +108692,7 @@ type RunInstancesInput struct { // An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource // that you can attach to your Windows instance to accelerate the graphics performance // of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. ElasticGpuSpecification []*ElasticGpuSpecification `locationNameList:"item" type:"list"` // An elastic inference accelerator to associate with the instance. Elastic @@ -104672,7 +108711,7 @@ type RunInstancesInput struct { // Indicates whether an instance is enabled for hibernation. For more information, // see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // You can't enable hibernation and AWS Nitro Enclaves on the same instance. HibernationOptions *HibernationOptionsRequest `type:"structure"` @@ -104697,7 +108736,7 @@ type RunInstancesInput struct { InstanceMarketOptions *InstanceMarketOptionsRequest `type:"structure"` // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` @@ -104725,7 +108764,7 @@ type RunInstancesInput struct { // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. KernelId *string `type:"string"` // The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) @@ -104801,7 +108840,7 @@ type RunInstancesInput struct { // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. RamdiskId *string `type:"string"` // The IDs of the security groups. You can create a security group using CreateSecurityGroup @@ -105768,8 +109807,7 @@ type ScheduledInstancesBlockDeviceMapping struct { // launched. Ebs *ScheduledInstancesEbs `type:"structure"` - // Suppresses the specified device included in the block device mapping of the - // AMI. + // To omit the device from the block device mapping, specify an empty string. NoDevice *string `type:"string"` // The virtual device name (ephemeralN). Instance store volumes are numbered @@ -105833,10 +109871,11 @@ type ScheduledInstancesEbs struct { // The number of I/O operations per second (IOPS) to provision for an io1 or // io2 volume, with a maximum ratio of 50 IOPS/GiB for io1, and 500 IOPS/GiB // for io2. Range is 100 to 64,000 IOPS for volumes in most Regions. Maximum - // IOPS of 64,000 is guaranteed only on Nitro-based instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). + // IOPS of 64,000 is guaranteed only on instances built on the Nitro System + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). // Other instance families guarantee performance up to 32,000 IOPS. For more - // information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) - // in the Amazon Elastic Compute Cloud User Guide. + // information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) + // in the Amazon EC2 User Guide. // // This parameter is valid only for Provisioned IOPS SSD (io1 and io2) volumes. Iops *int64 `type:"integer"` @@ -106612,7 +110651,7 @@ type SearchTransitGatewayRoutesInput struct { // * attachment.resource-id - The resource id of the transit gateway attachment. // // * attachment.resource-type - The attachment resource type. Valid values - // are vpc | vpn | direct-connect-gateway | peering. + // are vpc | vpn | direct-connect-gateway | peering | connect. // // * prefix-list-id - The ID of the prefix list. // @@ -109004,8 +113043,8 @@ type SpotMarketOptions struct { MaxPrice *string `type:"string"` // The Spot Instance request type. For RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances), - // persistent Spot Instance requests are only supported when InstanceInterruptionBehavior - // is set to either hibernate or stop. + // persistent Spot Instance requests are only supported when the instance interruption + // behavior is either hibernate or stop. SpotInstanceType *string `type:"string" enum:"SpotInstanceType"` // The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported @@ -109604,6 +113643,107 @@ func (s *StartInstancesOutput) SetStartingInstances(v []*InstanceStateChange) *S return s } +type StartNetworkInsightsAnalysisInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The Amazon Resource Names (ARN) of the resources that the path must traverse. + FilterInArns []*string `locationName:"FilterInArn" locationNameList:"item" type:"list"` + + // The ID of the path. + // + // NetworkInsightsPathId is a required field + NetworkInsightsPathId *string `type:"string" required:"true"` + + // The tags to apply. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s StartNetworkInsightsAnalysisInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StartNetworkInsightsAnalysisInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartNetworkInsightsAnalysisInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartNetworkInsightsAnalysisInput"} + if s.NetworkInsightsPathId == nil { + invalidParams.Add(request.NewErrParamRequired("NetworkInsightsPathId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *StartNetworkInsightsAnalysisInput) SetClientToken(v string) *StartNetworkInsightsAnalysisInput { + s.ClientToken = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *StartNetworkInsightsAnalysisInput) SetDryRun(v bool) *StartNetworkInsightsAnalysisInput { + s.DryRun = &v + return s +} + +// SetFilterInArns sets the FilterInArns field's value. +func (s *StartNetworkInsightsAnalysisInput) SetFilterInArns(v []*string) *StartNetworkInsightsAnalysisInput { + s.FilterInArns = v + return s +} + +// SetNetworkInsightsPathId sets the NetworkInsightsPathId field's value. +func (s *StartNetworkInsightsAnalysisInput) SetNetworkInsightsPathId(v string) *StartNetworkInsightsAnalysisInput { + s.NetworkInsightsPathId = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *StartNetworkInsightsAnalysisInput) SetTagSpecifications(v []*TagSpecification) *StartNetworkInsightsAnalysisInput { + s.TagSpecifications = v + return s +} + +type StartNetworkInsightsAnalysisOutput struct { + _ struct{} `type:"structure"` + + // Information about the network insights analysis. + NetworkInsightsAnalysis *NetworkInsightsAnalysis `locationName:"networkInsightsAnalysis" type:"structure"` +} + +// String returns the string representation +func (s StartNetworkInsightsAnalysisOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StartNetworkInsightsAnalysisOutput) GoString() string { + return s.String() +} + +// SetNetworkInsightsAnalysis sets the NetworkInsightsAnalysis field's value. +func (s *StartNetworkInsightsAnalysisOutput) SetNetworkInsightsAnalysis(v *NetworkInsightsAnalysis) *StartNetworkInsightsAnalysisOutput { + s.NetworkInsightsAnalysis = v + return s +} + type StartVpcEndpointServicePrivateDnsVerificationInput struct { _ struct{} `type:"structure"` @@ -109768,7 +113908,7 @@ type StopInstancesInput struct { // Hibernates the instance if the instance was enabled for hibernation at launch. // If the instance cannot hibernate successfully, a normal shutdown occurs. // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) - // in the Amazon Elastic Compute Cloud User Guide. + // in the Amazon EC2 User Guide. // // Default: false Hibernate *bool `type:"boolean"` @@ -110332,16 +114472,18 @@ type TagSpecification struct { // The type of resource to tag. Currently, the resource types that support tagging // on creation are: capacity-reservation | carrier-gateway | client-vpn-endpoint - // | customer-gateway | dedicated-host | dhcp-options | export-image-task | - // export-instance-task | fleet | fpga-image | host-reservation | import-image-task - // | import-snapshot-task | instance | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 - // | key-pair | launch-template | placement-group | prefix-list | natgateway - // | network-acl | route-table | security-group | spot-fleet-request | spot-instances-request + // | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway + // | elastic-ip | elastic-gpu | export-image-task | export-instance-task | fleet + // | fpga-image | host-reservation | image| import-image-task | import-snapshot-task + // | instance | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | + // launch-template | local-gateway-route-table-vpc-association | placement-group + // | prefix-list | natgateway | network-acl | network-interface | reserved-instances + // |route-table | security-group| snapshot | spot-fleet-request | spot-instances-request // | snapshot | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target - // | transit-gateway | transit-gateway-attachment | transit-gateway-route-table - // | volume |vpc | vpc-peering-connection | vpc-endpoint (for interface and - // gateway endpoints) | vpc-endpoint-service (for AWS PrivateLink) | vpc-flow-log - // | vpn-connection | vpn-gateway. + // | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain + // | transit-gateway-route-table | volume |vpc | vpc-peering-connection | vpc-endpoint + // (for interface and gateway endpoints) | vpc-endpoint-service (for AWS PrivateLink) + // | vpc-flow-log | vpn-connection | vpn-gateway. // // To tag a resource after it has been created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `locationName:"resourceType" type:"string" enum:"ResourceType"` @@ -110386,7 +114528,7 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification { // you're willing to pay is reached, the fleet stops launching instances even // if it hasn’t met the target capacity. The MaxTotalPrice parameters are // located in OnDemandOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_OnDemandOptions.html) -// and SpotOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotOptions) +// and SpotOptions (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotOptions). type TargetCapacitySpecification struct { _ struct{} `type:"structure"` @@ -111730,6 +115872,66 @@ func (s *TransitGatewayAttachmentAssociation) SetTransitGatewayRouteTableId(v st return s } +// The BGP configuration information. +type TransitGatewayAttachmentBgpConfiguration struct { + _ struct{} `type:"structure"` + + // The BGP status. + BgpStatus *string `locationName:"bgpStatus" type:"string" enum:"BgpStatus"` + + // The interior BGP peer IP address for the appliance. + PeerAddress *string `locationName:"peerAddress" type:"string"` + + // The peer Autonomous System Number (ASN). + PeerAsn *int64 `locationName:"peerAsn" type:"long"` + + // The interior BGP peer IP address for the transit gateway. + TransitGatewayAddress *string `locationName:"transitGatewayAddress" type:"string"` + + // The transit gateway Autonomous System Number (ASN). + TransitGatewayAsn *int64 `locationName:"transitGatewayAsn" type:"long"` +} + +// String returns the string representation +func (s TransitGatewayAttachmentBgpConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayAttachmentBgpConfiguration) GoString() string { + return s.String() +} + +// SetBgpStatus sets the BgpStatus field's value. +func (s *TransitGatewayAttachmentBgpConfiguration) SetBgpStatus(v string) *TransitGatewayAttachmentBgpConfiguration { + s.BgpStatus = &v + return s +} + +// SetPeerAddress sets the PeerAddress field's value. +func (s *TransitGatewayAttachmentBgpConfiguration) SetPeerAddress(v string) *TransitGatewayAttachmentBgpConfiguration { + s.PeerAddress = &v + return s +} + +// SetPeerAsn sets the PeerAsn field's value. +func (s *TransitGatewayAttachmentBgpConfiguration) SetPeerAsn(v int64) *TransitGatewayAttachmentBgpConfiguration { + s.PeerAsn = &v + return s +} + +// SetTransitGatewayAddress sets the TransitGatewayAddress field's value. +func (s *TransitGatewayAttachmentBgpConfiguration) SetTransitGatewayAddress(v string) *TransitGatewayAttachmentBgpConfiguration { + s.TransitGatewayAddress = &v + return s +} + +// SetTransitGatewayAsn sets the TransitGatewayAsn field's value. +func (s *TransitGatewayAttachmentBgpConfiguration) SetTransitGatewayAsn(v int64) *TransitGatewayAttachmentBgpConfiguration { + s.TransitGatewayAsn = &v + return s +} + // Describes a propagation route table. type TransitGatewayAttachmentPropagation struct { _ struct{} `type:"structure"` @@ -111763,6 +115965,261 @@ func (s *TransitGatewayAttachmentPropagation) SetTransitGatewayRouteTableId(v st return s } +// Describes a transit gateway Connect attachment. +type TransitGatewayConnect struct { + _ struct{} `type:"structure"` + + // The creation time. + CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + + // The Connect attachment options. + Options *TransitGatewayConnectOptions `locationName:"options" type:"structure"` + + // The state of the attachment. + State *string `locationName:"state" type:"string" enum:"TransitGatewayAttachmentState"` + + // The tags for the attachment. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Connect attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` + + // The ID of the transit gateway. + TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + + // The ID of the attachment from which the Connect attachment was created. + TransportTransitGatewayAttachmentId *string `locationName:"transportTransitGatewayAttachmentId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayConnect) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayConnect) GoString() string { + return s.String() +} + +// SetCreationTime sets the CreationTime field's value. +func (s *TransitGatewayConnect) SetCreationTime(v time.Time) *TransitGatewayConnect { + s.CreationTime = &v + return s +} + +// SetOptions sets the Options field's value. +func (s *TransitGatewayConnect) SetOptions(v *TransitGatewayConnectOptions) *TransitGatewayConnect { + s.Options = v + return s +} + +// SetState sets the State field's value. +func (s *TransitGatewayConnect) SetState(v string) *TransitGatewayConnect { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TransitGatewayConnect) SetTags(v []*Tag) *TransitGatewayConnect { + s.Tags = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayConnect) SetTransitGatewayAttachmentId(v string) *TransitGatewayConnect { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *TransitGatewayConnect) SetTransitGatewayId(v string) *TransitGatewayConnect { + s.TransitGatewayId = &v + return s +} + +// SetTransportTransitGatewayAttachmentId sets the TransportTransitGatewayAttachmentId field's value. +func (s *TransitGatewayConnect) SetTransportTransitGatewayAttachmentId(v string) *TransitGatewayConnect { + s.TransportTransitGatewayAttachmentId = &v + return s +} + +// Describes the Connect attachment options. +type TransitGatewayConnectOptions struct { + _ struct{} `type:"structure"` + + // The tunnel protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"ProtocolValue"` +} + +// String returns the string representation +func (s TransitGatewayConnectOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayConnectOptions) GoString() string { + return s.String() +} + +// SetProtocol sets the Protocol field's value. +func (s *TransitGatewayConnectOptions) SetProtocol(v string) *TransitGatewayConnectOptions { + s.Protocol = &v + return s +} + +// Describes a transit gateway Connect peer. +type TransitGatewayConnectPeer struct { + _ struct{} `type:"structure"` + + // The Connect peer details. + ConnectPeerConfiguration *TransitGatewayConnectPeerConfiguration `locationName:"connectPeerConfiguration" type:"structure"` + + // The creation time. + CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + + // The state of the Connect peer. + State *string `locationName:"state" type:"string" enum:"TransitGatewayConnectPeerState"` + + // The tags for the Connect peer. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Connect attachment. + TransitGatewayAttachmentId *string `locationName:"transitGatewayAttachmentId" type:"string"` + + // The ID of the Connect peer. + TransitGatewayConnectPeerId *string `locationName:"transitGatewayConnectPeerId" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayConnectPeer) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayConnectPeer) GoString() string { + return s.String() +} + +// SetConnectPeerConfiguration sets the ConnectPeerConfiguration field's value. +func (s *TransitGatewayConnectPeer) SetConnectPeerConfiguration(v *TransitGatewayConnectPeerConfiguration) *TransitGatewayConnectPeer { + s.ConnectPeerConfiguration = v + return s +} + +// SetCreationTime sets the CreationTime field's value. +func (s *TransitGatewayConnectPeer) SetCreationTime(v time.Time) *TransitGatewayConnectPeer { + s.CreationTime = &v + return s +} + +// SetState sets the State field's value. +func (s *TransitGatewayConnectPeer) SetState(v string) *TransitGatewayConnectPeer { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TransitGatewayConnectPeer) SetTags(v []*Tag) *TransitGatewayConnectPeer { + s.Tags = v + return s +} + +// SetTransitGatewayAttachmentId sets the TransitGatewayAttachmentId field's value. +func (s *TransitGatewayConnectPeer) SetTransitGatewayAttachmentId(v string) *TransitGatewayConnectPeer { + s.TransitGatewayAttachmentId = &v + return s +} + +// SetTransitGatewayConnectPeerId sets the TransitGatewayConnectPeerId field's value. +func (s *TransitGatewayConnectPeer) SetTransitGatewayConnectPeerId(v string) *TransitGatewayConnectPeer { + s.TransitGatewayConnectPeerId = &v + return s +} + +// Describes the Connect peer details. +type TransitGatewayConnectPeerConfiguration struct { + _ struct{} `type:"structure"` + + // The BGP configuration details. + BgpConfigurations []*TransitGatewayAttachmentBgpConfiguration `locationName:"bgpConfigurations" locationNameList:"item" type:"list"` + + // The range of interior BGP peer IP addresses. + InsideCidrBlocks []*string `locationName:"insideCidrBlocks" locationNameList:"item" type:"list"` + + // The Connect peer IP address on the appliance side of the tunnel. + PeerAddress *string `locationName:"peerAddress" type:"string"` + + // The tunnel protocol. + Protocol *string `locationName:"protocol" type:"string" enum:"ProtocolValue"` + + // The Connect peer IP address on the transit gateway side of the tunnel. + TransitGatewayAddress *string `locationName:"transitGatewayAddress" type:"string"` +} + +// String returns the string representation +func (s TransitGatewayConnectPeerConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayConnectPeerConfiguration) GoString() string { + return s.String() +} + +// SetBgpConfigurations sets the BgpConfigurations field's value. +func (s *TransitGatewayConnectPeerConfiguration) SetBgpConfigurations(v []*TransitGatewayAttachmentBgpConfiguration) *TransitGatewayConnectPeerConfiguration { + s.BgpConfigurations = v + return s +} + +// SetInsideCidrBlocks sets the InsideCidrBlocks field's value. +func (s *TransitGatewayConnectPeerConfiguration) SetInsideCidrBlocks(v []*string) *TransitGatewayConnectPeerConfiguration { + s.InsideCidrBlocks = v + return s +} + +// SetPeerAddress sets the PeerAddress field's value. +func (s *TransitGatewayConnectPeerConfiguration) SetPeerAddress(v string) *TransitGatewayConnectPeerConfiguration { + s.PeerAddress = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *TransitGatewayConnectPeerConfiguration) SetProtocol(v string) *TransitGatewayConnectPeerConfiguration { + s.Protocol = &v + return s +} + +// SetTransitGatewayAddress sets the TransitGatewayAddress field's value. +func (s *TransitGatewayConnectPeerConfiguration) SetTransitGatewayAddress(v string) *TransitGatewayConnectPeerConfiguration { + s.TransitGatewayAddress = &v + return s +} + +// The BGP options for the Connect attachment. +type TransitGatewayConnectRequestBgpOptions struct { + _ struct{} `type:"structure"` + + // The peer Autonomous System Number (ASN). + PeerAsn *int64 `type:"long"` +} + +// String returns the string representation +func (s TransitGatewayConnectRequestBgpOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayConnectRequestBgpOptions) GoString() string { + return s.String() +} + +// SetPeerAsn sets the PeerAsn field's value. +func (s *TransitGatewayConnectRequestBgpOptions) SetPeerAsn(v int64) *TransitGatewayConnectRequestBgpOptions { + s.PeerAsn = &v + return s +} + // Describes the deregistered transit gateway multicast group members. type TransitGatewayMulticastDeregisteredGroupMembers struct { _ struct{} `type:"structure"` @@ -111854,6 +116311,12 @@ type TransitGatewayMulticastDomain struct { // The time the transit gateway multicast domain was created. CreationTime *time.Time `locationName:"creationTime" type:"timestamp"` + // The options for the transit gateway multicast domain. + Options *TransitGatewayMulticastDomainOptions `locationName:"options" type:"structure"` + + // The ID of the AWS account that owns the transit gateway multiicast domain. + OwnerId *string `locationName:"ownerId" type:"string"` + // The state of the transit gateway multicast domain. State *string `locationName:"state" type:"string" enum:"TransitGatewayMulticastDomainState"` @@ -111863,6 +116326,9 @@ type TransitGatewayMulticastDomain struct { // The ID of the transit gateway. TransitGatewayId *string `locationName:"transitGatewayId" type:"string"` + // The Amazon Resource Name (ARN) of the transit gateway multicast domain. + TransitGatewayMulticastDomainArn *string `locationName:"transitGatewayMulticastDomainArn" type:"string"` + // The ID of the transit gateway multicast domain. TransitGatewayMulticastDomainId *string `locationName:"transitGatewayMulticastDomainId" type:"string"` } @@ -111883,6 +116349,18 @@ func (s *TransitGatewayMulticastDomain) SetCreationTime(v time.Time) *TransitGat return s } +// SetOptions sets the Options field's value. +func (s *TransitGatewayMulticastDomain) SetOptions(v *TransitGatewayMulticastDomainOptions) *TransitGatewayMulticastDomain { + s.Options = v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *TransitGatewayMulticastDomain) SetOwnerId(v string) *TransitGatewayMulticastDomain { + s.OwnerId = &v + return s +} + // SetState sets the State field's value. func (s *TransitGatewayMulticastDomain) SetState(v string) *TransitGatewayMulticastDomain { s.State = &v @@ -111901,6 +116379,12 @@ func (s *TransitGatewayMulticastDomain) SetTransitGatewayId(v string) *TransitGa return s } +// SetTransitGatewayMulticastDomainArn sets the TransitGatewayMulticastDomainArn field's value. +func (s *TransitGatewayMulticastDomain) SetTransitGatewayMulticastDomainArn(v string) *TransitGatewayMulticastDomain { + s.TransitGatewayMulticastDomainArn = &v + return s +} + // SetTransitGatewayMulticastDomainId sets the TransitGatewayMulticastDomainId field's value. func (s *TransitGatewayMulticastDomain) SetTransitGatewayMulticastDomainId(v string) *TransitGatewayMulticastDomain { s.TransitGatewayMulticastDomainId = &v @@ -111914,6 +116398,10 @@ type TransitGatewayMulticastDomainAssociation struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` + // The ID of the AWS account that owns the transit gateway multicast domain + // association resource. + ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` + // The type of resource, for example a VPC attachment. ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` @@ -111940,6 +116428,12 @@ func (s *TransitGatewayMulticastDomainAssociation) SetResourceId(v string) *Tran return s } +// SetResourceOwnerId sets the ResourceOwnerId field's value. +func (s *TransitGatewayMulticastDomainAssociation) SetResourceOwnerId(v string) *TransitGatewayMulticastDomainAssociation { + s.ResourceOwnerId = &v + return s +} + // SetResourceType sets the ResourceType field's value. func (s *TransitGatewayMulticastDomainAssociation) SetResourceType(v string) *TransitGatewayMulticastDomainAssociation { s.ResourceType = &v @@ -111965,6 +116459,9 @@ type TransitGatewayMulticastDomainAssociations struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` + // The ID of the AWS account that owns the resource. + ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` + // The type of resource, for example a VPC attachment. ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` @@ -111994,6 +116491,12 @@ func (s *TransitGatewayMulticastDomainAssociations) SetResourceId(v string) *Tra return s } +// SetResourceOwnerId sets the ResourceOwnerId field's value. +func (s *TransitGatewayMulticastDomainAssociations) SetResourceOwnerId(v string) *TransitGatewayMulticastDomainAssociations { + s.ResourceOwnerId = &v + return s +} + // SetResourceType sets the ResourceType field's value. func (s *TransitGatewayMulticastDomainAssociations) SetResourceType(v string) *TransitGatewayMulticastDomainAssociations { s.ResourceType = &v @@ -112018,6 +116521,51 @@ func (s *TransitGatewayMulticastDomainAssociations) SetTransitGatewayMulticastDo return s } +// Describes the options for a transit gateway multicast domain. +type TransitGatewayMulticastDomainOptions struct { + _ struct{} `type:"structure"` + + // Indicates whether to automatically cross-account subnet associations that + // are associated with the transit gateway multicast domain. + AutoAcceptSharedAssociations *string `locationName:"autoAcceptSharedAssociations" type:"string" enum:"AutoAcceptSharedAssociationsValue"` + + // Indicates whether Internet Group Management Protocol (IGMP) version 2 is + // turned on for the transit gateway multicast domain. + Igmpv2Support *string `locationName:"igmpv2Support" type:"string" enum:"Igmpv2SupportValue"` + + // Indicates whether support for statically configuring transit gateway multicast + // group sources is turned on. + StaticSourcesSupport *string `locationName:"staticSourcesSupport" type:"string" enum:"StaticSourcesSupportValue"` +} + +// String returns the string representation +func (s TransitGatewayMulticastDomainOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TransitGatewayMulticastDomainOptions) GoString() string { + return s.String() +} + +// SetAutoAcceptSharedAssociations sets the AutoAcceptSharedAssociations field's value. +func (s *TransitGatewayMulticastDomainOptions) SetAutoAcceptSharedAssociations(v string) *TransitGatewayMulticastDomainOptions { + s.AutoAcceptSharedAssociations = &v + return s +} + +// SetIgmpv2Support sets the Igmpv2Support field's value. +func (s *TransitGatewayMulticastDomainOptions) SetIgmpv2Support(v string) *TransitGatewayMulticastDomainOptions { + s.Igmpv2Support = &v + return s +} + +// SetStaticSourcesSupport sets the StaticSourcesSupport field's value. +func (s *TransitGatewayMulticastDomainOptions) SetStaticSourcesSupport(v string) *TransitGatewayMulticastDomainOptions { + s.StaticSourcesSupport = &v + return s +} + // Describes the transit gateway multicast group resources. type TransitGatewayMulticastGroup struct { _ struct{} `type:"structure"` @@ -112040,6 +116588,10 @@ type TransitGatewayMulticastGroup struct { // The ID of the resource. ResourceId *string `locationName:"resourceId" type:"string"` + // The ID of the AWS account that owns the transit gateway multicast domain + // group resource. + ResourceOwnerId *string `locationName:"resourceOwnerId" type:"string"` + // The type of resource, for example a VPC attachment. ResourceType *string `locationName:"resourceType" type:"string" enum:"TransitGatewayAttachmentResourceType"` @@ -112099,6 +116651,12 @@ func (s *TransitGatewayMulticastGroup) SetResourceId(v string) *TransitGatewayMu return s } +// SetResourceOwnerId sets the ResourceOwnerId field's value. +func (s *TransitGatewayMulticastGroup) SetResourceOwnerId(v string) *TransitGatewayMulticastGroup { + s.ResourceOwnerId = &v + return s +} + // SetResourceType sets the ResourceType field's value. func (s *TransitGatewayMulticastGroup) SetResourceType(v string) *TransitGatewayMulticastGroup { s.ResourceType = &v @@ -112240,6 +116798,9 @@ type TransitGatewayOptions struct { // The ID of the default propagation route table. PropagationDefaultRouteTableId *string `locationName:"propagationDefaultRouteTableId" type:"string"` + // The transit gateway CIDR blocks. + TransitGatewayCidrBlocks []*string `locationName:"transitGatewayCidrBlocks" locationNameList:"item" type:"list"` + // Indicates whether Equal Cost Multipath Protocol support is enabled. VpnEcmpSupport *string `locationName:"vpnEcmpSupport" type:"string" enum:"VpnEcmpSupportValue"` } @@ -112302,6 +116863,12 @@ func (s *TransitGatewayOptions) SetPropagationDefaultRouteTableId(v string) *Tra return s } +// SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. +func (s *TransitGatewayOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayOptions { + s.TransitGatewayCidrBlocks = v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *TransitGatewayOptions) SetVpnEcmpSupport(v string) *TransitGatewayOptions { s.VpnEcmpSupport = &v @@ -112585,6 +117152,11 @@ type TransitGatewayRequestOptions struct { // Indicates whether multicast is enabled on the transit gateway MulticastSupport *string `type:"string" enum:"MulticastSupportValue"` + // One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size + // /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for + // IPv6. + TransitGatewayCidrBlocks []*string `locationNameList:"item" type:"list"` + // Enable or disable Equal Cost Multipath Protocol support. Enabled by default. VpnEcmpSupport *string `type:"string" enum:"VpnEcmpSupportValue"` } @@ -112635,6 +117207,12 @@ func (s *TransitGatewayRequestOptions) SetMulticastSupport(v string) *TransitGat return s } +// SetTransitGatewayCidrBlocks sets the TransitGatewayCidrBlocks field's value. +func (s *TransitGatewayRequestOptions) SetTransitGatewayCidrBlocks(v []*string) *TransitGatewayRequestOptions { + s.TransitGatewayCidrBlocks = v + return s +} + // SetVpnEcmpSupport sets the VpnEcmpSupport field's value. func (s *TransitGatewayRequestOptions) SetVpnEcmpSupport(v string) *TransitGatewayRequestOptions { s.VpnEcmpSupport = &v @@ -114473,6 +119051,9 @@ type VolumeModification struct { // The original IOPS rate of the volume. OriginalIops *int64 `locationName:"originalIops" type:"integer"` + // The original setting for Amazon EBS Multi-Attach. + OriginalMultiAttachEnabled *bool `locationName:"originalMultiAttachEnabled" type:"boolean"` + // The original size of the volume, in GiB. OriginalSize *int64 `locationName:"originalSize" type:"integer"` @@ -114494,6 +119075,9 @@ type VolumeModification struct { // The target IOPS rate of the volume. TargetIops *int64 `locationName:"targetIops" type:"integer"` + // The target setting for Amazon EBS Multi-Attach. + TargetMultiAttachEnabled *bool `locationName:"targetMultiAttachEnabled" type:"boolean"` + // The target size of the volume, in GiB. TargetSize *int64 `locationName:"targetSize" type:"integer"` @@ -114535,6 +119119,12 @@ func (s *VolumeModification) SetOriginalIops(v int64) *VolumeModification { return s } +// SetOriginalMultiAttachEnabled sets the OriginalMultiAttachEnabled field's value. +func (s *VolumeModification) SetOriginalMultiAttachEnabled(v bool) *VolumeModification { + s.OriginalMultiAttachEnabled = &v + return s +} + // SetOriginalSize sets the OriginalSize field's value. func (s *VolumeModification) SetOriginalSize(v int64) *VolumeModification { s.OriginalSize = &v @@ -114577,6 +119167,12 @@ func (s *VolumeModification) SetTargetIops(v int64) *VolumeModification { return s } +// SetTargetMultiAttachEnabled sets the TargetMultiAttachEnabled field's value. +func (s *VolumeModification) SetTargetMultiAttachEnabled(v bool) *VolumeModification { + s.TargetMultiAttachEnabled = &v + return s +} + // SetTargetSize sets the TargetSize field's value. func (s *VolumeModification) SetTargetSize(v int64) *VolumeModification { s.TargetSize = &v @@ -116598,6 +121194,26 @@ func AllowsMultipleInstanceTypes_Values() []string { } } +const ( + // AnalysisStatusRunning is a AnalysisStatus enum value + AnalysisStatusRunning = "running" + + // AnalysisStatusSucceeded is a AnalysisStatus enum value + AnalysisStatusSucceeded = "succeeded" + + // AnalysisStatusFailed is a AnalysisStatus enum value + AnalysisStatusFailed = "failed" +) + +// AnalysisStatus_Values returns all elements of the AnalysisStatus enum +func AnalysisStatus_Values() []string { + return []string{ + AnalysisStatusRunning, + AnalysisStatusSucceeded, + AnalysisStatusFailed, + } +} + const ( // ApplianceModeSupportValueEnable is a ApplianceModeSupportValue enum value ApplianceModeSupportValueEnable = "enable" @@ -116718,6 +121334,22 @@ func AttachmentStatus_Values() []string { } } +const ( + // AutoAcceptSharedAssociationsValueEnable is a AutoAcceptSharedAssociationsValue enum value + AutoAcceptSharedAssociationsValueEnable = "enable" + + // AutoAcceptSharedAssociationsValueDisable is a AutoAcceptSharedAssociationsValue enum value + AutoAcceptSharedAssociationsValueDisable = "disable" +) + +// AutoAcceptSharedAssociationsValue_Values returns all elements of the AutoAcceptSharedAssociationsValue enum +func AutoAcceptSharedAssociationsValue_Values() []string { + return []string{ + AutoAcceptSharedAssociationsValueEnable, + AutoAcceptSharedAssociationsValueDisable, + } +} + const ( // AutoAcceptSharedAttachmentsValueEnable is a AutoAcceptSharedAttachmentsValue enum value AutoAcceptSharedAttachmentsValueEnable = "enable" @@ -116830,6 +121462,22 @@ func BatchState_Values() []string { } } +const ( + // BgpStatusUp is a BgpStatus enum value + BgpStatusUp = "up" + + // BgpStatusDown is a BgpStatus enum value + BgpStatusDown = "down" +) + +// BgpStatus_Values returns all elements of the BgpStatus enum +func BgpStatus_Values() []string { + return []string{ + BgpStatusUp, + BgpStatusDown, + } +} + const ( // BundleTaskStatePending is a BundleTaskState enum value BundleTaskStatePending = "pending" @@ -118146,6 +122794,22 @@ func IamInstanceProfileAssociationState_Values() []string { } } +const ( + // Igmpv2SupportValueEnable is a Igmpv2SupportValue enum value + Igmpv2SupportValueEnable = "enable" + + // Igmpv2SupportValueDisable is a Igmpv2SupportValue enum value + Igmpv2SupportValueDisable = "disable" +) + +// Igmpv2SupportValue_Values returns all elements of the Igmpv2SupportValue enum +func Igmpv2SupportValue_Values() []string { + return []string{ + Igmpv2SupportValueEnable, + Igmpv2SupportValueDisable, + } +} + const ( // ImageAttributeNameDescription is a ImageAttributeName enum value ImageAttributeNameDescription = "description" @@ -119055,6 +123719,9 @@ const ( // InstanceTypeC5n18xlarge is a InstanceType enum value InstanceTypeC5n18xlarge = "c5n.18xlarge" + // InstanceTypeC5nMetal is a InstanceType enum value + InstanceTypeC5nMetal = "c5n.metal" + // InstanceTypeC6gMetal is a InstanceType enum value InstanceTypeC6gMetal = "c6g.metal" @@ -119109,6 +123776,30 @@ const ( // InstanceTypeC6gd16xlarge is a InstanceType enum value InstanceTypeC6gd16xlarge = "c6gd.16xlarge" + // InstanceTypeC6gnMedium is a InstanceType enum value + InstanceTypeC6gnMedium = "c6gn.medium" + + // InstanceTypeC6gnLarge is a InstanceType enum value + InstanceTypeC6gnLarge = "c6gn.large" + + // InstanceTypeC6gnXlarge is a InstanceType enum value + InstanceTypeC6gnXlarge = "c6gn.xlarge" + + // InstanceTypeC6gn2xlarge is a InstanceType enum value + InstanceTypeC6gn2xlarge = "c6gn.2xlarge" + + // InstanceTypeC6gn4xlarge is a InstanceType enum value + InstanceTypeC6gn4xlarge = "c6gn.4xlarge" + + // InstanceTypeC6gn8xlarge is a InstanceType enum value + InstanceTypeC6gn8xlarge = "c6gn.8xlarge" + + // InstanceTypeC6gn12xlarge is a InstanceType enum value + InstanceTypeC6gn12xlarge = "c6gn.12xlarge" + + // InstanceTypeC6gn16xlarge is a InstanceType enum value + InstanceTypeC6gn16xlarge = "c6gn.16xlarge" + // InstanceTypeCc14xlarge is a InstanceType enum value InstanceTypeCc14xlarge = "cc1.4xlarge" @@ -119133,6 +123824,15 @@ const ( // InstanceTypeG3sXlarge is a InstanceType enum value InstanceTypeG3sXlarge = "g3s.xlarge" + // InstanceTypeG4ad4xlarge is a InstanceType enum value + InstanceTypeG4ad4xlarge = "g4ad.4xlarge" + + // InstanceTypeG4ad8xlarge is a InstanceType enum value + InstanceTypeG4ad8xlarge = "g4ad.8xlarge" + + // InstanceTypeG4ad16xlarge is a InstanceType enum value + InstanceTypeG4ad16xlarge = "g4ad.16xlarge" + // InstanceTypeG4dnXlarge is a InstanceType enum value InstanceTypeG4dnXlarge = "g4dn.xlarge" @@ -119790,6 +124490,7 @@ func InstanceType_Values() []string { InstanceTypeC5n4xlarge, InstanceTypeC5n9xlarge, InstanceTypeC5n18xlarge, + InstanceTypeC5nMetal, InstanceTypeC6gMetal, InstanceTypeC6gMedium, InstanceTypeC6gLarge, @@ -119808,6 +124509,14 @@ func InstanceType_Values() []string { InstanceTypeC6gd8xlarge, InstanceTypeC6gd12xlarge, InstanceTypeC6gd16xlarge, + InstanceTypeC6gnMedium, + InstanceTypeC6gnLarge, + InstanceTypeC6gnXlarge, + InstanceTypeC6gn2xlarge, + InstanceTypeC6gn4xlarge, + InstanceTypeC6gn8xlarge, + InstanceTypeC6gn12xlarge, + InstanceTypeC6gn16xlarge, InstanceTypeCc14xlarge, InstanceTypeCc28xlarge, InstanceTypeG22xlarge, @@ -119816,6 +124525,9 @@ func InstanceType_Values() []string { InstanceTypeG38xlarge, InstanceTypeG316xlarge, InstanceTypeG3sXlarge, + InstanceTypeG4ad4xlarge, + InstanceTypeG4ad8xlarge, + InstanceTypeG4ad16xlarge, InstanceTypeG4dnXlarge, InstanceTypeG4dn2xlarge, InstanceTypeG4dn4xlarge, @@ -120754,6 +125466,34 @@ func ProductCodeValues_Values() []string { } } +const ( + // ProtocolTcp is a Protocol enum value + ProtocolTcp = "tcp" + + // ProtocolUdp is a Protocol enum value + ProtocolUdp = "udp" +) + +// Protocol_Values returns all elements of the Protocol enum +func Protocol_Values() []string { + return []string{ + ProtocolTcp, + ProtocolUdp, + } +} + +const ( + // ProtocolValueGre is a ProtocolValue enum value + ProtocolValueGre = "gre" +) + +// ProtocolValue_Values returns all elements of the ProtocolValue enum +func ProtocolValue_Values() []string { + return []string{ + ProtocolValueGre, + } +} + const ( // RIProductDescriptionLinuxUnix is a RIProductDescription enum value RIProductDescriptionLinuxUnix = "Linux/UNIX" @@ -121012,6 +125752,12 @@ const ( // ResourceTypeNetworkInterface is a ResourceType enum value ResourceTypeNetworkInterface = "network-interface" + // ResourceTypeNetworkInsightsAnalysis is a ResourceType enum value + ResourceTypeNetworkInsightsAnalysis = "network-insights-analysis" + + // ResourceTypeNetworkInsightsPath is a ResourceType enum value + ResourceTypeNetworkInsightsPath = "network-insights-path" + // ResourceTypePlacementGroup is a ResourceType enum value ResourceTypePlacementGroup = "placement-group" @@ -121051,6 +125797,9 @@ const ( // ResourceTypeTransitGatewayAttachment is a ResourceType enum value ResourceTypeTransitGatewayAttachment = "transit-gateway-attachment" + // ResourceTypeTransitGatewayConnectPeer is a ResourceType enum value + ResourceTypeTransitGatewayConnectPeer = "transit-gateway-connect-peer" + // ResourceTypeTransitGatewayMulticastDomain is a ResourceType enum value ResourceTypeTransitGatewayMulticastDomain = "transit-gateway-multicast-domain" @@ -121102,6 +125851,8 @@ func ResourceType_Values() []string { ResourceTypeNatgateway, ResourceTypeNetworkAcl, ResourceTypeNetworkInterface, + ResourceTypeNetworkInsightsAnalysis, + ResourceTypeNetworkInsightsPath, ResourceTypePlacementGroup, ResourceTypeReservedInstances, ResourceTypeRouteTable, @@ -121115,6 +125866,7 @@ func ResourceType_Values() []string { ResourceTypeTrafficMirrorTarget, ResourceTypeTransitGateway, ResourceTypeTransitGatewayAttachment, + ResourceTypeTransitGatewayConnectPeer, ResourceTypeTransitGatewayMulticastDomain, ResourceTypeTransitGatewayRouteTable, ResourceTypeVolume, @@ -121478,6 +126230,22 @@ func State_Values() []string { } } +const ( + // StaticSourcesSupportValueEnable is a StaticSourcesSupportValue enum value + StaticSourcesSupportValueEnable = "enable" + + // StaticSourcesSupportValueDisable is a StaticSourcesSupportValue enum value + StaticSourcesSupportValueDisable = "disable" +) + +// StaticSourcesSupportValue_Values returns all elements of the StaticSourcesSupportValue enum +func StaticSourcesSupportValue_Values() []string { + return []string{ + StaticSourcesSupportValueEnable, + StaticSourcesSupportValueDisable, + } +} + const ( // StatusMoveInProgress is a Status enum value StatusMoveInProgress = "MoveInProgress" @@ -121804,6 +126572,9 @@ const ( // TransitGatewayAttachmentResourceTypeDirectConnectGateway is a TransitGatewayAttachmentResourceType enum value TransitGatewayAttachmentResourceTypeDirectConnectGateway = "direct-connect-gateway" + // TransitGatewayAttachmentResourceTypeConnect is a TransitGatewayAttachmentResourceType enum value + TransitGatewayAttachmentResourceTypeConnect = "connect" + // TransitGatewayAttachmentResourceTypePeering is a TransitGatewayAttachmentResourceType enum value TransitGatewayAttachmentResourceTypePeering = "peering" @@ -121817,6 +126588,7 @@ func TransitGatewayAttachmentResourceType_Values() []string { TransitGatewayAttachmentResourceTypeVpc, TransitGatewayAttachmentResourceTypeVpn, TransitGatewayAttachmentResourceTypeDirectConnectGateway, + TransitGatewayAttachmentResourceTypeConnect, TransitGatewayAttachmentResourceTypePeering, TransitGatewayAttachmentResourceTypeTgwPeering, } @@ -121883,6 +126655,33 @@ func TransitGatewayAttachmentState_Values() []string { } const ( + // TransitGatewayConnectPeerStatePending is a TransitGatewayConnectPeerState enum value + TransitGatewayConnectPeerStatePending = "pending" + + // TransitGatewayConnectPeerStateAvailable is a TransitGatewayConnectPeerState enum value + TransitGatewayConnectPeerStateAvailable = "available" + + // TransitGatewayConnectPeerStateDeleting is a TransitGatewayConnectPeerState enum value + TransitGatewayConnectPeerStateDeleting = "deleting" + + // TransitGatewayConnectPeerStateDeleted is a TransitGatewayConnectPeerState enum value + TransitGatewayConnectPeerStateDeleted = "deleted" +) + +// TransitGatewayConnectPeerState_Values returns all elements of the TransitGatewayConnectPeerState enum +func TransitGatewayConnectPeerState_Values() []string { + return []string{ + TransitGatewayConnectPeerStatePending, + TransitGatewayConnectPeerStateAvailable, + TransitGatewayConnectPeerStateDeleting, + TransitGatewayConnectPeerStateDeleted, + } +} + +const ( + // TransitGatewayMulitcastDomainAssociationStatePendingAcceptance is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStatePendingAcceptance = "pendingAcceptance" + // TransitGatewayMulitcastDomainAssociationStateAssociating is a TransitGatewayMulitcastDomainAssociationState enum value TransitGatewayMulitcastDomainAssociationStateAssociating = "associating" @@ -121894,15 +126693,24 @@ const ( // TransitGatewayMulitcastDomainAssociationStateDisassociated is a TransitGatewayMulitcastDomainAssociationState enum value TransitGatewayMulitcastDomainAssociationStateDisassociated = "disassociated" + + // TransitGatewayMulitcastDomainAssociationStateRejected is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateRejected = "rejected" + + // TransitGatewayMulitcastDomainAssociationStateFailed is a TransitGatewayMulitcastDomainAssociationState enum value + TransitGatewayMulitcastDomainAssociationStateFailed = "failed" ) // TransitGatewayMulitcastDomainAssociationState_Values returns all elements of the TransitGatewayMulitcastDomainAssociationState enum func TransitGatewayMulitcastDomainAssociationState_Values() []string { return []string{ + TransitGatewayMulitcastDomainAssociationStatePendingAcceptance, TransitGatewayMulitcastDomainAssociationStateAssociating, TransitGatewayMulitcastDomainAssociationStateAssociated, TransitGatewayMulitcastDomainAssociationStateDisassociating, TransitGatewayMulitcastDomainAssociationStateDisassociated, + TransitGatewayMulitcastDomainAssociationStateRejected, + TransitGatewayMulitcastDomainAssociationStateFailed, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go index dd70a8f072..e866cf9039 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/ec2iface/interface.go @@ -64,6 +64,10 @@ type EC2API interface { AcceptReservedInstancesExchangeQuoteWithContext(aws.Context, *ec2.AcceptReservedInstancesExchangeQuoteInput, ...request.Option) (*ec2.AcceptReservedInstancesExchangeQuoteOutput, error) AcceptReservedInstancesExchangeQuoteRequest(*ec2.AcceptReservedInstancesExchangeQuoteInput) (*request.Request, *ec2.AcceptReservedInstancesExchangeQuoteOutput) + AcceptTransitGatewayMulticastDomainAssociations(*ec2.AcceptTransitGatewayMulticastDomainAssociationsInput) (*ec2.AcceptTransitGatewayMulticastDomainAssociationsOutput, error) + AcceptTransitGatewayMulticastDomainAssociationsWithContext(aws.Context, *ec2.AcceptTransitGatewayMulticastDomainAssociationsInput, ...request.Option) (*ec2.AcceptTransitGatewayMulticastDomainAssociationsOutput, error) + AcceptTransitGatewayMulticastDomainAssociationsRequest(*ec2.AcceptTransitGatewayMulticastDomainAssociationsInput) (*request.Request, *ec2.AcceptTransitGatewayMulticastDomainAssociationsOutput) + AcceptTransitGatewayPeeringAttachment(*ec2.AcceptTransitGatewayPeeringAttachmentInput) (*ec2.AcceptTransitGatewayPeeringAttachmentOutput, error) AcceptTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.AcceptTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.AcceptTransitGatewayPeeringAttachmentOutput, error) AcceptTransitGatewayPeeringAttachmentRequest(*ec2.AcceptTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.AcceptTransitGatewayPeeringAttachmentOutput) @@ -324,6 +328,10 @@ type EC2API interface { CreateNetworkAclEntryWithContext(aws.Context, *ec2.CreateNetworkAclEntryInput, ...request.Option) (*ec2.CreateNetworkAclEntryOutput, error) CreateNetworkAclEntryRequest(*ec2.CreateNetworkAclEntryInput) (*request.Request, *ec2.CreateNetworkAclEntryOutput) + CreateNetworkInsightsPath(*ec2.CreateNetworkInsightsPathInput) (*ec2.CreateNetworkInsightsPathOutput, error) + CreateNetworkInsightsPathWithContext(aws.Context, *ec2.CreateNetworkInsightsPathInput, ...request.Option) (*ec2.CreateNetworkInsightsPathOutput, error) + CreateNetworkInsightsPathRequest(*ec2.CreateNetworkInsightsPathInput) (*request.Request, *ec2.CreateNetworkInsightsPathOutput) + CreateNetworkInterface(*ec2.CreateNetworkInterfaceInput) (*ec2.CreateNetworkInterfaceOutput, error) CreateNetworkInterfaceWithContext(aws.Context, *ec2.CreateNetworkInterfaceInput, ...request.Option) (*ec2.CreateNetworkInterfaceOutput, error) CreateNetworkInterfaceRequest(*ec2.CreateNetworkInterfaceInput) (*request.Request, *ec2.CreateNetworkInterfaceOutput) @@ -392,6 +400,14 @@ type EC2API interface { CreateTransitGatewayWithContext(aws.Context, *ec2.CreateTransitGatewayInput, ...request.Option) (*ec2.CreateTransitGatewayOutput, error) CreateTransitGatewayRequest(*ec2.CreateTransitGatewayInput) (*request.Request, *ec2.CreateTransitGatewayOutput) + CreateTransitGatewayConnect(*ec2.CreateTransitGatewayConnectInput) (*ec2.CreateTransitGatewayConnectOutput, error) + CreateTransitGatewayConnectWithContext(aws.Context, *ec2.CreateTransitGatewayConnectInput, ...request.Option) (*ec2.CreateTransitGatewayConnectOutput, error) + CreateTransitGatewayConnectRequest(*ec2.CreateTransitGatewayConnectInput) (*request.Request, *ec2.CreateTransitGatewayConnectOutput) + + CreateTransitGatewayConnectPeer(*ec2.CreateTransitGatewayConnectPeerInput) (*ec2.CreateTransitGatewayConnectPeerOutput, error) + CreateTransitGatewayConnectPeerWithContext(aws.Context, *ec2.CreateTransitGatewayConnectPeerInput, ...request.Option) (*ec2.CreateTransitGatewayConnectPeerOutput, error) + CreateTransitGatewayConnectPeerRequest(*ec2.CreateTransitGatewayConnectPeerInput) (*request.Request, *ec2.CreateTransitGatewayConnectPeerOutput) + CreateTransitGatewayMulticastDomain(*ec2.CreateTransitGatewayMulticastDomainInput) (*ec2.CreateTransitGatewayMulticastDomainOutput, error) CreateTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.CreateTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.CreateTransitGatewayMulticastDomainOutput, error) CreateTransitGatewayMulticastDomainRequest(*ec2.CreateTransitGatewayMulticastDomainInput) (*request.Request, *ec2.CreateTransitGatewayMulticastDomainOutput) @@ -528,6 +544,14 @@ type EC2API interface { DeleteNetworkAclEntryWithContext(aws.Context, *ec2.DeleteNetworkAclEntryInput, ...request.Option) (*ec2.DeleteNetworkAclEntryOutput, error) DeleteNetworkAclEntryRequest(*ec2.DeleteNetworkAclEntryInput) (*request.Request, *ec2.DeleteNetworkAclEntryOutput) + DeleteNetworkInsightsAnalysis(*ec2.DeleteNetworkInsightsAnalysisInput) (*ec2.DeleteNetworkInsightsAnalysisOutput, error) + DeleteNetworkInsightsAnalysisWithContext(aws.Context, *ec2.DeleteNetworkInsightsAnalysisInput, ...request.Option) (*ec2.DeleteNetworkInsightsAnalysisOutput, error) + DeleteNetworkInsightsAnalysisRequest(*ec2.DeleteNetworkInsightsAnalysisInput) (*request.Request, *ec2.DeleteNetworkInsightsAnalysisOutput) + + DeleteNetworkInsightsPath(*ec2.DeleteNetworkInsightsPathInput) (*ec2.DeleteNetworkInsightsPathOutput, error) + DeleteNetworkInsightsPathWithContext(aws.Context, *ec2.DeleteNetworkInsightsPathInput, ...request.Option) (*ec2.DeleteNetworkInsightsPathOutput, error) + DeleteNetworkInsightsPathRequest(*ec2.DeleteNetworkInsightsPathInput) (*request.Request, *ec2.DeleteNetworkInsightsPathOutput) + DeleteNetworkInterface(*ec2.DeleteNetworkInterfaceInput) (*ec2.DeleteNetworkInterfaceOutput, error) DeleteNetworkInterfaceWithContext(aws.Context, *ec2.DeleteNetworkInterfaceInput, ...request.Option) (*ec2.DeleteNetworkInterfaceOutput, error) DeleteNetworkInterfaceRequest(*ec2.DeleteNetworkInterfaceInput) (*request.Request, *ec2.DeleteNetworkInterfaceOutput) @@ -592,6 +616,14 @@ type EC2API interface { DeleteTransitGatewayWithContext(aws.Context, *ec2.DeleteTransitGatewayInput, ...request.Option) (*ec2.DeleteTransitGatewayOutput, error) DeleteTransitGatewayRequest(*ec2.DeleteTransitGatewayInput) (*request.Request, *ec2.DeleteTransitGatewayOutput) + DeleteTransitGatewayConnect(*ec2.DeleteTransitGatewayConnectInput) (*ec2.DeleteTransitGatewayConnectOutput, error) + DeleteTransitGatewayConnectWithContext(aws.Context, *ec2.DeleteTransitGatewayConnectInput, ...request.Option) (*ec2.DeleteTransitGatewayConnectOutput, error) + DeleteTransitGatewayConnectRequest(*ec2.DeleteTransitGatewayConnectInput) (*request.Request, *ec2.DeleteTransitGatewayConnectOutput) + + DeleteTransitGatewayConnectPeer(*ec2.DeleteTransitGatewayConnectPeerInput) (*ec2.DeleteTransitGatewayConnectPeerOutput, error) + DeleteTransitGatewayConnectPeerWithContext(aws.Context, *ec2.DeleteTransitGatewayConnectPeerInput, ...request.Option) (*ec2.DeleteTransitGatewayConnectPeerOutput, error) + DeleteTransitGatewayConnectPeerRequest(*ec2.DeleteTransitGatewayConnectPeerInput) (*request.Request, *ec2.DeleteTransitGatewayConnectPeerOutput) + DeleteTransitGatewayMulticastDomain(*ec2.DeleteTransitGatewayMulticastDomainInput) (*ec2.DeleteTransitGatewayMulticastDomainOutput, error) DeleteTransitGatewayMulticastDomainWithContext(aws.Context, *ec2.DeleteTransitGatewayMulticastDomainInput, ...request.Option) (*ec2.DeleteTransitGatewayMulticastDomainOutput, error) DeleteTransitGatewayMulticastDomainRequest(*ec2.DeleteTransitGatewayMulticastDomainInput) (*request.Request, *ec2.DeleteTransitGatewayMulticastDomainOutput) @@ -1042,6 +1074,20 @@ type EC2API interface { DescribeNetworkAclsPages(*ec2.DescribeNetworkAclsInput, func(*ec2.DescribeNetworkAclsOutput, bool) bool) error DescribeNetworkAclsPagesWithContext(aws.Context, *ec2.DescribeNetworkAclsInput, func(*ec2.DescribeNetworkAclsOutput, bool) bool, ...request.Option) error + DescribeNetworkInsightsAnalyses(*ec2.DescribeNetworkInsightsAnalysesInput) (*ec2.DescribeNetworkInsightsAnalysesOutput, error) + DescribeNetworkInsightsAnalysesWithContext(aws.Context, *ec2.DescribeNetworkInsightsAnalysesInput, ...request.Option) (*ec2.DescribeNetworkInsightsAnalysesOutput, error) + DescribeNetworkInsightsAnalysesRequest(*ec2.DescribeNetworkInsightsAnalysesInput) (*request.Request, *ec2.DescribeNetworkInsightsAnalysesOutput) + + DescribeNetworkInsightsAnalysesPages(*ec2.DescribeNetworkInsightsAnalysesInput, func(*ec2.DescribeNetworkInsightsAnalysesOutput, bool) bool) error + DescribeNetworkInsightsAnalysesPagesWithContext(aws.Context, *ec2.DescribeNetworkInsightsAnalysesInput, func(*ec2.DescribeNetworkInsightsAnalysesOutput, bool) bool, ...request.Option) error + + DescribeNetworkInsightsPaths(*ec2.DescribeNetworkInsightsPathsInput) (*ec2.DescribeNetworkInsightsPathsOutput, error) + DescribeNetworkInsightsPathsWithContext(aws.Context, *ec2.DescribeNetworkInsightsPathsInput, ...request.Option) (*ec2.DescribeNetworkInsightsPathsOutput, error) + DescribeNetworkInsightsPathsRequest(*ec2.DescribeNetworkInsightsPathsInput) (*request.Request, *ec2.DescribeNetworkInsightsPathsOutput) + + DescribeNetworkInsightsPathsPages(*ec2.DescribeNetworkInsightsPathsInput, func(*ec2.DescribeNetworkInsightsPathsOutput, bool) bool) error + DescribeNetworkInsightsPathsPagesWithContext(aws.Context, *ec2.DescribeNetworkInsightsPathsInput, func(*ec2.DescribeNetworkInsightsPathsOutput, bool) bool, ...request.Option) error + DescribeNetworkInterfaceAttribute(*ec2.DescribeNetworkInterfaceAttributeInput) (*ec2.DescribeNetworkInterfaceAttributeOutput, error) DescribeNetworkInterfaceAttributeWithContext(aws.Context, *ec2.DescribeNetworkInterfaceAttributeInput, ...request.Option) (*ec2.DescribeNetworkInterfaceAttributeOutput, error) DescribeNetworkInterfaceAttributeRequest(*ec2.DescribeNetworkInterfaceAttributeInput) (*request.Request, *ec2.DescribeNetworkInterfaceAttributeOutput) @@ -1236,6 +1282,20 @@ type EC2API interface { DescribeTransitGatewayAttachmentsPages(*ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool) error DescribeTransitGatewayAttachmentsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayAttachmentsInput, func(*ec2.DescribeTransitGatewayAttachmentsOutput, bool) bool, ...request.Option) error + DescribeTransitGatewayConnectPeers(*ec2.DescribeTransitGatewayConnectPeersInput) (*ec2.DescribeTransitGatewayConnectPeersOutput, error) + DescribeTransitGatewayConnectPeersWithContext(aws.Context, *ec2.DescribeTransitGatewayConnectPeersInput, ...request.Option) (*ec2.DescribeTransitGatewayConnectPeersOutput, error) + DescribeTransitGatewayConnectPeersRequest(*ec2.DescribeTransitGatewayConnectPeersInput) (*request.Request, *ec2.DescribeTransitGatewayConnectPeersOutput) + + DescribeTransitGatewayConnectPeersPages(*ec2.DescribeTransitGatewayConnectPeersInput, func(*ec2.DescribeTransitGatewayConnectPeersOutput, bool) bool) error + DescribeTransitGatewayConnectPeersPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayConnectPeersInput, func(*ec2.DescribeTransitGatewayConnectPeersOutput, bool) bool, ...request.Option) error + + DescribeTransitGatewayConnects(*ec2.DescribeTransitGatewayConnectsInput) (*ec2.DescribeTransitGatewayConnectsOutput, error) + DescribeTransitGatewayConnectsWithContext(aws.Context, *ec2.DescribeTransitGatewayConnectsInput, ...request.Option) (*ec2.DescribeTransitGatewayConnectsOutput, error) + DescribeTransitGatewayConnectsRequest(*ec2.DescribeTransitGatewayConnectsInput) (*request.Request, *ec2.DescribeTransitGatewayConnectsOutput) + + DescribeTransitGatewayConnectsPages(*ec2.DescribeTransitGatewayConnectsInput, func(*ec2.DescribeTransitGatewayConnectsOutput, bool) bool) error + DescribeTransitGatewayConnectsPagesWithContext(aws.Context, *ec2.DescribeTransitGatewayConnectsInput, func(*ec2.DescribeTransitGatewayConnectsOutput, bool) bool, ...request.Option) error + DescribeTransitGatewayMulticastDomains(*ec2.DescribeTransitGatewayMulticastDomainsInput) (*ec2.DescribeTransitGatewayMulticastDomainsOutput, error) DescribeTransitGatewayMulticastDomainsWithContext(aws.Context, *ec2.DescribeTransitGatewayMulticastDomainsInput, ...request.Option) (*ec2.DescribeTransitGatewayMulticastDomainsOutput, error) DescribeTransitGatewayMulticastDomainsRequest(*ec2.DescribeTransitGatewayMulticastDomainsInput) (*request.Request, *ec2.DescribeTransitGatewayMulticastDomainsOutput) @@ -1847,6 +1907,10 @@ type EC2API interface { RegisterTransitGatewayMulticastGroupSourcesWithContext(aws.Context, *ec2.RegisterTransitGatewayMulticastGroupSourcesInput, ...request.Option) (*ec2.RegisterTransitGatewayMulticastGroupSourcesOutput, error) RegisterTransitGatewayMulticastGroupSourcesRequest(*ec2.RegisterTransitGatewayMulticastGroupSourcesInput) (*request.Request, *ec2.RegisterTransitGatewayMulticastGroupSourcesOutput) + RejectTransitGatewayMulticastDomainAssociations(*ec2.RejectTransitGatewayMulticastDomainAssociationsInput) (*ec2.RejectTransitGatewayMulticastDomainAssociationsOutput, error) + RejectTransitGatewayMulticastDomainAssociationsWithContext(aws.Context, *ec2.RejectTransitGatewayMulticastDomainAssociationsInput, ...request.Option) (*ec2.RejectTransitGatewayMulticastDomainAssociationsOutput, error) + RejectTransitGatewayMulticastDomainAssociationsRequest(*ec2.RejectTransitGatewayMulticastDomainAssociationsInput) (*request.Request, *ec2.RejectTransitGatewayMulticastDomainAssociationsOutput) + RejectTransitGatewayPeeringAttachment(*ec2.RejectTransitGatewayPeeringAttachmentInput) (*ec2.RejectTransitGatewayPeeringAttachmentOutput, error) RejectTransitGatewayPeeringAttachmentWithContext(aws.Context, *ec2.RejectTransitGatewayPeeringAttachmentInput, ...request.Option) (*ec2.RejectTransitGatewayPeeringAttachmentOutput, error) RejectTransitGatewayPeeringAttachmentRequest(*ec2.RejectTransitGatewayPeeringAttachmentInput) (*request.Request, *ec2.RejectTransitGatewayPeeringAttachmentOutput) @@ -1985,6 +2049,10 @@ type EC2API interface { StartInstancesWithContext(aws.Context, *ec2.StartInstancesInput, ...request.Option) (*ec2.StartInstancesOutput, error) StartInstancesRequest(*ec2.StartInstancesInput) (*request.Request, *ec2.StartInstancesOutput) + StartNetworkInsightsAnalysis(*ec2.StartNetworkInsightsAnalysisInput) (*ec2.StartNetworkInsightsAnalysisOutput, error) + StartNetworkInsightsAnalysisWithContext(aws.Context, *ec2.StartNetworkInsightsAnalysisInput, ...request.Option) (*ec2.StartNetworkInsightsAnalysisOutput, error) + StartNetworkInsightsAnalysisRequest(*ec2.StartNetworkInsightsAnalysisInput) (*request.Request, *ec2.StartNetworkInsightsAnalysisOutput) + StartVpcEndpointServicePrivateDnsVerification(*ec2.StartVpcEndpointServicePrivateDnsVerificationInput) (*ec2.StartVpcEndpointServicePrivateDnsVerificationOutput, error) StartVpcEndpointServicePrivateDnsVerificationWithContext(aws.Context, *ec2.StartVpcEndpointServicePrivateDnsVerificationInput, ...request.Option) (*ec2.StartVpcEndpointServicePrivateDnsVerificationOutput, error) StartVpcEndpointServicePrivateDnsVerificationRequest(*ec2.StartVpcEndpointServicePrivateDnsVerificationInput) (*request.Request, *ec2.StartVpcEndpointServicePrivateDnsVerificationOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index 8e2aae8e5d..0a9db87ab0 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -59,7 +59,6 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // // Cancels the deletion of a customer master key (CMK). When this operation // succeeds, the key state of the CMK is Disabled. To enable the CMK, use EnableKey. -// You cannot perform this operation on a CMK in a different AWS account. // // For more information about scheduling and canceling deletion of a CMK, see // Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) @@ -69,6 +68,14 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:CancelKeyDeletion (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: ScheduleKeyDeletion +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -208,6 +215,24 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:ConnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations +// +// * CreateCustomKeyStore +// +// * DeleteCustomKeyStore +// +// * DescribeCustomKeyStores +// +// * DisconnectCustomKeyStore +// +// * UpdateCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -349,72 +374,54 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // -// Creates a display name for a customer managed customer master key (CMK). -// You can use an alias to identify a CMK in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), -// such as Encrypt and GenerateDataKey. You can change the CMK associated with -// the alias at any time. +// Creates a friendly name for a customer master key (CMK). You can use an alias +// to identify a CMK in the AWS KMS console, in the DescribeKey operation and +// in cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), +// such as Encrypt and GenerateDataKey. // -// Aliases are easier to remember than key IDs. They can also help to simplify -// your applications. For example, if you use an alias in your code, you can -// change the CMK your code uses by associating a given alias with a different -// CMK. +// You can also change the CMK that's associated with the alias (UpdateAlias) +// or delete the alias (DeleteAlias) at any time. These operations don't affect +// the underlying CMK. // -// To run the same code in multiple AWS regions, use an alias in your code, -// such as alias/ApplicationKey. Then, in each AWS Region, create an alias/ApplicationKey -// alias that is associated with a CMK in that Region. When you run your code, -// it uses the alias/ApplicationKey CMK for that AWS Region without any Region-specific -// code. +// You can associate the alias with any customer managed CMK in the same AWS +// Region. Each alias is associated with only on CMK at a time, but a CMK can +// have multiple aliases. A valid CMK is required. You can't create an alias +// without a CMK. +// +// The alias must be unique in the account and Region, but you can have aliases +// with the same name in different Regions. For detailed information about aliases, +// see Using aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) +// in the AWS Key Management Service Developer Guide. // // This operation does not return a response. To get the alias that you created, // use the ListAliases operation. // -// To use aliases successfully, be aware of the following information. -// -// * Each alias points to only one CMK at a time, although a single CMK can -// have multiple aliases. The alias and its associated CMK must be in the -// same AWS account and Region. -// -// * You can associate an alias with any customer managed CMK in the same -// AWS account and Region. However, you do not have permission to associate -// an alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) -// or an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk). -// -// * To change the CMK associated with an alias, use the UpdateAlias operation. -// The current CMK and the new CMK must be the same type (both symmetric -// or both asymmetric) and they must have the same key usage (ENCRYPT_DECRYPT -// or SIGN_VERIFY). This restriction prevents cryptographic errors in code -// that uses aliases. -// -// * The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. -// It can contain only alphanumeric characters, forward slashes (/), underscores -// (_), and dashes (-). The alias name cannot begin with alias/aws/. The -// alias/aws/ prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). -// -// * The alias name must be unique within an AWS Region. However, you can -// use the same alias name in multiple Regions of the same AWS account. Each -// instance of the alias is associated with a CMK in its Region. -// -// * After you create an alias, you cannot change its alias name. However, -// you can use the DeleteAlias operation to delete the alias and then create -// a new alias with the desired name. -// -// * You can use an alias name or alias ARN to identify a CMK in AWS KMS -// cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) -// and in the DescribeKey operation. However, you cannot use alias names -// or alias ARNs in API operations that manage CMKs, such as DisableKey or -// GetKeyPolicy. For information about the valid CMK identifiers for each -// AWS KMS API operation, see the descriptions of the KeyId parameter in -// the API operation documentation. -// -// Because an alias is not a property of a CMK, you can delete and change the -// aliases of a CMK without affecting the CMK. Also, aliases do not appear in -// the response from the DescribeKey operation. To get the aliases and alias -// ARNs of CMKs in each AWS account and Region, use the ListAliases operation. -// // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on an alias in a +// different AWS account. +// +// Required permissions +// +// * kms:CreateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). +// +// * kms:CreateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the CMK (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * DeleteAlias +// +// * ListAliases +// +// * UpdateAlias +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -545,6 +552,24 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:CreateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). +// +// Related operations: +// +// * ConnectCustomKeyStore +// +// * DeleteCustomKeyStore +// +// * DescribeCustomKeyStores +// +// * DisconnectCustomKeyStore +// +// * UpdateCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -723,17 +748,30 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // // For information about symmetric and asymmetric CMKs, see Using Symmetric // and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) -// in the AWS Key Management Service Developer Guide. -// -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. For more information about grants, -// see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide. For more information about +// grants, see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) // in the AWS Key Management Service Developer Guide . // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation on a CMK in a different +// AWS account, specify the key ARN in the value of the KeyId parameter. +// +// Required permissions: kms:CreateGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * ListGrants +// +// * ListRetirableGrants +// +// * RetireGrant +// +// * RevokeGrant +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -844,8 +882,7 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // // Creates a unique customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys) -// (CMK) in your AWS account and Region. You cannot use this operation to create -// a CMK in a different AWS account. +// (CMK) in your AWS account and Region. // // You can use the CreateKey operation to create symmetric or asymmetric CMKs. // @@ -906,6 +943,23 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // about custom key stores in AWS KMS see Using Custom Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the AWS Key Management Service Developer Guide . // +// Cross-account use: No. You cannot use this operation to create a CMK in a +// different AWS account. +// +// Required permissions: kms:CreateKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). To use the Tags parameter, kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy). For examples and information about related permissions, see +// Allow a user to create CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * DescribeKey +// +// * ListKeys +// +// * ScheduleKeyDeletion +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1091,12 +1145,15 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // These libraries return a ciphertext format that is incompatible with AWS // KMS. // -// If the ciphertext was encrypted under a symmetric CMK, you do not need to -// specify the CMK or the encryption algorithm. AWS KMS can get this information -// from metadata that it adds to the symmetric ciphertext blob. However, if -// you prefer, you can specify the KeyId to ensure that a particular CMK is -// used to decrypt the ciphertext. If you specify a different CMK than the one -// used to encrypt the ciphertext, the Decrypt operation fails. +// If the ciphertext was encrypted under a symmetric CMK, the KeyId parameter +// is optional. AWS KMS can get this information from metadata that it adds +// to the symmetric ciphertext blob. This feature adds durability to your implementation +// by ensuring that authorized users can decrypt ciphertext decades after it +// was encrypted, even if they've lost track of the CMK ID. However, specifying +// the CMK is always recommended as a best practice. When you use the KeyId +// parameter to specify a CMK, AWS KMS only uses the CMK you specify. If the +// ciphertext was encrypted under a different CMK, the Decrypt operation fails. +// This practice ensures that you use the CMK that you intend. // // Whenever possible, use key policies to give users permission to call the // Decrypt operation on a particular CMK, instead of using IAM policies. Otherwise, @@ -1104,12 +1161,30 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs // in other accounts if the key policy for the cross-account CMK permits it. // If you must use an IAM policy for Decrypt permissions, limit the user to -// particular CMKs or particular trusted accounts. +// particular CMKs or particular trusted accounts. For details, see Best practices +// for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices) +// in the AWS Key Management Service Developer Guide. // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. You can decrypt a ciphertext using a CMK in a different +// AWS account. +// +// Required permissions: kms:Decrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Encrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPair +// +// * ReEncrypt +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1244,8 +1319,7 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // DeleteAlias API operation for AWS Key Management Service. // -// Deletes the specified alias. You cannot perform this operation on an alias -// in a different AWS account. +// Deletes the specified alias. // // Because an alias is not a property of a CMK, you can delete and change the // aliases of a CMK without affecting the CMK. Also, aliases do not appear in @@ -1256,6 +1330,28 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // to delete the current alias and CreateAlias to create a new alias. To associate // an existing alias with a different customer master key (CMK), call UpdateAlias. // +// Cross-account use: No. You cannot perform this operation on an alias in a +// different AWS account. +// +// Required permissions +// +// * kms:DeleteAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). +// +// * kms:DeleteAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the CMK (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * CreateAlias +// +// * ListAliases +// +// * UpdateAlias +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1381,6 +1477,24 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:DeleteCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// * ConnectCustomKeyStore +// +// * CreateCustomKeyStore +// +// * DescribeCustomKeyStores +// +// * DisconnectCustomKeyStore +// +// * UpdateCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1492,8 +1606,7 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // Deletes key material that you previously imported. This operation makes the // specified customer master key (CMK) unusable. For more information about // importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) -// in the AWS Key Management Service Developer Guide. You cannot perform this -// operation on a CMK in a different AWS account. +// in the AWS Key Management Service Developer Guide. // // When the specified CMK is in the PendingDeletion state, this operation does // not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. @@ -1505,6 +1618,18 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:DeleteImportedKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * GetParametersForImport +// +// * ImportKeyMaterial +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1635,6 +1760,24 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // topic in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:DescribeCustomKeyStores (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// * ConnectCustomKeyStore +// +// * CreateCustomKeyStore +// +// * DeleteCustomKeyStore +// +// * DisconnectCustomKeyStore +// +// * UpdateCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1750,8 +1893,27 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // Then, it associates the alias with the new CMK, and returns the KeyId and // Arn of the new CMK in the response. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:DescribeKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * GetKeyPolicy +// +// * GetKeyRotationStatus +// +// * ListAliases +// +// * ListGrants +// +// * ListKeys +// +// * ListResourceTags +// +// * ListRetirableGrants // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1844,9 +2006,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // DisableKey API operation for AWS Key Management Service. // -// Sets the state of a customer master key (CMK) to disabled, thereby preventing -// its use for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// You cannot perform this operation on a CMK in a different AWS account. +// Sets the state of a customer master key (CMK) to disabled. This change temporarily +// prevents use of the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). // // For more information about how key state affects the use of a CMK, see How // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) @@ -1856,6 +2017,14 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:DisableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: EnableKey +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1960,12 +2129,23 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // // You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported // key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). -// You cannot perform this operation on a CMK in a different AWS account. // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:DisableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * EnableKeyRotation +// +// * GetKeyRotationStatus +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2094,6 +2274,24 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:DisconnectCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// * ConnectCustomKeyStore +// +// * CreateCustomKeyStore +// +// * DeleteCustomKeyStore +// +// * DescribeCustomKeyStores +// +// * UpdateCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2198,12 +2396,19 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // // Sets the key state of a customer master key (CMK) to enabled. This allows // you to use the CMK for cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations). -// You cannot perform this operation on a CMK in a different AWS account. // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:EnableKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: DisableKey +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2309,8 +2514,7 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) -// for the specified symmetric customer master key (CMK). You cannot perform -// this operation on a CMK in a different AWS account. +// for the specified symmetric customer master key (CMK). // // You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported // key material, or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). @@ -2319,6 +2523,18 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:EnableKeyRotation (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * DisableKeyRotation +// +// * GetKeyRotationStatus +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2484,8 +2700,19 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:Encrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Decrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPair // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2663,6 +2890,24 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // Use the plaintext data key to decrypt data outside of AWS KMS, then erase // the plaintext data key from memory. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Decrypt +// +// * Encrypt +// +// * GenerateDataKeyPair +// +// * GenerateDataKeyPairWithoutPlaintext +// +// * GenerateDataKeyWithoutPlaintext +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2820,6 +3065,24 @@ func (c *KMS) GenerateDataKeyPairRequest(input *GenerateDataKeyPairInput) (req * // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKeyPair (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Decrypt +// +// * Encrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPairWithoutPlaintext +// +// * GenerateDataKeyWithoutPlaintext +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2974,6 +3237,24 @@ func (c *KMS) GenerateDataKeyPairWithoutPlaintextRequest(input *GenerateDataKeyP // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Decrypt +// +// * Encrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPair +// +// * GenerateDataKeyWithoutPlaintext +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3140,6 +3421,24 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GenerateDataKeyWithoutPlaintext (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * Decrypt +// +// * Encrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPair +// +// * GenerateDataKeyPairWithoutPlaintext +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3270,6 +3569,9 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf) // whitepaper. // +// Required permissions: kms:GenerateRandom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3375,8 +3677,15 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // GetKeyPolicy API operation for AWS Key Management Service. // -// Gets a key policy attached to the specified customer master key (CMK). You -// cannot perform this operation on a CMK in a different AWS account. +// Gets a key policy attached to the specified customer master key (CMK). +// +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:GetKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: PutKeyPolicy // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3496,8 +3805,17 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // status is false and AWS KMS does not rotate the backing key. If you cancel // the deletion, the original key rotation status is restored. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation on a CMK in a different +// AWS account, specify the key ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GetKeyRotationStatus (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * DisableKeyRotation +// +// * EnableKeyRotation // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3626,6 +3944,18 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:GetParametersForImport (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * ImportKeyMaterial +// +// * DeleteImportedKeyMaterial +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3770,6 +4100,14 @@ func (c *KMS) GetPublicKeyRequest(input *GetPublicKeyInput) (req *request.Reques // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:GetPublicKey (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: CreateKey +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3945,6 +4283,18 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:ImportKeyMaterial (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * DeleteImportedKeyMaterial +// +// * GetParametersForImport +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4076,12 +4426,12 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // ListAliases API operation for AWS Key Management Service. // -// Gets a list of aliases in the caller's AWS account and region. You cannot -// list aliases in other accounts. For more information about aliases, see CreateAlias. +// Gets a list of aliases in the caller's AWS account and region. For more information +// about aliases, see CreateAlias. // -// By default, the ListAliases command returns all aliases in the account and -// region. To get only the aliases that point to a particular customer master -// key (CMK), use the KeyId parameter. +// By default, the ListAliases operation returns all aliases in the account +// and region. To get only the aliases associated with a particular customer +// master key (CMK), use the KeyId parameter. // // The ListAliases response can include aliases that you created and associated // with your customer managed CMKs, and aliases that AWS created and associated @@ -4093,6 +4443,22 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // a CMK. Aliases that AWS creates in your account, including predefined aliases, // do not count against your AWS KMS aliases quota (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). // +// Cross-account use: No. ListAliases does not return aliases in other AWS accounts. +// +// Required permissions: kms:ListAliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * CreateAlias +// +// * DeleteAlias +// +// * UpdateAlias +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4247,8 +4613,8 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // // Gets a list of all grants for the specified customer master key (CMK). // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// You must specify the CMK in all requests. You can filter the grant list by +// grant ID or grantee principal. // // The GranteePrincipal field in the ListGrants response usually contains the // user or role designated as the grantee principal in the grant. However, when @@ -4256,6 +4622,22 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // field contains the service principal (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services), // which might represent several different grantee principals. // +// Cross-account use: Yes. To perform this operation on a CMK in a different +// AWS account, specify the key ARN in the value of the KeyId parameter. +// +// Required permissions: kms:ListGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * CreateGrant +// +// * ListRetirableGrants +// +// * RetireGrant +// +// * RevokeGrant +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4276,6 +4658,9 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // +// * InvalidGrantIdException +// The request was rejected because the specified GrantId is not valid. +// // * InvalidArnException // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. @@ -4419,7 +4804,18 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // Gets the names of the key policies that are attached to a customer master // key (CMK). This operation is designed to get policy names that you can use // in a GetKeyPolicy operation. However, the only valid policy name is default. -// You cannot perform this operation on a CMK in a different AWS account. +// +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:ListKeyPolicies (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * GetKeyPolicy +// +// * PutKeyPolicy // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4580,6 +4976,22 @@ func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, outpu // Gets a list of all customer master keys (CMKs) in the caller's AWS account // and Region. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:ListKeys (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// * CreateKey +// +// * DescribeKey +// +// * ListAliases +// +// * ListResourceTags +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4718,9 +5130,24 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // ListResourceTags API operation for AWS Key Management Service. // -// Returns a list of all tags for the specified customer master key (CMK). +// Returns all tags on the specified customer master key (CMK). // -// You cannot perform this operation on a CMK in a different AWS account. +// For general information about tags, including the format and syntax, see +// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. For information about using +// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). +// +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:ListResourceTags (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * TagResource +// +// * UntagResource // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4812,11 +5239,32 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // ListRetirableGrants API operation for AWS Key Management Service. // -// Returns a list of all grants for which the grant's RetiringPrincipal matches -// the one specified. +// Returns all grants in which the specified principal is the RetiringPrincipal +// in the grant. // -// A typical use is to list all grants that you are able to retire. To retire -// a grant, use RetireGrant. +// You can specify any principal in your AWS account. The grants that are returned +// include grants for CMKs in your AWS account and other AWS accounts. +// +// You might use this operation to determine which grants you may retire. To +// retire a grant, use the RetireGrant operation. +// +// Cross-account use: You must specify a principal in your AWS account. However, +// this operation can return grants in any AWS account. You do not need kms:ListRetirableGrants +// permission (or any other additional permission) in any AWS account other +// than your own. +// +// Required permissions: kms:ListRetirableGrants (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) in your AWS account. +// +// Related operations: +// +// * CreateGrant +// +// * ListGrants +// +// * RetireGrant +// +// * RevokeGrant // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4913,12 +5361,23 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // PutKeyPolicy API operation for AWS Key Management Service. // -// Attaches a key policy to the specified customer master key (CMK). You cannot -// perform this operation on a CMK in a different AWS account. +// Attaches a key policy to the specified customer master key (CMK). // // For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) +// in the AWS Key Management Service Developer Guide. For help writing and formatting +// a JSON policy document, see the IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) +// in the IAM User Guide . For examples of adding a key policy in multiple programming +// languages, see Setting a key policy (https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:PutKeyPolicy (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: GetKeyPolicy +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5051,17 +5510,23 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // When you use the ReEncrypt operation, you need to provide information for // the decrypt operation and the subsequent encrypt operation. // -// * If your ciphertext was encrypted under an asymmetric CMK, you must identify -// the source CMK, that is, the CMK that encrypted the ciphertext. You must -// also supply the encryption algorithm that was used. This information is -// required to decrypt the data. +// * If your ciphertext was encrypted under an asymmetric CMK, you must use +// the SourceKeyId parameter to identify the CMK that encrypted the ciphertext. +// You must also supply the encryption algorithm that was used. This information +// is required to decrypt the data. // -// * It is optional, but you can specify a source CMK even when the ciphertext -// was encrypted under a symmetric CMK. This ensures that the ciphertext -// is decrypted only by using a particular CMK. If the CMK that you specify -// cannot decrypt the ciphertext, the ReEncrypt operation fails. +// * If your ciphertext was encrypted under a symmetric CMK, the SourceKeyId +// parameter is optional. AWS KMS can get this information from metadata +// that it adds to the symmetric ciphertext blob. This feature adds durability +// to your implementation by ensuring that authorized users can decrypt ciphertext +// decades after it was encrypted, even if they've lost track of the CMK +// ID. However, specifying the source CMK is always recommended as a best +// practice. When you use the SourceKeyId parameter to specify a CMK, AWS +// KMS uses only the CMK you specify. If the ciphertext was encrypted under +// a different CMK, the ReEncrypt operation fails. This practice ensures +// that you use the CMK that you intend. // -// * To reencrypt the data, you must specify the destination CMK, that is, +// * To reencrypt the data, you must use the DestinationKeyId parameter specify // the CMK that re-encrypts the data after it is decrypted. You can select // a symmetric or asymmetric CMK. If the destination CMK is an asymmetric // CMK, you must also provide the encryption algorithm. The algorithm that @@ -5076,11 +5541,21 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // with asymmetric keys. The standard format for asymmetric key ciphertext // does not include configurable fields. // -// Unlike other AWS KMS API operations, ReEncrypt callers must have two permissions: +// The CMK that you use for this operation must be in a compatible key state. +// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide. // -// * kms:ReEncryptFrom permission on the source CMK +// Cross-account use: Yes. The source CMK and destination CMK can be in different +// AWS accounts. Either or both CMKs can be in a different account than the +// caller. // -// * kms:ReEncryptTo permission on the destination CMK +// Required permissions: +// +// * kms:ReEncryptFrom (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// permission on the source CMK (key policy) +// +// * kms:ReEncryptTo (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// permission on the destination CMK (key policy) // // To permit reencryption from or to a CMK, include the "kms:ReEncrypt*" permission // in your key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html). @@ -5089,9 +5564,15 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // a CMK programmatically or when you use the PutKeyPolicy operation to set // a key policy. // -// The CMK that you use for this operation must be in a compatible key state. -// For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Related operations: +// +// * Decrypt +// +// * Encrypt +// +// * GenerateDataKey +// +// * GenerateDataKeyPair // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5244,6 +5725,24 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // A grant ID is a 64 character unique identifier of a grant. The CreateGrant // operation returns both. // +// Cross-account use: Yes. You can retire a grant on a CMK in a different AWS +// account. +// +// Required permissions:: Permission to retire a grant is specified in the grant. +// You cannot control access to this operation in a policy. For more information, +// see Using grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * CreateGrant +// +// * ListGrants +// +// * ListRetirableGrants +// +// * RevokeGrant +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5352,8 +5851,21 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // Revokes the specified grant for the specified customer master key (CMK). // You can revoke a grant to actively deny operations that depend on it. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN in the value of the KeyId parameter. +// Cross-account use: Yes. To perform this operation on a CMK in a different +// AWS account, specify the key ARN in the value of the KeyId parameter. +// +// Required permissions: kms:RevokeGrant (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: +// +// * CreateGrant +// +// * ListGrants +// +// * ListRetirableGrants +// +// * RetireGrant // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5476,8 +5988,6 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // -// You cannot perform this operation on a CMK in a different AWS account. -// // For more information about scheduling a CMK for deletion, see Deleting Customer // Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. @@ -5486,6 +5996,18 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:ScheduleKeyDeletion (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// * CancelKeyDeletion +// +// * DisableKey +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5623,6 +6145,14 @@ func (c *KMS) SignRequest(input *SignInput) (req *request.Request, output *SignO // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:Sign (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: Verify +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5743,23 +6273,40 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // TagResource API operation for AWS Key Management Service. // -// Adds or edits tags for a customer master key (CMK). You cannot perform this -// operation on a CMK in a different AWS account. +// Adds or edits tags on a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // -// Each tag consists of a tag key and a tag value. Tag keys and tag values are -// both required, but tag values can be empty (null) strings. +// Each tag consists of a tag key and a tag value, both of which are case-sensitive +// strings. The tag value can be an empty (null) string. // -// You can only use a tag key once for each CMK. If you use the tag key again, -// AWS KMS replaces the current tag value with the specified value. +// To add a tag, specify a new tag key and a tag value. To edit a tag, specify +// an existing tag key and a new tag value. // -// For information about the rules that apply to tag keys and tag values, see -// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// in the AWS Billing and Cost Management User Guide. +// You can use this operation to tag a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), +// but you cannot tag an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), +// an AWS owned CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk), +// or an alias. +// +// For general information about tags, including the format and syntax, see +// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. For information about using +// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// * UntagResource +// +// * ListResourceTags +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5863,16 +6410,35 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // UntagResource API operation for AWS Key Management Service. // -// Removes the specified tags from the specified customer master key (CMK). -// You cannot perform this operation on a CMK in a different AWS account. +// Deletes tags from a customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). +// To delete a tag, specify the tag key and the CMK. // -// To remove a tag, specify the tag key. To change the tag value of an existing -// tag key, use TagResource. +// When it succeeds, the UntagResource operation doesn't return any output. +// Also, if the specified tag key isn't found on the CMK, it doesn't throw an +// exception or return a response. To confirm that the operation worked, use +// the ListResourceTags operation. +// +// For general information about tags, including the format and syntax, see +// Tagging AWS resources (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) +// in the Amazon Web Services General Reference. For information about using +// tags in AWS KMS, see Tagging keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:UntagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// * TagResource +// +// * ListResourceTags +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5974,8 +6540,7 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // Associates an existing AWS KMS alias with a different customer master key // (CMK). Each alias is associated with only one CMK at a time, although a CMK // can have multiple aliases. The alias and the CMK must be in the same AWS -// account and region. You cannot perform this operation on an alias in a different -// AWS account. +// account and region. // // The current and new CMK must be the same type (both symmetric or both asymmetric), // and they must have the same key usage (ENCRYPT_DECRYPT or SIGN_VERIFY). This @@ -5995,6 +6560,31 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions +// +// * kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the alias (IAM policy). +// +// * kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the current CMK (key policy). +// +// * kms:UpdateAlias (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// on the new CMK (key policy). +// +// For details, see Controlling access to aliases (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) +// in the AWS Key Management Service Developer Guide. +// +// Related operations: +// +// * CreateAlias +// +// * DeleteAlias +// +// * ListAliases +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6130,6 +6720,24 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // +// Cross-account use: No. You cannot perform this operation on a custom key +// store in a different AWS account. +// +// Required permissions: kms:UpdateCustomKeyStore (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (IAM policy) +// +// Related operations: +// +// * ConnectCustomKeyStore +// +// * CreateCustomKeyStore +// +// * DeleteCustomKeyStore +// +// * DescribeCustomKeyStores +// +// * DisconnectCustomKeyStore +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6298,12 +6906,22 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // Updates the description of a customer master key (CMK). To see the description // of a CMK, use DescribeKey. // -// You cannot perform this operation on a CMK in a different AWS account. -// // The CMK that you use for this operation must be in a compatible key state. // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: No. You cannot perform this operation on a CMK in a different +// AWS account. +// +// Required permissions: kms:UpdateKeyDescription (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations +// +// * CreateKey +// +// * DescribeKey +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6433,6 +7051,14 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V // For details, see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// Cross-account use: Yes. To perform this operation with a CMK in a different +// AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter. +// +// Required permissions: kms:Verify (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) +// (key policy) +// +// Related operations: Sign +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6523,6 +7149,10 @@ type AliasListEntry struct { // String that contains the alias. This value begins with alias/. AliasName *string `min:"1" type:"string"` + CreationDate *time.Time `type:"timestamp"` + + LastUpdatedDate *time.Time `type:"timestamp"` + // String that contains the key identifier referred to by the alias. TargetKeyId *string `min:"1" type:"string"` } @@ -6549,6 +7179,18 @@ func (s *AliasListEntry) SetAliasName(v string) *AliasListEntry { return s } +// SetCreationDate sets the CreationDate field's value. +func (s *AliasListEntry) SetCreationDate(v time.Time) *AliasListEntry { + s.CreationDate = &v + return s +} + +// SetLastUpdatedDate sets the LastUpdatedDate field's value. +func (s *AliasListEntry) SetLastUpdatedDate(v time.Time) *AliasListEntry { + s.LastUpdatedDate = &v + return s +} + // SetTargetKeyId sets the TargetKeyId field's value. func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { s.TargetKeyId = &v @@ -7081,17 +7723,35 @@ type CreateAliasInput struct { _ struct{} `type:"structure"` // Specifies the alias name. This value must begin with alias/ followed by a - // name, such as alias/ExampleAlias. The alias name cannot begin with alias/aws/. - // The alias/aws/ prefix is reserved for AWS managed CMKs. + // name, such as alias/ExampleAlias. + // + // The AliasName value must be string of 1-256 characters. It can contain only + // alphanumeric characters, forward slashes (/), underscores (_), and dashes + // (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is + // reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Identifies the CMK to which the alias refers. Specify the key ID or the Amazon - // Resource Name (ARN) of the CMK. You cannot specify another alias. For help - // finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) + // Associates the alias with the specified customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). + // The CMK must be in the same AWS Region. + // + // A valid CMK ID is required. If you supply a null or empty string value, this + // operation returns an error. + // + // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) // in the AWS Key Management Service Developer Guide. // + // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` } @@ -7290,6 +7950,10 @@ type CreateGrantInput struct { // specified in this structure. For more information about encryption context, // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide . + // + // Grant constraints are not applied to operations that do not support an encryption + // context, such as cryptographic operations with asymmetric CMKs and management + // operations, such as DescribeKey or RetireGrant. Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. @@ -7328,8 +7992,8 @@ type CreateGrantInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // A friendly name for identifying the grant. Use this value to prevent the - // unintended creation of duplicate grants when retrying this request. + // A friendly name for the grant. Use this value to prevent the unintended creation + // of duplicate grants when retrying this request. // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. @@ -7339,7 +8003,7 @@ type CreateGrantInput struct { // parameters; if the grant already exists, the original GrantId is returned // without creating a new grant. Note that the returned grant token is unique // with every CreateGrant request, even when a duplicate GrantId is returned. - // All grant tokens obtained in this way can be used interchangeably. + // All grant tokens for the same grant ID can be used interchangeably. Name *string `min:"1" type:"string"` // A list of operations that the grant permits. @@ -7447,7 +8111,7 @@ type CreateGrantOutput struct { // The unique identifier for the grant. // - // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. + // You can use the GrantId in a ListGrants, RetireGrant, or RevokeGrant operation. GrantId *string `min:"1" type:"string"` // The grant token. @@ -7615,6 +8279,10 @@ type CreateKeyInput struct { // in the AWS Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). + // + // For help writing and formatting a JSON policy document, see the IAM JSON + // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) + // in the IAM User Guide . Policy *string `min:"1" type:"string"` // One or more tags. Each tag consists of a tag key and a tag value. Both the @@ -7627,6 +8295,9 @@ type CreateKeyInput struct { // // Use this parameter to tag the CMK when it is created. To add tags to an existing // CMK, use the TagResource operation. + // + // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) + // permission in an IAM policy. Tags []*Tag `type:"list"` } @@ -8175,20 +8846,18 @@ type DecryptInput struct { // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // Specifies the customer master key (CMK) that AWS KMS will use to decrypt - // the ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext. - // - // If you specify a KeyId value, the Decrypt operation succeeds only if the - // specified CMK was used to encrypt the ciphertext. + // Specifies the customer master key (CMK) that AWS KMS uses to decrypt the + // ciphertext. Enter a key ID of the CMK that was used to encrypt the ciphertext. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the - // ciphertext blob to determine which CMK was used to encrypt the ciphertext. - // However, you can use this parameter to ensure that a particular CMK (of any - // kind) is used to decrypt the ciphertext. + // asymmetric CMK. If you used a symmetric CMK, AWS KMS can get the CMK from + // metadata that it adds to the symmetric ciphertext blob. However, it is always + // recommended as a best practice. This practice ensures that you use the CMK + // that you intend. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -8842,8 +9511,8 @@ func (s DisableKeyOutput) GoString() string { type DisableKeyRotationInput struct { _ struct{} `type:"structure"` - // Identifies a symmetric customer master key (CMK). You cannot enable automatic - // rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), + // Identifies a symmetric customer master key (CMK). You cannot enable or disable + // automatic rotation of asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks), // CMKs with imported key material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), // or CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // @@ -9753,7 +10422,8 @@ type GenerateDataKeyPairWithoutPlaintextInput struct { // operation. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -10597,7 +11267,7 @@ func (s *GetPublicKeyOutput) SetSigningAlgorithms(v []*string) *GetPublicKeyOutp // a symmetric CMK (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks). // Grant constraints are not applied to operations that do not support an encryption // context, such as cryptographic operations with asymmetric CMKs and management -// operations, such as DescribeKey or ScheduleKeyDeletion. +// operations, such as DescribeKey or RetireGrant. // // In a cryptographic operation, the encryption context in the decryption operation // must be an exact, case-sensitive match for the keys and values in the encryption @@ -12075,12 +12745,21 @@ func (s *LimitExceededException) RequestID() string { type ListAliasesInput struct { _ struct{} `type:"structure"` - // Lists only aliases that refer to the specified CMK. The value of this parameter - // can be the ID or Amazon Resource Name (ARN) of a CMK in the caller's account - // and region. You cannot use an alias name or alias ARN in this value. + // Lists only aliases that are associated with the specified CMK. Enter a CMK + // in your AWS account. // // This parameter is optional. If you omit it, ListAliases returns all aliases - // in the account and region. + // in the account and Region. + // + // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. + // + // For example: + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. KeyId *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When @@ -12192,7 +12871,16 @@ func (s *ListAliasesOutput) SetTruncated(v bool) *ListAliasesOutput { type ListGrantsInput struct { _ struct{} `type:"structure"` - // A unique identifier for the customer master key (CMK). + // Returns only the grant with the specified grant ID. The grant ID uniquely + // identifies the grant. + GrantId *string `min:"1" type:"string"` + + // Returns only grants where the specified principal is the grantee principal + // for the grant. + GranteePrincipal *string `min:"1" type:"string"` + + // Returns only grants for the specified customer master key (CMK). This parameter + // is required. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify // a CMK in a different AWS account, you must use the key ARN. @@ -12235,6 +12923,12 @@ func (s ListGrantsInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ListGrantsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListGrantsInput"} + if s.GrantId != nil && len(*s.GrantId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) + } + if s.GranteePrincipal != nil && len(*s.GranteePrincipal) < 1 { + invalidParams.Add(request.NewErrParamMinLen("GranteePrincipal", 1)) + } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } @@ -12254,6 +12948,18 @@ func (s *ListGrantsInput) Validate() error { return nil } +// SetGrantId sets the GrantId field's value. +func (s *ListGrantsInput) SetGrantId(v string) *ListGrantsInput { + s.GrantId = &v + return s +} + +// SetGranteePrincipal sets the GranteePrincipal field's value. +func (s *ListGrantsInput) SetGranteePrincipal(v string) *ListGrantsInput { + s.GranteePrincipal = &v + return s +} + // SetKeyId sets the KeyId field's value. func (s *ListGrantsInput) SetKeyId(v string) *ListGrantsInput { s.KeyId = &v @@ -12694,7 +13400,8 @@ type ListRetirableGrantsInput struct { // you just received. Marker *string `min:"1" type:"string"` - // The retiring principal for which to list grants. + // The retiring principal for which to list grants. Enter a principal in your + // AWS account. // // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM @@ -13100,20 +13807,19 @@ type ReEncryptInput struct { // in the AWS Key Management Service Developer Guide. SourceEncryptionContext map[string]*string `type:"map"` - // A unique identifier for the CMK that is used to decrypt the ciphertext before - // it reencrypts it using the destination CMK. + // Specifies the customer master key (CMK) that AWS KMS will use to decrypt + // the ciphertext before it is re-encrypted. Enter a key ID of the CMK that + // was used to encrypt the ciphertext. // // This parameter is required only when the ciphertext was encrypted under an - // asymmetric CMK. Otherwise, AWS KMS uses the metadata that it adds to the - // ciphertext blob to determine which CMK was used to encrypt the ciphertext. - // However, you can use this parameter to ensure that a particular CMK (of any - // kind) is used to decrypt the ciphertext before it is reencrypted. - // - // If you specify a KeyId value, the decrypt part of the ReEncrypt operation - // succeeds only if the specified CMK was used to encrypt the ciphertext. + // asymmetric CMK. If you used a symmetric CMK, AWS KMS can get the CMK from + // metadata that it adds to the symmetric ciphertext blob. However, it is always + // recommended as a best practice. This practice ensures that you use the CMK + // that you intend. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, - // or alias ARN. When using an alias name, prefix it with "alias/". + // or alias ARN. When using an alias name, prefix it with "alias/". To specify + // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // @@ -13838,7 +14544,7 @@ func (s *TagException) RequestID() string { type TagResourceInput struct { _ struct{} `type:"structure"` - // A unique identifier for the CMK you are tagging. + // Identifies a customer managed CMK in the account and Region. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -13853,7 +14559,14 @@ type TagResourceInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // One or more tags. Each tag consists of a tag key and a tag value. + // One or more tags. + // + // Each tag consists of a tag key and a tag value. The tag value can be an empty + // (null) string. + // + // You cannot have more than one tag on a CMK with the same tag key. If you + // specify an existing tag key with a different tag value, AWS KMS replaces + // the current tag value with the specified one. // // Tags is a required field Tags []*Tag `type:"list" required:"true"` @@ -13984,7 +14697,7 @@ func (s *UnsupportedOperationException) RequestID() string { type UntagResourceInput struct { _ struct{} `type:"structure"` - // A unique identifier for the CMK from which you are removing tags. + // Identifies the CMK from which you are removing tags. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -14070,8 +14783,9 @@ type UpdateAliasInput struct { // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Identifies the CMK to associate with the alias. When the update operation - // completes, the alias will point to this CMK. + // Identifies the customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) + // to associate with the alias. You don't have permission to associate an alias + // with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // The CMK must be in the same AWS account and Region as the alias. Also, the // new target CMK must be the same type as the current target CMK (both symmetric diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go index 8a77840067..34ec3edaf9 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/api.go @@ -13,6 +13,102 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/restxml" ) +const opActivateKeySigningKey = "ActivateKeySigningKey" + +// ActivateKeySigningKeyRequest generates a "aws/request.Request" representing the +// client's request for the ActivateKeySigningKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ActivateKeySigningKey for more information on using the ActivateKeySigningKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ActivateKeySigningKeyRequest method. +// req, resp := client.ActivateKeySigningKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ActivateKeySigningKey +func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput) (req *request.Request, output *ActivateKeySigningKeyOutput) { + op := &request.Operation{ + Name: opActivateKeySigningKey, + HTTPMethod: "POST", + HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}/activate", + } + + if input == nil { + input = &ActivateKeySigningKeyInput{} + } + + output = &ActivateKeySigningKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ActivateKeySigningKey API operation for Amazon Route 53. +// +// Activates a key signing key (KSK) so that it can be used for signing by DNSSEC. +// This operation changes the KSK status to ACTIVE. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation ActivateKeySigningKey for usage and error information. +// +// Returned Error Codes: +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" +// The specified key signing key (KSK) doesn't exist. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// * ErrCodeInvalidSigningStatus "InvalidSigningStatus" +// Your hosted zone status isn't valid for this operation. In the hosted zone, +// change the status to enable DNSSEC or disable DNSSEC. +// +// * ErrCodeInvalidKMSArn "InvalidKMSArn" +// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC +// signing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/ActivateKeySigningKey +func (c *Route53) ActivateKeySigningKey(input *ActivateKeySigningKeyInput) (*ActivateKeySigningKeyOutput, error) { + req, out := c.ActivateKeySigningKeyRequest(input) + return out, req.Send() +} + +// ActivateKeySigningKeyWithContext is the same as ActivateKeySigningKey with the addition of +// the ability to pass a context and additional request options. +// +// See ActivateKeySigningKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) ActivateKeySigningKeyWithContext(ctx aws.Context, input *ActivateKeySigningKeyInput, opts ...request.Option) (*ActivateKeySigningKeyOutput, error) { + req, out := c.ActivateKeySigningKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAssociateVPCWithHostedZone = "AssociateVPCWithHostedZone" // AssociateVPCWithHostedZoneRequest generates a "aws/request.Request" representing the @@ -744,6 +840,119 @@ func (c *Route53) CreateHostedZoneWithContext(ctx aws.Context, input *CreateHost return out, req.Send() } +const opCreateKeySigningKey = "CreateKeySigningKey" + +// CreateKeySigningKeyRequest generates a "aws/request.Request" representing the +// client's request for the CreateKeySigningKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateKeySigningKey for more information on using the CreateKeySigningKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateKeySigningKeyRequest method. +// req, resp := client.CreateKeySigningKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateKeySigningKey +func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (req *request.Request, output *CreateKeySigningKeyOutput) { + op := &request.Operation{ + Name: opCreateKeySigningKey, + HTTPMethod: "POST", + HTTPPath: "/2013-04-01/keysigningkey", + } + + if input == nil { + input = &CreateKeySigningKeyInput{} + } + + output = &CreateKeySigningKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateKeySigningKey API operation for Amazon Route 53. +// +// Creates a new key signing key (KSK) associated with a hosted zone. You can +// only have two KSKs per hosted zone. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation CreateKeySigningKey for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchHostedZone "NoSuchHostedZone" +// No hosted zone exists with the ID that you specified. +// +// * ErrCodeInvalidArgument "InvalidArgument" +// Parameter name is not valid. +// +// * ErrCodeInvalidInput "InvalidInput" +// The input is not valid. +// +// * ErrCodeInvalidKMSArn "InvalidKMSArn" +// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC +// signing. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// * ErrCodeInvalidSigningStatus "InvalidSigningStatus" +// Your hosted zone status isn't valid for this operation. In the hosted zone, +// change the status to enable DNSSEC or disable DNSSEC. +// +// * ErrCodeInvalidKeySigningKeyName "InvalidKeySigningKeyName" +// The key signing key (KSK) name that you specified isn't a valid name. +// +// * ErrCodeKeySigningKeyAlreadyExists "KeySigningKeyAlreadyExists" +// You've already created a key signing key (KSK) with this name or with the +// same customer managed key (CMK) ARN. +// +// * ErrCodeTooManyKeySigningKeys "TooManyKeySigningKeys" +// You've reached the limit for the number of key signing keys (KSKs). Remove +// at least one KSK, and then try again. +// +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateKeySigningKey +func (c *Route53) CreateKeySigningKey(input *CreateKeySigningKeyInput) (*CreateKeySigningKeyOutput, error) { + req, out := c.CreateKeySigningKeyRequest(input) + return out, req.Send() +} + +// CreateKeySigningKeyWithContext is the same as CreateKeySigningKey with the addition of +// the ability to pass a context and additional request options. +// +// See CreateKeySigningKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) CreateKeySigningKeyWithContext(ctx aws.Context, input *CreateKeySigningKeyInput, opts ...request.Option) (*CreateKeySigningKeyOutput, error) { + req, out := c.CreateKeySigningKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateQueryLoggingConfig = "CreateQueryLoggingConfig" // CreateQueryLoggingConfigRequest generates a "aws/request.Request" representing the @@ -1071,7 +1280,7 @@ func (c *Route53) CreateReusableDelegationSetRequest(input *CreateReusableDelega // The specified HostedZone can't be found. // // * ErrCodeInvalidArgument "InvalidArgument" -// Parameter name is invalid. +// Parameter name is not valid. // // * ErrCodeInvalidInput "InvalidInput" // The input is not valid. @@ -1184,7 +1393,7 @@ func (c *Route53) CreateTrafficPolicyRequest(input *CreateTrafficPolicyInput) (r // // * ErrCodeInvalidTrafficPolicyDocument "InvalidTrafficPolicyDocument" // The format of the traffic policy document that you specified in the Document -// element is invalid. +// element is not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateTrafficPolicy func (c *Route53) CreateTrafficPolicy(input *CreateTrafficPolicyInput) (*CreateTrafficPolicyOutput, error) { @@ -1397,7 +1606,7 @@ func (c *Route53) CreateTrafficPolicyVersionRequest(input *CreateTrafficPolicyVe // // * ErrCodeInvalidTrafficPolicyDocument "InvalidTrafficPolicyDocument" // The format of the traffic policy document that you specified in the Document -// element is invalid. +// element is not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/CreateTrafficPolicyVersion func (c *Route53) CreateTrafficPolicyVersion(input *CreateTrafficPolicyVersionInput) (*CreateTrafficPolicyVersionOutput, error) { @@ -1527,6 +1736,106 @@ func (c *Route53) CreateVPCAssociationAuthorizationWithContext(ctx aws.Context, return out, req.Send() } +const opDeactivateKeySigningKey = "DeactivateKeySigningKey" + +// DeactivateKeySigningKeyRequest generates a "aws/request.Request" representing the +// client's request for the DeactivateKeySigningKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeactivateKeySigningKey for more information on using the DeactivateKeySigningKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeactivateKeySigningKeyRequest method. +// req, resp := client.DeactivateKeySigningKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey +func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyInput) (req *request.Request, output *DeactivateKeySigningKeyOutput) { + op := &request.Operation{ + Name: opDeactivateKeySigningKey, + HTTPMethod: "POST", + HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}/deactivate", + } + + if input == nil { + input = &DeactivateKeySigningKeyInput{} + } + + output = &DeactivateKeySigningKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeactivateKeySigningKey API operation for Amazon Route 53. +// +// Deactivates a key signing key (KSK) so that it will not be used for signing +// by DNSSEC. This operation changes the KSK status to INACTIVE. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation DeactivateKeySigningKey for usage and error information. +// +// Returned Error Codes: +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" +// The specified key signing key (KSK) doesn't exist. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// * ErrCodeInvalidSigningStatus "InvalidSigningStatus" +// Your hosted zone status isn't valid for this operation. In the hosted zone, +// change the status to enable DNSSEC or disable DNSSEC. +// +// * ErrCodeKeySigningKeyInUse "KeySigningKeyInUse" +// The key signing key (KSK) that you specified can't be deactivated because +// it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, +// or add or enable another KSK. +// +// * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord" +// The key signing key (KSK) is specified in a parent DS record. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey +func (c *Route53) DeactivateKeySigningKey(input *DeactivateKeySigningKeyInput) (*DeactivateKeySigningKeyOutput, error) { + req, out := c.DeactivateKeySigningKeyRequest(input) + return out, req.Send() +} + +// DeactivateKeySigningKeyWithContext is the same as DeactivateKeySigningKey with the addition of +// the ability to pass a context and additional request options. +// +// See DeactivateKeySigningKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) DeactivateKeySigningKeyWithContext(ctx aws.Context, input *DeactivateKeySigningKeyInput, opts ...request.Option) (*DeactivateKeySigningKeyOutput, error) { + req, out := c.DeactivateKeySigningKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteHealthCheck = "DeleteHealthCheck" // DeleteHealthCheckRequest generates a "aws/request.Request" representing the @@ -1767,6 +2076,103 @@ func (c *Route53) DeleteHostedZoneWithContext(ctx aws.Context, input *DeleteHost return out, req.Send() } +const opDeleteKeySigningKey = "DeleteKeySigningKey" + +// DeleteKeySigningKeyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteKeySigningKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteKeySigningKey for more information on using the DeleteKeySigningKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteKeySigningKeyRequest method. +// req, resp := client.DeleteKeySigningKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteKeySigningKey +func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (req *request.Request, output *DeleteKeySigningKeyOutput) { + op := &request.Operation{ + Name: opDeleteKeySigningKey, + HTTPMethod: "DELETE", + HTTPPath: "/2013-04-01/keysigningkey/{HostedZoneId}/{Name}", + } + + if input == nil { + input = &DeleteKeySigningKeyInput{} + } + + output = &DeleteKeySigningKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteKeySigningKey API operation for Amazon Route 53. +// +// Deletes a key signing key (KSK). Before you can delete a KSK, you must deactivate +// it. The KSK must be deactived before you can delete it regardless of whether +// the hosted zone is enabled for DNSSEC signing. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation DeleteKeySigningKey for usage and error information. +// +// Returned Error Codes: +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" +// The specified key signing key (KSK) doesn't exist. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// * ErrCodeInvalidSigningStatus "InvalidSigningStatus" +// Your hosted zone status isn't valid for this operation. In the hosted zone, +// change the status to enable DNSSEC or disable DNSSEC. +// +// * ErrCodeInvalidKMSArn "InvalidKMSArn" +// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC +// signing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeleteKeySigningKey +func (c *Route53) DeleteKeySigningKey(input *DeleteKeySigningKeyInput) (*DeleteKeySigningKeyOutput, error) { + req, out := c.DeleteKeySigningKeyRequest(input) + return out, req.Send() +} + +// DeleteKeySigningKeyWithContext is the same as DeleteKeySigningKey with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteKeySigningKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) DeleteKeySigningKeyWithContext(ctx aws.Context, input *DeleteKeySigningKeyInput, opts ...request.Option) (*DeleteKeySigningKeyOutput, error) { + req, out := c.DeleteKeySigningKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteQueryLoggingConfig = "DeleteQueryLoggingConfig" // DeleteQueryLoggingConfigRequest generates a "aws/request.Request" representing the @@ -2257,6 +2663,107 @@ func (c *Route53) DeleteVPCAssociationAuthorizationWithContext(ctx aws.Context, return out, req.Send() } +const opDisableHostedZoneDNSSEC = "DisableHostedZoneDNSSEC" + +// DisableHostedZoneDNSSECRequest generates a "aws/request.Request" representing the +// client's request for the DisableHostedZoneDNSSEC operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableHostedZoneDNSSEC for more information on using the DisableHostedZoneDNSSEC +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableHostedZoneDNSSECRequest method. +// req, resp := client.DisableHostedZoneDNSSECRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DisableHostedZoneDNSSEC +func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECInput) (req *request.Request, output *DisableHostedZoneDNSSECOutput) { + op := &request.Operation{ + Name: opDisableHostedZoneDNSSEC, + HTTPMethod: "POST", + HTTPPath: "/2013-04-01/hostedzone/{Id}/disable-dnssec", + } + + if input == nil { + input = &DisableHostedZoneDNSSECInput{} + } + + output = &DisableHostedZoneDNSSECOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableHostedZoneDNSSEC API operation for Amazon Route 53. +// +// Disables DNSSEC signing in a specific hosted zone. This action does not deactivate +// any key signing keys (KSKs) that are active in the hosted zone. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation DisableHostedZoneDNSSEC for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchHostedZone "NoSuchHostedZone" +// No hosted zone exists with the ID that you specified. +// +// * ErrCodeInvalidArgument "InvalidArgument" +// Parameter name is not valid. +// +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord" +// The key signing key (KSK) is specified in a parent DS record. +// +// * ErrCodeDNSSECNotFound "DNSSECNotFound" +// The hosted zone doesn't have any DNSSEC resources. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// * ErrCodeInvalidKMSArn "InvalidKMSArn" +// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC +// signing. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DisableHostedZoneDNSSEC +func (c *Route53) DisableHostedZoneDNSSEC(input *DisableHostedZoneDNSSECInput) (*DisableHostedZoneDNSSECOutput, error) { + req, out := c.DisableHostedZoneDNSSECRequest(input) + return out, req.Send() +} + +// DisableHostedZoneDNSSECWithContext is the same as DisableHostedZoneDNSSEC with the addition of +// the ability to pass a context and additional request options. +// +// See DisableHostedZoneDNSSEC for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) DisableHostedZoneDNSSECWithContext(ctx aws.Context, input *DisableHostedZoneDNSSECInput, opts ...request.Option) (*DisableHostedZoneDNSSECOutput, error) { + req, out := c.DisableHostedZoneDNSSECRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateVPCFromHostedZone = "DisassociateVPCFromHostedZone" // DisassociateVPCFromHostedZoneRequest generates a "aws/request.Request" representing the @@ -2369,6 +2876,110 @@ func (c *Route53) DisassociateVPCFromHostedZoneWithContext(ctx aws.Context, inpu return out, req.Send() } +const opEnableHostedZoneDNSSEC = "EnableHostedZoneDNSSEC" + +// EnableHostedZoneDNSSECRequest generates a "aws/request.Request" representing the +// client's request for the EnableHostedZoneDNSSEC operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableHostedZoneDNSSEC for more information on using the EnableHostedZoneDNSSEC +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableHostedZoneDNSSECRequest method. +// req, resp := client.EnableHostedZoneDNSSECRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC +func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInput) (req *request.Request, output *EnableHostedZoneDNSSECOutput) { + op := &request.Operation{ + Name: opEnableHostedZoneDNSSEC, + HTTPMethod: "POST", + HTTPPath: "/2013-04-01/hostedzone/{Id}/enable-dnssec", + } + + if input == nil { + input = &EnableHostedZoneDNSSECInput{} + } + + output = &EnableHostedZoneDNSSECOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableHostedZoneDNSSEC API operation for Amazon Route 53. +// +// Enables DNSSEC signing in a specific hosted zone. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation EnableHostedZoneDNSSEC for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchHostedZone "NoSuchHostedZone" +// No hosted zone exists with the ID that you specified. +// +// * ErrCodeInvalidArgument "InvalidArgument" +// Parameter name is not valid. +// +// * ErrCodeConcurrentModification "ConcurrentModification" +// Another user submitted a request to create, update, or delete the object +// at the same time that you did. Retry the request. +// +// * ErrCodeKeySigningKeyWithActiveStatusNotFound "KeySigningKeyWithActiveStatusNotFound" +// A key signing key (KSK) with ACTIVE status wasn't found. +// +// * ErrCodeInvalidKMSArn "InvalidKMSArn" +// The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC +// signing. +// +// * ErrCodeHostedZonePartiallyDelegated "HostedZonePartiallyDelegated" +// The hosted zone nameservers don't match the parent nameservers. The hosted +// zone and parent must have the same nameservers. +// +// * ErrCodeDNSSECNotFound "DNSSECNotFound" +// The hosted zone doesn't have any DNSSEC resources. +// +// * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" +// The key signing key (KSK) status isn't valid or another KSK has the status +// INTERNAL_FAILURE. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC +func (c *Route53) EnableHostedZoneDNSSEC(input *EnableHostedZoneDNSSECInput) (*EnableHostedZoneDNSSECOutput, error) { + req, out := c.EnableHostedZoneDNSSECRequest(input) + return out, req.Send() +} + +// EnableHostedZoneDNSSECWithContext is the same as EnableHostedZoneDNSSEC with the addition of +// the ability to pass a context and additional request options. +// +// See EnableHostedZoneDNSSEC for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) EnableHostedZoneDNSSECWithContext(ctx aws.Context, input *EnableHostedZoneDNSSECInput, opts ...request.Option) (*EnableHostedZoneDNSSECOutput, error) { + req, out := c.EnableHostedZoneDNSSECRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetAccountLimit = "GetAccountLimit" // GetAccountLimitRequest generates a "aws/request.Request" representing the @@ -2626,6 +3237,89 @@ func (c *Route53) GetCheckerIpRangesWithContext(ctx aws.Context, input *GetCheck return out, req.Send() } +const opGetDNSSEC = "GetDNSSEC" + +// GetDNSSECRequest generates a "aws/request.Request" representing the +// client's request for the GetDNSSEC operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetDNSSEC for more information on using the GetDNSSEC +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetDNSSECRequest method. +// req, resp := client.GetDNSSECRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/GetDNSSEC +func (c *Route53) GetDNSSECRequest(input *GetDNSSECInput) (req *request.Request, output *GetDNSSECOutput) { + op := &request.Operation{ + Name: opGetDNSSEC, + HTTPMethod: "GET", + HTTPPath: "/2013-04-01/hostedzone/{Id}/dnssec", + } + + if input == nil { + input = &GetDNSSECInput{} + } + + output = &GetDNSSECOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetDNSSEC API operation for Amazon Route 53. +// +// Returns information about DNSSEC for a specific hosted zone, including the +// key signing keys (KSKs) and zone signing keys (ZSKs) in the hosted zone. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Route 53's +// API operation GetDNSSEC for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchHostedZone "NoSuchHostedZone" +// No hosted zone exists with the ID that you specified. +// +// * ErrCodeInvalidArgument "InvalidArgument" +// Parameter name is not valid. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/GetDNSSEC +func (c *Route53) GetDNSSEC(input *GetDNSSECInput) (*GetDNSSECOutput, error) { + req, out := c.GetDNSSECRequest(input) + return out, req.Send() +} + +// GetDNSSECWithContext is the same as GetDNSSEC with the addition of +// the ability to pass a context and additional request options. +// +// See GetDNSSEC for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Route53) GetDNSSECWithContext(ctx aws.Context, input *GetDNSSECInput, opts ...request.Option) (*GetDNSSECOutput, error) { + req, out := c.GetDNSSECRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetGeoLocation = "GetGeoLocation" // GetGeoLocationRequest generates a "aws/request.Request" representing the @@ -6099,6 +6793,90 @@ func (s *AccountLimit) SetValue(v int64) *AccountLimit { return s } +type ActivateKeySigningKeyInput struct { + _ struct{} `locationName:"ActivateKeySigningKeyRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` + + // An alphanumeric string used to identify a key signing key (KSK). + // + // Name is a required field + Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` +} + +// String returns the string representation +func (s ActivateKeySigningKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ActivateKeySigningKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ActivateKeySigningKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ActivateKeySigningKeyInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Name", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *ActivateKeySigningKeyInput) SetHostedZoneId(v string) *ActivateKeySigningKeyInput { + s.HostedZoneId = &v + return s +} + +// SetName sets the Name field's value. +func (s *ActivateKeySigningKeyInput) SetName(v string) *ActivateKeySigningKeyInput { + s.Name = &v + return s +} + +type ActivateKeySigningKeyOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` +} + +// String returns the string representation +func (s ActivateKeySigningKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ActivateKeySigningKeyOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *ActivateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *ActivateKeySigningKeyOutput { + s.ChangeInfo = v + return s +} + // A complex type that identifies the CloudWatch alarm that you want Amazon // Route 53 health checkers to use to determine whether the specified health // check is healthy. @@ -7439,6 +8217,195 @@ func (s *CreateHostedZoneOutput) SetVPC(v *VPC) *CreateHostedZoneOutput { return s } +type CreateKeySigningKeyInput struct { + _ struct{} `locationName:"CreateKeySigningKeyRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"` + + // A unique string that identifies the request. + // + // CallerReference is a required field + CallerReference *string `min:"1" type:"string" required:"true"` + + // The unique string (ID) used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `type:"string" required:"true"` + + // The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key + // Management Service (KMS). The KeyManagementServiceArn must be unique for + // each key signing key (KSK) in a single hosted zone. To see an example of + // KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll + // down to Example. + // + // You must configure the CMK as follows: + // + // Status + // + // Enabled + // + // Key spec + // + // ECC_NIST_P256 + // + // Key usage + // + // Sign and verify + // + // Key policy + // + // The key policy must give permission for the following actions: + // + // * DescribeKey + // + // * GetPublicKey + // + // * Sign + // + // The key policy must also include the Amazon Route 53 service in the principal + // for your account. Specify the following: + // + // * "Service": "api-service.dnssec.route53.aws.internal" + // + // For more information about working with CMK in KMS, see AWS Key Management + // Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). + // + // KeyManagementServiceArn is a required field + KeyManagementServiceArn *string `type:"string" required:"true"` + + // An alphanumeric string used to identify a key signing key (KSK). Name must + // be unique for each key signing key in the same hosted zone. + // + // Name is a required field + Name *string `min:"3" type:"string" required:"true"` + + // A string specifying the initial status of the key signing key (KSK). You + // can set the value to ACTIVE or INACTIVE. + // + // Status is a required field + Status *string `min:"5" type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateKeySigningKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeySigningKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateKeySigningKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateKeySigningKeyInput"} + if s.CallerReference == nil { + invalidParams.Add(request.NewErrParamRequired("CallerReference")) + } + if s.CallerReference != nil && len(*s.CallerReference) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CallerReference", 1)) + } + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.KeyManagementServiceArn == nil { + invalidParams.Add(request.NewErrParamRequired("KeyManagementServiceArn")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Name", 3)) + } + if s.Status == nil { + invalidParams.Add(request.NewErrParamRequired("Status")) + } + if s.Status != nil && len(*s.Status) < 5 { + invalidParams.Add(request.NewErrParamMinLen("Status", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCallerReference sets the CallerReference field's value. +func (s *CreateKeySigningKeyInput) SetCallerReference(v string) *CreateKeySigningKeyInput { + s.CallerReference = &v + return s +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *CreateKeySigningKeyInput) SetHostedZoneId(v string) *CreateKeySigningKeyInput { + s.HostedZoneId = &v + return s +} + +// SetKeyManagementServiceArn sets the KeyManagementServiceArn field's value. +func (s *CreateKeySigningKeyInput) SetKeyManagementServiceArn(v string) *CreateKeySigningKeyInput { + s.KeyManagementServiceArn = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateKeySigningKeyInput) SetName(v string) *CreateKeySigningKeyInput { + s.Name = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *CreateKeySigningKeyInput) SetStatus(v string) *CreateKeySigningKeyInput { + s.Status = &v + return s +} + +type CreateKeySigningKeyOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` + + // The key signing key (KSK) that the request creates. + // + // KeySigningKey is a required field + KeySigningKey *KeySigningKey `type:"structure" required:"true"` + + // The unique URL representing the new key signing key (KSK). + // + // Location is a required field + Location *string `location:"header" locationName:"Location" type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateKeySigningKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateKeySigningKeyOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *CreateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *CreateKeySigningKeyOutput { + s.ChangeInfo = v + return s +} + +// SetKeySigningKey sets the KeySigningKey field's value. +func (s *CreateKeySigningKeyOutput) SetKeySigningKey(v *KeySigningKey) *CreateKeySigningKeyOutput { + s.KeySigningKey = v + return s +} + +// SetLocation sets the Location field's value. +func (s *CreateKeySigningKeyOutput) SetLocation(v string) *CreateKeySigningKeyOutput { + s.Location = &v + return s +} + type CreateQueryLoggingConfigInput struct { _ struct{} `locationName:"CreateQueryLoggingConfigRequest" type:"structure" xmlURI:"https://route53.amazonaws.com/doc/2013-04-01/"` @@ -8088,6 +9055,132 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc return s } +// A string repesenting the status of DNSSEC signing. +type DNSSECStatus struct { + _ struct{} `type:"structure"` + + // Indicates your hosted zone signging status: SIGNING, NOT_SIGNING, or INTERNAL_FAILURE. + // If the status is INTERNAL_FAILURE, see StatusMessage for information about + // steps that you can take to correct the problem. + // + // A status INTERNAL_FAILURE means there was an error during a request. Before + // you can continue to work with DNSSEC signing, including working with key + // signing keys (KSKs), you must correct the problem by enabling or disabling + // DNSSEC signing for the hosted zone. + ServeSignature *string `min:"1" type:"string"` + + // The status message provided for the following DNSSEC signing status: INTERNAL_FAILURE. + // The status message includes information about what the problem might be and + // steps that you can take to correct the issue. + StatusMessage *string `type:"string"` +} + +// String returns the string representation +func (s DNSSECStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DNSSECStatus) GoString() string { + return s.String() +} + +// SetServeSignature sets the ServeSignature field's value. +func (s *DNSSECStatus) SetServeSignature(v string) *DNSSECStatus { + s.ServeSignature = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *DNSSECStatus) SetStatusMessage(v string) *DNSSECStatus { + s.StatusMessage = &v + return s +} + +type DeactivateKeySigningKeyInput struct { + _ struct{} `locationName:"DeactivateKeySigningKeyRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` + + // An alphanumeric string used to identify a key signing key (KSK). + // + // Name is a required field + Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeactivateKeySigningKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeactivateKeySigningKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeactivateKeySigningKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeactivateKeySigningKeyInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Name", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *DeactivateKeySigningKeyInput) SetHostedZoneId(v string) *DeactivateKeySigningKeyInput { + s.HostedZoneId = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeactivateKeySigningKeyInput) SetName(v string) *DeactivateKeySigningKeyInput { + s.Name = &v + return s +} + +type DeactivateKeySigningKeyOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` +} + +// String returns the string representation +func (s DeactivateKeySigningKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeactivateKeySigningKeyOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *DeactivateKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *DeactivateKeySigningKeyOutput { + s.ChangeInfo = v + return s +} + // A complex type that lists the name servers in a delegation set, as well as // the CallerReference and the ID for the delegation set. type DelegationSet struct { @@ -8261,6 +9354,90 @@ func (s *DeleteHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *DeleteHostedZoneO return s } +type DeleteKeySigningKeyInput struct { + _ struct{} `locationName:"DeleteKeySigningKeyRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` + + // An alphanumeric string used to identify a key signing key (KSK). + // + // Name is a required field + Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteKeySigningKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteKeySigningKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteKeySigningKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteKeySigningKeyInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 3 { + invalidParams.Add(request.NewErrParamMinLen("Name", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *DeleteKeySigningKeyInput) SetHostedZoneId(v string) *DeleteKeySigningKeyInput { + s.HostedZoneId = &v + return s +} + +// SetName sets the Name field's value. +func (s *DeleteKeySigningKeyInput) SetName(v string) *DeleteKeySigningKeyInput { + s.Name = &v + return s +} + +type DeleteKeySigningKeyOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` +} + +// String returns the string representation +func (s DeleteKeySigningKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteKeySigningKeyOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *DeleteKeySigningKeyOutput) SetChangeInfo(v *ChangeInfo) *DeleteKeySigningKeyOutput { + s.ChangeInfo = v + return s +} + type DeleteQueryLoggingConfigInput struct { _ struct{} `locationName:"DeleteQueryLoggingConfigRequest" type:"structure"` @@ -8630,6 +9807,73 @@ func (s *Dimension) SetValue(v string) *Dimension { return s } +type DisableHostedZoneDNSSECInput struct { + _ struct{} `locationName:"DisableHostedZoneDNSSECRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisableHostedZoneDNSSECInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableHostedZoneDNSSECInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableHostedZoneDNSSECInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableHostedZoneDNSSECInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *DisableHostedZoneDNSSECInput) SetHostedZoneId(v string) *DisableHostedZoneDNSSECInput { + s.HostedZoneId = &v + return s +} + +type DisableHostedZoneDNSSECOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` +} + +// String returns the string representation +func (s DisableHostedZoneDNSSECOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableHostedZoneDNSSECOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *DisableHostedZoneDNSSECOutput) SetChangeInfo(v *ChangeInfo) *DisableHostedZoneDNSSECOutput { + s.ChangeInfo = v + return s +} + // A complex type that contains information about the VPC that you want to disassociate // from a specified private hosted zone. type DisassociateVPCFromHostedZoneInput struct { @@ -8730,6 +9974,73 @@ func (s *DisassociateVPCFromHostedZoneOutput) SetChangeInfo(v *ChangeInfo) *Disa return s } +type EnableHostedZoneDNSSECInput struct { + _ struct{} `locationName:"EnableHostedZoneDNSSECRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s EnableHostedZoneDNSSECInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableHostedZoneDNSSECInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableHostedZoneDNSSECInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableHostedZoneDNSSECInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *EnableHostedZoneDNSSECInput) SetHostedZoneId(v string) *EnableHostedZoneDNSSECInput { + s.HostedZoneId = &v + return s +} + +type EnableHostedZoneDNSSECOutput struct { + _ struct{} `type:"structure"` + + // A complex type that describes change information about changes made to your + // hosted zone. + // + // ChangeInfo is a required field + ChangeInfo *ChangeInfo `type:"structure" required:"true"` +} + +// String returns the string representation +func (s EnableHostedZoneDNSSECOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableHostedZoneDNSSECOutput) GoString() string { + return s.String() +} + +// SetChangeInfo sets the ChangeInfo field's value. +func (s *EnableHostedZoneDNSSECOutput) SetChangeInfo(v *ChangeInfo) *EnableHostedZoneDNSSECOutput { + s.ChangeInfo = v + return s +} + // A complex type that contains information about a geographic location. type GeoLocation struct { _ struct{} `type:"structure"` @@ -9106,6 +10417,83 @@ func (s *GetCheckerIpRangesOutput) SetCheckerIpRanges(v []*string) *GetCheckerIp return s } +type GetDNSSECInput struct { + _ struct{} `locationName:"GetDNSSECRequest" type:"structure"` + + // A unique string used to identify a hosted zone. + // + // HostedZoneId is a required field + HostedZoneId *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetDNSSECInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDNSSECInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetDNSSECInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetDNSSECInput"} + if s.HostedZoneId == nil { + invalidParams.Add(request.NewErrParamRequired("HostedZoneId")) + } + if s.HostedZoneId != nil && len(*s.HostedZoneId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("HostedZoneId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHostedZoneId sets the HostedZoneId field's value. +func (s *GetDNSSECInput) SetHostedZoneId(v string) *GetDNSSECInput { + s.HostedZoneId = &v + return s +} + +type GetDNSSECOutput struct { + _ struct{} `type:"structure"` + + // The key signing keys (KSKs) in your account. + // + // KeySigningKeys is a required field + KeySigningKeys []*KeySigningKey `type:"list" required:"true"` + + // A string repesenting the status of DNSSEC. + // + // Status is a required field + Status *DNSSECStatus `type:"structure" required:"true"` +} + +// String returns the string representation +func (s GetDNSSECOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDNSSECOutput) GoString() string { + return s.String() +} + +// SetKeySigningKeys sets the KeySigningKeys field's value. +func (s *GetDNSSECOutput) SetKeySigningKeys(v []*KeySigningKey) *GetDNSSECOutput { + s.KeySigningKeys = v + return s +} + +// SetStatus sets the Status field's value. +func (s *GetDNSSECOutput) SetStatus(v *DNSSECStatus) *GetDNSSECOutput { + s.Status = v + return s +} + // A request for information about whether a specified geographic location is // supported for Amazon Route 53 geolocation resource record sets. type GetGeoLocationInput struct { @@ -10992,6 +12380,237 @@ func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary { return s } +// A key signing key (KSK) is a complex type that represents a public/private +// key pair. The private key is used to generate a digital signature for the +// zone signing key (ZSK). The public key is stored in the DNS and is used to +// authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot +// exist by itself. +type KeySigningKey struct { + _ struct{} `type:"structure"` + + // The date when the key signing key (KSK) was created. + CreatedDate *time.Time `type:"timestamp"` + + // A string that represents a DNSKEY record. + DNSKEYRecord *string `type:"string"` + + // A string that represents a delegation signer (DS) record. + DSRecord *string `type:"string"` + + // A string used to represent the delegation signer digest algorithm. This value + // must follow the guidelines provided by RFC-8624 Section 3.3 (https://tools.ietf.org/html/rfc8624#section-3.3). + DigestAlgorithmMnemonic *string `type:"string"` + + // An integer used to represent the delegation signer digest algorithm. This + // value must follow the guidelines provided by RFC-8624 Section 3.3 (https://tools.ietf.org/html/rfc8624#section-3.3). + DigestAlgorithmType *int64 `type:"integer"` + + // A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are + // used to publish the public key that resolvers can use to verify DNSSEC signatures + // that are used to secure certain kinds of information provided by the DNS + // system. + DigestValue *string `type:"string"` + + // An integer that specifies how the key is used. For key signing key (KSK), + // this value is always 257. + Flag *int64 `type:"integer"` + + // An integer used to identify the DNSSEC record for the domain name. The process + // used to calculate the value is described in RFC-4034 Appendix B (https://tools.ietf.org/rfc/rfc4034.txt). + KeyTag *int64 `type:"integer"` + + // The Amazon resource name (ARN) used to identify the customer managed key + // (CMK) in AWS Key Management Service (KMS). The KmsArn must be unique for + // each key signing key (KSK) in a single hosted zone. + // + // You must configure the CMK as follows: + // + // Status + // + // Enabled + // + // Key spec + // + // ECC_NIST_P256 + // + // Key usage + // + // Sign and verify + // + // Key policy + // + // The key policy must give permission for the following actions: + // + // * DescribeKey + // + // * GetPublicKey + // + // * Sign + // + // The key policy must also include the Amazon Route 53 service in the principal + // for your account. Specify the following: + // + // * "Service": "api-service.dnssec.route53.aws.internal" + // + // For more information about working with the customer managed key (CMK) in + // KMS, see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). + KmsArn *string `type:"string"` + + // The last time that the key signing key (KSK) was changed. + LastModifiedDate *time.Time `type:"timestamp"` + + // An alphanumeric string used to identify a key signing key (KSK). Name must + // be unique for each key signing key in the same hosted zone. + Name *string `min:"3" type:"string"` + + // The public key, represented as a Base64 encoding, as required by RFC-4034 + // Page 5 (https://tools.ietf.org/rfc/rfc4034.txt). + PublicKey *string `type:"string"` + + // A string used to represent the signing algorithm. This value must follow + // the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1). + SigningAlgorithmMnemonic *string `type:"string"` + + // An integer used to represent the signing algorithm. This value must follow + // the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1). + SigningAlgorithmType *int64 `type:"integer"` + + // A string that represents the current key signing key (KSK) status. + // + // Status can have one of the following values: + // + // ACTIVE + // + // The KSK is being used for signing. + // + // INACTIVE + // + // The KSK is not being used for signing. + // + // ACTION_NEEDED + // + // There is an error in the KSK that requires you to take action to resolve. + // + // INTERNAL_FAILURE + // + // There was an error during a request. Before you can continue to work with + // DNSSEC signing, including actions that involve this KSK, you must correct + // the problem. For example, you may need to activate or deactivate the KSK. + Status *string `min:"5" type:"string"` + + // The status message provided for the following key signing key (KSK) statuses: + // ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information + // about what the problem might be and steps that you can take to correct the + // issue. + StatusMessage *string `type:"string"` +} + +// String returns the string representation +func (s KeySigningKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeySigningKey) GoString() string { + return s.String() +} + +// SetCreatedDate sets the CreatedDate field's value. +func (s *KeySigningKey) SetCreatedDate(v time.Time) *KeySigningKey { + s.CreatedDate = &v + return s +} + +// SetDNSKEYRecord sets the DNSKEYRecord field's value. +func (s *KeySigningKey) SetDNSKEYRecord(v string) *KeySigningKey { + s.DNSKEYRecord = &v + return s +} + +// SetDSRecord sets the DSRecord field's value. +func (s *KeySigningKey) SetDSRecord(v string) *KeySigningKey { + s.DSRecord = &v + return s +} + +// SetDigestAlgorithmMnemonic sets the DigestAlgorithmMnemonic field's value. +func (s *KeySigningKey) SetDigestAlgorithmMnemonic(v string) *KeySigningKey { + s.DigestAlgorithmMnemonic = &v + return s +} + +// SetDigestAlgorithmType sets the DigestAlgorithmType field's value. +func (s *KeySigningKey) SetDigestAlgorithmType(v int64) *KeySigningKey { + s.DigestAlgorithmType = &v + return s +} + +// SetDigestValue sets the DigestValue field's value. +func (s *KeySigningKey) SetDigestValue(v string) *KeySigningKey { + s.DigestValue = &v + return s +} + +// SetFlag sets the Flag field's value. +func (s *KeySigningKey) SetFlag(v int64) *KeySigningKey { + s.Flag = &v + return s +} + +// SetKeyTag sets the KeyTag field's value. +func (s *KeySigningKey) SetKeyTag(v int64) *KeySigningKey { + s.KeyTag = &v + return s +} + +// SetKmsArn sets the KmsArn field's value. +func (s *KeySigningKey) SetKmsArn(v string) *KeySigningKey { + s.KmsArn = &v + return s +} + +// SetLastModifiedDate sets the LastModifiedDate field's value. +func (s *KeySigningKey) SetLastModifiedDate(v time.Time) *KeySigningKey { + s.LastModifiedDate = &v + return s +} + +// SetName sets the Name field's value. +func (s *KeySigningKey) SetName(v string) *KeySigningKey { + s.Name = &v + return s +} + +// SetPublicKey sets the PublicKey field's value. +func (s *KeySigningKey) SetPublicKey(v string) *KeySigningKey { + s.PublicKey = &v + return s +} + +// SetSigningAlgorithmMnemonic sets the SigningAlgorithmMnemonic field's value. +func (s *KeySigningKey) SetSigningAlgorithmMnemonic(v string) *KeySigningKey { + s.SigningAlgorithmMnemonic = &v + return s +} + +// SetSigningAlgorithmType sets the SigningAlgorithmType field's value. +func (s *KeySigningKey) SetSigningAlgorithmType(v int64) *KeySigningKey { + s.SigningAlgorithmType = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *KeySigningKey) SetStatus(v string) *KeySigningKey { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *KeySigningKey) SetStatusMessage(v string) *KeySigningKey { + s.StatusMessage = &v + return s +} + // If a health check or hosted zone was created by another service, LinkedService // is a complex type that describes the service that created the resource. When // a resource is created by another service, you can't edit or delete it using @@ -15797,6 +17416,9 @@ const ( // RRTypeCaa is a RRType enum value RRTypeCaa = "CAA" + + // RRTypeDs is a RRType enum value + RRTypeDs = "DS" ) // RRType_Values returns all elements of the RRType enum @@ -15814,6 +17436,7 @@ func RRType_Values() []string { RRTypeSpf, RRTypeAaaa, RRTypeCaa, + RRTypeDs, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go b/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go index 23b4270b94..1a3b3d1a36 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/errors.go @@ -40,6 +40,12 @@ const ( // specified the type in the JSON document in the CreateTrafficPolicy or CreateTrafficPolicyVersionrequest. ErrCodeConflictingTypes = "ConflictingTypes" + // ErrCodeDNSSECNotFound for service response error code + // "DNSSECNotFound". + // + // The hosted zone doesn't have any DNSSEC resources. + ErrCodeDNSSECNotFound = "DNSSECNotFound" + // ErrCodeDelegationSetAlreadyCreated for service response error code // "DelegationSetAlreadyCreated". // @@ -129,6 +135,13 @@ const ( // The specified hosted zone is a public hosted zone, not a private hosted zone. ErrCodeHostedZoneNotPrivate = "HostedZoneNotPrivate" + // ErrCodeHostedZonePartiallyDelegated for service response error code + // "HostedZonePartiallyDelegated". + // + // The hosted zone nameservers don't match the parent nameservers. The hosted + // zone and parent must have the same nameservers. + ErrCodeHostedZonePartiallyDelegated = "HostedZonePartiallyDelegated" + // ErrCodeIncompatibleVersion for service response error code // "IncompatibleVersion". // @@ -154,7 +167,7 @@ const ( // ErrCodeInvalidArgument for service response error code // "InvalidArgument". // - // Parameter name is invalid. + // Parameter name is not valid. ErrCodeInvalidArgument = "InvalidArgument" // ErrCodeInvalidChangeBatch for service response error code @@ -176,6 +189,26 @@ const ( // The input is not valid. ErrCodeInvalidInput = "InvalidInput" + // ErrCodeInvalidKMSArn for service response error code + // "InvalidKMSArn". + // + // The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC + // signing. + ErrCodeInvalidKMSArn = "InvalidKMSArn" + + // ErrCodeInvalidKeySigningKeyName for service response error code + // "InvalidKeySigningKeyName". + // + // The key signing key (KSK) name that you specified isn't a valid name. + ErrCodeInvalidKeySigningKeyName = "InvalidKeySigningKeyName" + + // ErrCodeInvalidKeySigningKeyStatus for service response error code + // "InvalidKeySigningKeyStatus". + // + // The key signing key (KSK) status isn't valid or another KSK has the status + // INTERNAL_FAILURE. + ErrCodeInvalidKeySigningKeyStatus = "InvalidKeySigningKeyStatus" + // ErrCodeInvalidPaginationToken for service response error code // "InvalidPaginationToken". // @@ -183,11 +216,18 @@ const ( // is invalid. ErrCodeInvalidPaginationToken = "InvalidPaginationToken" + // ErrCodeInvalidSigningStatus for service response error code + // "InvalidSigningStatus". + // + // Your hosted zone status isn't valid for this operation. In the hosted zone, + // change the status to enable DNSSEC or disable DNSSEC. + ErrCodeInvalidSigningStatus = "InvalidSigningStatus" + // ErrCodeInvalidTrafficPolicyDocument for service response error code // "InvalidTrafficPolicyDocument". // // The format of the traffic policy document that you specified in the Document - // element is invalid. + // element is not valid. ErrCodeInvalidTrafficPolicyDocument = "InvalidTrafficPolicyDocument" // ErrCodeInvalidVPCId for service response error code @@ -197,6 +237,33 @@ const ( // is not authorized to access this VPC. ErrCodeInvalidVPCId = "InvalidVPCId" + // ErrCodeKeySigningKeyAlreadyExists for service response error code + // "KeySigningKeyAlreadyExists". + // + // You've already created a key signing key (KSK) with this name or with the + // same customer managed key (CMK) ARN. + ErrCodeKeySigningKeyAlreadyExists = "KeySigningKeyAlreadyExists" + + // ErrCodeKeySigningKeyInParentDSRecord for service response error code + // "KeySigningKeyInParentDSRecord". + // + // The key signing key (KSK) is specified in a parent DS record. + ErrCodeKeySigningKeyInParentDSRecord = "KeySigningKeyInParentDSRecord" + + // ErrCodeKeySigningKeyInUse for service response error code + // "KeySigningKeyInUse". + // + // The key signing key (KSK) that you specified can't be deactivated because + // it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, + // or add or enable another KSK. + ErrCodeKeySigningKeyInUse = "KeySigningKeyInUse" + + // ErrCodeKeySigningKeyWithActiveStatusNotFound for service response error code + // "KeySigningKeyWithActiveStatusNotFound". + // + // A key signing key (KSK) with ACTIVE status wasn't found. + ErrCodeKeySigningKeyWithActiveStatusNotFound = "KeySigningKeyWithActiveStatusNotFound" + // ErrCodeLastVPCAssociation for service response error code // "LastVPCAssociation". // @@ -257,6 +324,12 @@ const ( // No hosted zone exists with the ID that you specified. ErrCodeNoSuchHostedZone = "NoSuchHostedZone" + // ErrCodeNoSuchKeySigningKey for service response error code + // "NoSuchKeySigningKey". + // + // The specified key signing key (KSK) doesn't exist. + ErrCodeNoSuchKeySigningKey = "NoSuchKeySigningKey" + // ErrCodeNoSuchQueryLoggingConfig for service response error code // "NoSuchQueryLoggingConfig". // @@ -352,6 +425,13 @@ const ( // with the AWS Support Center. ErrCodeTooManyHostedZones = "TooManyHostedZones" + // ErrCodeTooManyKeySigningKeys for service response error code + // "TooManyKeySigningKeys". + // + // You've reached the limit for the number of key signing keys (KSKs). Remove + // at least one KSK, and then try again. + ErrCodeTooManyKeySigningKeys = "TooManyKeySigningKeys" + // ErrCodeTooManyTrafficPolicies for service response error code // "TooManyTrafficPolicies". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/route53/route53iface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/route53/route53iface/interface.go index d1be6cc0bc..81ad6b4709 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/route53/route53iface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/route53/route53iface/interface.go @@ -26,7 +26,7 @@ import ( // // myFunc uses an SDK service client to make a request to // // Amazon Route 53. // func myFunc(svc route53iface.Route53API) bool { -// // Make svc.AssociateVPCWithHostedZone request +// // Make svc.ActivateKeySigningKey request // } // // func main() { @@ -42,7 +42,7 @@ import ( // type mockRoute53Client struct { // route53iface.Route53API // } -// func (m *mockRoute53Client) AssociateVPCWithHostedZone(input *route53.AssociateVPCWithHostedZoneInput) (*route53.AssociateVPCWithHostedZoneOutput, error) { +// func (m *mockRoute53Client) ActivateKeySigningKey(input *route53.ActivateKeySigningKeyInput) (*route53.ActivateKeySigningKeyOutput, error) { // // mock response/functionality // } // @@ -60,6 +60,10 @@ import ( // and waiters. Its suggested to use the pattern above for testing, or using // tooling to generate mocks to satisfy the interfaces. type Route53API interface { + ActivateKeySigningKey(*route53.ActivateKeySigningKeyInput) (*route53.ActivateKeySigningKeyOutput, error) + ActivateKeySigningKeyWithContext(aws.Context, *route53.ActivateKeySigningKeyInput, ...request.Option) (*route53.ActivateKeySigningKeyOutput, error) + ActivateKeySigningKeyRequest(*route53.ActivateKeySigningKeyInput) (*request.Request, *route53.ActivateKeySigningKeyOutput) + AssociateVPCWithHostedZone(*route53.AssociateVPCWithHostedZoneInput) (*route53.AssociateVPCWithHostedZoneOutput, error) AssociateVPCWithHostedZoneWithContext(aws.Context, *route53.AssociateVPCWithHostedZoneInput, ...request.Option) (*route53.AssociateVPCWithHostedZoneOutput, error) AssociateVPCWithHostedZoneRequest(*route53.AssociateVPCWithHostedZoneInput) (*request.Request, *route53.AssociateVPCWithHostedZoneOutput) @@ -80,6 +84,10 @@ type Route53API interface { CreateHostedZoneWithContext(aws.Context, *route53.CreateHostedZoneInput, ...request.Option) (*route53.CreateHostedZoneOutput, error) CreateHostedZoneRequest(*route53.CreateHostedZoneInput) (*request.Request, *route53.CreateHostedZoneOutput) + CreateKeySigningKey(*route53.CreateKeySigningKeyInput) (*route53.CreateKeySigningKeyOutput, error) + CreateKeySigningKeyWithContext(aws.Context, *route53.CreateKeySigningKeyInput, ...request.Option) (*route53.CreateKeySigningKeyOutput, error) + CreateKeySigningKeyRequest(*route53.CreateKeySigningKeyInput) (*request.Request, *route53.CreateKeySigningKeyOutput) + CreateQueryLoggingConfig(*route53.CreateQueryLoggingConfigInput) (*route53.CreateQueryLoggingConfigOutput, error) CreateQueryLoggingConfigWithContext(aws.Context, *route53.CreateQueryLoggingConfigInput, ...request.Option) (*route53.CreateQueryLoggingConfigOutput, error) CreateQueryLoggingConfigRequest(*route53.CreateQueryLoggingConfigInput) (*request.Request, *route53.CreateQueryLoggingConfigOutput) @@ -104,6 +112,10 @@ type Route53API interface { CreateVPCAssociationAuthorizationWithContext(aws.Context, *route53.CreateVPCAssociationAuthorizationInput, ...request.Option) (*route53.CreateVPCAssociationAuthorizationOutput, error) CreateVPCAssociationAuthorizationRequest(*route53.CreateVPCAssociationAuthorizationInput) (*request.Request, *route53.CreateVPCAssociationAuthorizationOutput) + DeactivateKeySigningKey(*route53.DeactivateKeySigningKeyInput) (*route53.DeactivateKeySigningKeyOutput, error) + DeactivateKeySigningKeyWithContext(aws.Context, *route53.DeactivateKeySigningKeyInput, ...request.Option) (*route53.DeactivateKeySigningKeyOutput, error) + DeactivateKeySigningKeyRequest(*route53.DeactivateKeySigningKeyInput) (*request.Request, *route53.DeactivateKeySigningKeyOutput) + DeleteHealthCheck(*route53.DeleteHealthCheckInput) (*route53.DeleteHealthCheckOutput, error) DeleteHealthCheckWithContext(aws.Context, *route53.DeleteHealthCheckInput, ...request.Option) (*route53.DeleteHealthCheckOutput, error) DeleteHealthCheckRequest(*route53.DeleteHealthCheckInput) (*request.Request, *route53.DeleteHealthCheckOutput) @@ -112,6 +124,10 @@ type Route53API interface { DeleteHostedZoneWithContext(aws.Context, *route53.DeleteHostedZoneInput, ...request.Option) (*route53.DeleteHostedZoneOutput, error) DeleteHostedZoneRequest(*route53.DeleteHostedZoneInput) (*request.Request, *route53.DeleteHostedZoneOutput) + DeleteKeySigningKey(*route53.DeleteKeySigningKeyInput) (*route53.DeleteKeySigningKeyOutput, error) + DeleteKeySigningKeyWithContext(aws.Context, *route53.DeleteKeySigningKeyInput, ...request.Option) (*route53.DeleteKeySigningKeyOutput, error) + DeleteKeySigningKeyRequest(*route53.DeleteKeySigningKeyInput) (*request.Request, *route53.DeleteKeySigningKeyOutput) + DeleteQueryLoggingConfig(*route53.DeleteQueryLoggingConfigInput) (*route53.DeleteQueryLoggingConfigOutput, error) DeleteQueryLoggingConfigWithContext(aws.Context, *route53.DeleteQueryLoggingConfigInput, ...request.Option) (*route53.DeleteQueryLoggingConfigOutput, error) DeleteQueryLoggingConfigRequest(*route53.DeleteQueryLoggingConfigInput) (*request.Request, *route53.DeleteQueryLoggingConfigOutput) @@ -132,10 +148,18 @@ type Route53API interface { DeleteVPCAssociationAuthorizationWithContext(aws.Context, *route53.DeleteVPCAssociationAuthorizationInput, ...request.Option) (*route53.DeleteVPCAssociationAuthorizationOutput, error) DeleteVPCAssociationAuthorizationRequest(*route53.DeleteVPCAssociationAuthorizationInput) (*request.Request, *route53.DeleteVPCAssociationAuthorizationOutput) + DisableHostedZoneDNSSEC(*route53.DisableHostedZoneDNSSECInput) (*route53.DisableHostedZoneDNSSECOutput, error) + DisableHostedZoneDNSSECWithContext(aws.Context, *route53.DisableHostedZoneDNSSECInput, ...request.Option) (*route53.DisableHostedZoneDNSSECOutput, error) + DisableHostedZoneDNSSECRequest(*route53.DisableHostedZoneDNSSECInput) (*request.Request, *route53.DisableHostedZoneDNSSECOutput) + DisassociateVPCFromHostedZone(*route53.DisassociateVPCFromHostedZoneInput) (*route53.DisassociateVPCFromHostedZoneOutput, error) DisassociateVPCFromHostedZoneWithContext(aws.Context, *route53.DisassociateVPCFromHostedZoneInput, ...request.Option) (*route53.DisassociateVPCFromHostedZoneOutput, error) DisassociateVPCFromHostedZoneRequest(*route53.DisassociateVPCFromHostedZoneInput) (*request.Request, *route53.DisassociateVPCFromHostedZoneOutput) + EnableHostedZoneDNSSEC(*route53.EnableHostedZoneDNSSECInput) (*route53.EnableHostedZoneDNSSECOutput, error) + EnableHostedZoneDNSSECWithContext(aws.Context, *route53.EnableHostedZoneDNSSECInput, ...request.Option) (*route53.EnableHostedZoneDNSSECOutput, error) + EnableHostedZoneDNSSECRequest(*route53.EnableHostedZoneDNSSECInput) (*request.Request, *route53.EnableHostedZoneDNSSECOutput) + GetAccountLimit(*route53.GetAccountLimitInput) (*route53.GetAccountLimitOutput, error) GetAccountLimitWithContext(aws.Context, *route53.GetAccountLimitInput, ...request.Option) (*route53.GetAccountLimitOutput, error) GetAccountLimitRequest(*route53.GetAccountLimitInput) (*request.Request, *route53.GetAccountLimitOutput) @@ -148,6 +172,10 @@ type Route53API interface { GetCheckerIpRangesWithContext(aws.Context, *route53.GetCheckerIpRangesInput, ...request.Option) (*route53.GetCheckerIpRangesOutput, error) GetCheckerIpRangesRequest(*route53.GetCheckerIpRangesInput) (*request.Request, *route53.GetCheckerIpRangesOutput) + GetDNSSEC(*route53.GetDNSSECInput) (*route53.GetDNSSECOutput, error) + GetDNSSECWithContext(aws.Context, *route53.GetDNSSECInput, ...request.Option) (*route53.GetDNSSECOutput, error) + GetDNSSECRequest(*route53.GetDNSSECInput) (*request.Request, *route53.GetDNSSECOutput) + GetGeoLocation(*route53.GetGeoLocationInput) (*route53.GetGeoLocationOutput, error) GetGeoLocationWithContext(aws.Context, *route53.GetGeoLocationInput, ...request.Option) (*route53.GetGeoLocationOutput, error) GetGeoLocationRequest(*route53.GetGeoLocationInput) (*request.Request, *route53.GetGeoLocationOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 66700cce13..89a0a29aff 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -19563,7 +19563,7 @@ type GetObjectInput struct { ResponseContentType *string `location:"querystring" locationName:"response-content-type" type:"string"` // Sets the Expires header of the response. - ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp"` + ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` // Specifies the algorithm to use to when encrypting the object (for example, // AES256). diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/service/sso/BUILD.bazel new file mode 100644 index 0000000000..10314a369a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/BUILD.bazel @@ -0,0 +1,25 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "api.go", + "doc.go", + "errors.go", + "service.go", + ], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/service/sso", + importpath = "github.com/aws/aws-sdk-go/service/sso", + visibility = ["//visibility:public"], + deps = [ + "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/awsutil:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/client:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/client/metadata:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/credentials:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/signer/v4:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/private/protocol/restjson:go_default_library", + ], +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go new file mode 100644 index 0000000000..4498f285e4 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go @@ -0,0 +1,1210 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +const opGetRoleCredentials = "GetRoleCredentials" + +// GetRoleCredentialsRequest generates a "aws/request.Request" representing the +// client's request for the GetRoleCredentials operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetRoleCredentials for more information on using the GetRoleCredentials +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetRoleCredentialsRequest method. +// req, resp := client.GetRoleCredentialsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials +func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) { + op := &request.Operation{ + Name: opGetRoleCredentials, + HTTPMethod: "GET", + HTTPPath: "/federation/credentials", + } + + if input == nil { + input = &GetRoleCredentialsInput{} + } + + output = &GetRoleCredentialsOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// GetRoleCredentials API operation for AWS Single Sign-On. +// +// Returns the STS short-term credentials for a given role name that is assigned +// to the user. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation GetRoleCredentials for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// * UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// * TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// * ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials +func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) { + req, out := c.GetRoleCredentialsRequest(input) + return out, req.Send() +} + +// GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of +// the ability to pass a context and additional request options. +// +// See GetRoleCredentials for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error) { + req, out := c.GetRoleCredentialsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListAccountRoles = "ListAccountRoles" + +// ListAccountRolesRequest generates a "aws/request.Request" representing the +// client's request for the ListAccountRoles operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAccountRoles for more information on using the ListAccountRoles +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListAccountRolesRequest method. +// req, resp := client.ListAccountRolesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles +func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) { + op := &request.Operation{ + Name: opListAccountRoles, + HTTPMethod: "GET", + HTTPPath: "/assignment/roles", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountRolesInput{} + } + + output = &ListAccountRolesOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// ListAccountRoles API operation for AWS Single Sign-On. +// +// Lists all roles that are assigned to the user for a given AWS account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation ListAccountRoles for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// * UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// * TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// * ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles +func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) { + req, out := c.ListAccountRolesRequest(input) + return out, req.Send() +} + +// ListAccountRolesWithContext is the same as ListAccountRoles with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccountRoles for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error) { + req, out := c.ListAccountRolesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountRolesPages iterates over the pages of a ListAccountRoles operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccountRoles method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccountRoles operation. +// pageNum := 0 +// err := client.ListAccountRolesPages(params, +// func(page *sso.ListAccountRolesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error { + return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountRolesPagesWithContext same as ListAccountRolesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountRolesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountRolesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAccountRolesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListAccounts = "ListAccounts" + +// ListAccountsRequest generates a "aws/request.Request" representing the +// client's request for the ListAccounts operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAccounts for more information on using the ListAccounts +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListAccountsRequest method. +// req, resp := client.ListAccountsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts +func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { + op := &request.Operation{ + Name: opListAccounts, + HTTPMethod: "GET", + HTTPPath: "/assignment/accounts", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAccountsInput{} + } + + output = &ListAccountsOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + return +} + +// ListAccounts API operation for AWS Single Sign-On. +// +// Lists all AWS accounts assigned to the user. These AWS accounts are assigned +// by the administrator of the account. For more information, see Assign User +// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers) +// in the AWS SSO User Guide. This operation returns a paginated response. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation ListAccounts for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// * UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// * TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// * ResourceNotFoundException +// The specified resource doesn't exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts +func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + return out, req.Send() +} + +// ListAccountsWithContext is the same as ListAccounts with the addition of +// the ability to pass a context and additional request options. +// +// See ListAccounts for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { + req, out := c.ListAccountsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAccountsPages iterates over the pages of a ListAccounts operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAccounts method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAccounts operation. +// pageNum := 0 +// err := client.ListAccountsPages(params, +// func(page *sso.ListAccountsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { + return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAccountsPagesWithContext same as ListAccountsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAccountsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAccountsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opLogout = "Logout" + +// LogoutRequest generates a "aws/request.Request" representing the +// client's request for the Logout operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See Logout for more information on using the Logout +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the LogoutRequest method. +// req, resp := client.LogoutRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout +func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) { + op := &request.Operation{ + Name: opLogout, + HTTPMethod: "POST", + HTTPPath: "/logout", + } + + if input == nil { + input = &LogoutInput{} + } + + output = &LogoutOutput{} + req = c.newRequest(op, input, output) + req.Config.Credentials = credentials.AnonymousCredentials + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// Logout API operation for AWS Single Sign-On. +// +// Removes the client- and server-side session that is associated with the user. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Single Sign-On's +// API operation Logout for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// * UnauthorizedException +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +// +// * TooManyRequestsException +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout +func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) { + req, out := c.LogoutRequest(input) + return out, req.Send() +} + +// LogoutWithContext is the same as Logout with the addition of +// the ability to pass a context and additional request options. +// +// See Logout for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error) { + req, out := c.LogoutRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// Provides information about your AWS account. +type AccountInfo struct { + _ struct{} `type:"structure"` + + // The identifier of the AWS account that is assigned to the user. + AccountId *string `locationName:"accountId" type:"string"` + + // The display name of the AWS account that is assigned to the user. + AccountName *string `locationName:"accountName" type:"string"` + + // The email address of the AWS account that is assigned to the user. + EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"` +} + +// String returns the string representation +func (s AccountInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccountInfo) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *AccountInfo) SetAccountId(v string) *AccountInfo { + s.AccountId = &v + return s +} + +// SetAccountName sets the AccountName field's value. +func (s *AccountInfo) SetAccountName(v string) *AccountInfo { + s.AccountName = &v + return s +} + +// SetEmailAddress sets the EmailAddress field's value. +func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo { + s.EmailAddress = &v + return s +} + +type GetRoleCredentialsInput struct { + _ struct{} `type:"structure"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the AWS SSO OIDC API Reference Guide. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // The identifier for the AWS account that is assigned to the user. + // + // AccountId is a required field + AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"` + + // The friendly name of the role that is assigned to the user. + // + // RoleName is a required field + RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetRoleCredentialsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetRoleCredentialsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetRoleCredentialsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetRoleCredentialsInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + if s.RoleName == nil { + invalidParams.Add(request.NewErrParamRequired("RoleName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput { + s.AccessToken = &v + return s +} + +// SetAccountId sets the AccountId field's value. +func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput { + s.AccountId = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput { + s.RoleName = &v + return s +} + +type GetRoleCredentialsOutput struct { + _ struct{} `type:"structure"` + + // The credentials for the role that is assigned to the user. + RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"` +} + +// String returns the string representation +func (s GetRoleCredentialsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetRoleCredentialsOutput) GoString() string { + return s.String() +} + +// SetRoleCredentials sets the RoleCredentials field's value. +func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput { + s.RoleCredentials = v + return s +} + +// Indicates that a problem occurred with the input to the request. For example, +// a required parameter might be missing or out of range. +type InvalidRequestException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +type ListAccountRolesInput struct { + _ struct{} `type:"structure"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the AWS SSO OIDC API Reference Guide. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // The identifier for the AWS account that is assigned to the user. + // + // AccountId is a required field + AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"` + + // The number of items that clients can request per page. + MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"` + + // The page token from the previous response output when you request subsequent + // pages. + NextToken *string `location:"querystring" locationName:"next_token" type:"string"` +} + +// String returns the string representation +func (s ListAccountRolesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountRolesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountRolesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountRolesInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.AccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AccountId")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput { + s.AccessToken = &v + return s +} + +// SetAccountId sets the AccountId field's value. +func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput { + s.AccountId = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput { + s.NextToken = &v + return s +} + +type ListAccountRolesOutput struct { + _ struct{} `type:"structure"` + + // The page token client that is used to retrieve the list of accounts. + NextToken *string `locationName:"nextToken" type:"string"` + + // A paginated response with the list of roles and the next token if more results + // are available. + RoleList []*RoleInfo `locationName:"roleList" type:"list"` +} + +// String returns the string representation +func (s ListAccountRolesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountRolesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput { + s.NextToken = &v + return s +} + +// SetRoleList sets the RoleList field's value. +func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput { + s.RoleList = v + return s +} + +type ListAccountsInput struct { + _ struct{} `type:"structure"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the AWS SSO OIDC API Reference Guide. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` + + // This is the number of items clients can request per page. + MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"` + + // (Optional) When requesting subsequent pages, this is the page token from + // the previous response output. + NextToken *string `location:"querystring" locationName:"next_token" type:"string"` +} + +// String returns the string representation +func (s ListAccountsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccountsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput { + s.AccessToken = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { + s.NextToken = &v + return s +} + +type ListAccountsOutput struct { + _ struct{} `type:"structure"` + + // A paginated response with the list of account information and the next token + // if more results are available. + AccountList []*AccountInfo `locationName:"accountList" type:"list"` + + // The page token client that is used to retrieve the list of accounts. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s ListAccountsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccountsOutput) GoString() string { + return s.String() +} + +// SetAccountList sets the AccountList field's value. +func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput { + s.AccountList = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { + s.NextToken = &v + return s +} + +type LogoutInput struct { + _ struct{} `type:"structure"` + + // The token issued by the CreateToken API call. For more information, see CreateToken + // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) + // in the AWS SSO OIDC API Reference Guide. + // + // AccessToken is a required field + AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation +func (s LogoutInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LogoutInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *LogoutInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "LogoutInput"} + if s.AccessToken == nil { + invalidParams.Add(request.NewErrParamRequired("AccessToken")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessToken sets the AccessToken field's value. +func (s *LogoutInput) SetAccessToken(v string) *LogoutInput { + s.AccessToken = &v + return s +} + +type LogoutOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s LogoutOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LogoutOutput) GoString() string { + return s.String() +} + +// The specified resource doesn't exist. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Provides information about the role credentials that are assigned to the +// user. +type RoleCredentials struct { + _ struct{} `type:"structure"` + + // The identifier used for the temporary security credentials. For more information, + // see Using Temporary Security Credentials to Request Access to AWS Resources + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + AccessKeyId *string `locationName:"accessKeyId" type:"string"` + + // The date on which temporary security credentials expire. + Expiration *int64 `locationName:"expiration" type:"long"` + + // The key that is used to sign the request. For more information, see Using + // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"` + + // The token used for temporary credentials. For more information, see Using + // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) + // in the AWS IAM User Guide. + SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"` +} + +// String returns the string representation +func (s RoleCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RoleCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials { + s.SessionToken = &v + return s +} + +// Provides information about the role that is assigned to the user. +type RoleInfo struct { + _ struct{} `type:"structure"` + + // The identifier of the AWS account assigned to the user. + AccountId *string `locationName:"accountId" type:"string"` + + // The friendly name of the role that is assigned to the user. + RoleName *string `locationName:"roleName" type:"string"` +} + +// String returns the string representation +func (s RoleInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s RoleInfo) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *RoleInfo) SetAccountId(v string) *RoleInfo { + s.AccountId = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *RoleInfo) SetRoleName(v string) *RoleInfo { + s.RoleName = &v + return s +} + +// Indicates that the request is being made too frequently and is more than +// what the server can handle. +type TooManyRequestsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s TooManyRequestsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TooManyRequestsException) GoString() string { + return s.String() +} + +func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error { + return &TooManyRequestsException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *TooManyRequestsException) Code() string { + return "TooManyRequestsException" +} + +// Message returns the exception's message. +func (s *TooManyRequestsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TooManyRequestsException) OrigErr() error { + return nil +} + +func (s *TooManyRequestsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *TooManyRequestsException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TooManyRequestsException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Indicates that the request is not authorized. This can happen due to an invalid +// access token in the request. +type UnauthorizedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation +func (s UnauthorizedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UnauthorizedException) GoString() string { + return s.String() +} + +func newErrorUnauthorizedException(v protocol.ResponseMetadata) error { + return &UnauthorizedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *UnauthorizedException) Code() string { + return "UnauthorizedException" +} + +// Message returns the exception's message. +func (s *UnauthorizedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *UnauthorizedException) OrigErr() error { + return nil +} + +func (s *UnauthorizedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *UnauthorizedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *UnauthorizedException) RequestID() string { + return s.RespMetadata.RequestID +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go new file mode 100644 index 0000000000..92d82b2afb --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go @@ -0,0 +1,44 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package sso provides the client and types for making API +// requests to AWS Single Sign-On. +// +// AWS Single Sign-On Portal is a web service that makes it easy for you to +// assign user access to AWS SSO resources such as the user portal. Users can +// get AWS account applications and roles assigned to them and get federated +// into the application. +// +// For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) +// in the AWS SSO User Guide. +// +// This API reference guide describes the AWS SSO Portal operations that you +// can call programatically and includes detailed information on data types +// and errors. +// +// AWS provides SDKs that consist of libraries and sample code for various programming +// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs +// provide a convenient way to create programmatic access to AWS SSO and other +// AWS services. For more information about the AWS SDKs, including how to download +// and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/). +// +// See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service. +// +// See sso package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/ +// +// Using the Client +// +// To contact AWS Single Sign-On with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the AWS Single Sign-On client SSO for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New +package sso diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go new file mode 100644 index 0000000000..77a6792e35 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go @@ -0,0 +1,44 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeInvalidRequestException for service response error code + // "InvalidRequestException". + // + // Indicates that a problem occurred with the input to the request. For example, + // a required parameter might be missing or out of range. + ErrCodeInvalidRequestException = "InvalidRequestException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The specified resource doesn't exist. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + + // ErrCodeTooManyRequestsException for service response error code + // "TooManyRequestsException". + // + // Indicates that the request is being made too frequently and is more than + // what the server can handle. + ErrCodeTooManyRequestsException = "TooManyRequestsException" + + // ErrCodeUnauthorizedException for service response error code + // "UnauthorizedException". + // + // Indicates that the request is not authorized. This can happen due to an invalid + // access token in the request. + ErrCodeUnauthorizedException = "UnauthorizedException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "InvalidRequestException": newErrorInvalidRequestException, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "TooManyRequestsException": newErrorTooManyRequestsException, + "UnauthorizedException": newErrorUnauthorizedException, +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go new file mode 100644 index 0000000000..35175331fc --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go @@ -0,0 +1,104 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package sso + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// SSO provides the API operation methods for making requests to +// AWS Single Sign-On. See this package's package overview docs +// for details on the service. +// +// SSO methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type SSO struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "SSO" // Name of service. + EndpointsID = "portal.sso" // ID to lookup a service endpoint with. + ServiceID = "SSO" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the SSO client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// mySession := session.Must(session.NewSession()) +// +// // Create a SSO client from just a session. +// svc := sso.New(mySession) +// +// // Create a SSO client with additional configuration +// svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "awsssoportal" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName string) *SSO { + svc := &SSO{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2019-06-10", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a SSO operation and runs any +// custom request initialization. +func (c *SSO) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/BUILD.bazel b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/BUILD.bazel new file mode 100644 index 0000000000..b4be4c6a2a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/BUILD.bazel @@ -0,0 +1,14 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["interface.go"], + importmap = "k8s.io/kops/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface", + importpath = "github.com/aws/aws-sdk-go/service/sso/ssoiface", + visibility = ["//visibility:public"], + deps = [ + "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/aws/request:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/sso:go_default_library", + ], +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go new file mode 100644 index 0000000000..4cac247c18 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go @@ -0,0 +1,86 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package ssoiface provides an interface to enable mocking the AWS Single Sign-On service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package ssoiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/sso" +) + +// SSOAPI provides an interface to enable mocking the +// sso.SSO service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // AWS Single Sign-On. +// func myFunc(svc ssoiface.SSOAPI) bool { +// // Make svc.GetRoleCredentials request +// } +// +// func main() { +// sess := session.New() +// svc := sso.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockSSOClient struct { +// ssoiface.SSOAPI +// } +// func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockSSOClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type SSOAPI interface { + GetRoleCredentials(*sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) + GetRoleCredentialsWithContext(aws.Context, *sso.GetRoleCredentialsInput, ...request.Option) (*sso.GetRoleCredentialsOutput, error) + GetRoleCredentialsRequest(*sso.GetRoleCredentialsInput) (*request.Request, *sso.GetRoleCredentialsOutput) + + ListAccountRoles(*sso.ListAccountRolesInput) (*sso.ListAccountRolesOutput, error) + ListAccountRolesWithContext(aws.Context, *sso.ListAccountRolesInput, ...request.Option) (*sso.ListAccountRolesOutput, error) + ListAccountRolesRequest(*sso.ListAccountRolesInput) (*request.Request, *sso.ListAccountRolesOutput) + + ListAccountRolesPages(*sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool) error + ListAccountRolesPagesWithContext(aws.Context, *sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool, ...request.Option) error + + ListAccounts(*sso.ListAccountsInput) (*sso.ListAccountsOutput, error) + ListAccountsWithContext(aws.Context, *sso.ListAccountsInput, ...request.Option) (*sso.ListAccountsOutput, error) + ListAccountsRequest(*sso.ListAccountsInput) (*request.Request, *sso.ListAccountsOutput) + + ListAccountsPages(*sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool) error + ListAccountsPagesWithContext(aws.Context, *sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool, ...request.Option) error + + Logout(*sso.LogoutInput) (*sso.LogoutOutput, error) + LogoutWithContext(aws.Context, *sso.LogoutInput, ...request.Option) (*sso.LogoutOutput, error) + LogoutRequest(*sso.LogoutInput) (*request.Request, *sso.LogoutOutput) +} + +var _ SSOAPI = (*sso.SSO)(nil) diff --git a/vendor/modules.txt b/vendor/modules.txt index 96defd0668..56ac2af955 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -92,7 +92,7 @@ github.com/aws/amazon-ec2-instance-selector/v2/pkg/bytequantity github.com/aws/amazon-ec2-instance-selector/v2/pkg/cli github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector github.com/aws/amazon-ec2-instance-selector/v2/pkg/selector/outputs -# github.com/aws/aws-sdk-go v1.36.0 +# github.com/aws/aws-sdk-go v1.37.0 ## explicit github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn @@ -105,6 +105,7 @@ github.com/aws/aws-sdk-go/aws/credentials github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds github.com/aws/aws-sdk-go/aws/credentials/endpointcreds github.com/aws/aws-sdk-go/aws/credentials/processcreds +github.com/aws/aws-sdk-go/aws/credentials/ssocreds github.com/aws/aws-sdk-go/aws/credentials/stscreds github.com/aws/aws-sdk-go/aws/csm github.com/aws/aws-sdk-go/aws/defaults @@ -135,6 +136,7 @@ github.com/aws/aws-sdk-go/private/protocol/jsonrpc github.com/aws/aws-sdk-go/private/protocol/query github.com/aws/aws-sdk-go/private/protocol/query/queryutil github.com/aws/aws-sdk-go/private/protocol/rest +github.com/aws/aws-sdk-go/private/protocol/restjson github.com/aws/aws-sdk-go/private/protocol/restxml github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil github.com/aws/aws-sdk-go/service/autoscaling @@ -152,6 +154,8 @@ github.com/aws/aws-sdk-go/service/kms github.com/aws/aws-sdk-go/service/route53 github.com/aws/aws-sdk-go/service/route53/route53iface github.com/aws/aws-sdk-go/service/s3 +github.com/aws/aws-sdk-go/service/sso +github.com/aws/aws-sdk-go/service/sso/ssoiface github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface # github.com/beorn7/perks v1.0.1