From 5341595947bfba0a0b573ba7c9338fec364ed08c Mon Sep 17 00:00:00 2001 From: Joel Thompson Date: Tue, 10 Sep 2019 16:39:17 -0400 Subject: [PATCH] Bump aws-sdk-go In support of #7450 --- go.mod | 2 +- go.sum | 2 + .../aws/aws-sdk-go/aws/awserr/types.go | 2 +- .../aws/aws-sdk-go/aws/awsutil/path_value.go | 11 +- .../aws-sdk-go/aws/client/default_retryer.go | 50 +- .../aws/aws-sdk-go/aws/client/logger.go | 12 +- .../github.com/aws/aws-sdk-go/aws/config.go | 4 +- .../aws-sdk-go/aws/corehandlers/handlers.go | 60 +- .../aws-sdk-go/aws/credentials/credentials.go | 9 +- .../aws/credentials/endpointcreds/provider.go | 4 +- .../stscreds/assume_role_provider.go | 3 +- .../stscreds/web_identity_provider.go | 100 + .../github.com/aws/aws-sdk-go/aws/csm/doc.go | 65 +- .../aws/aws-sdk-go/aws/csm/enable.go | 34 +- .../aws/aws-sdk-go/aws/csm/metric_chan.go | 11 +- .../aws/aws-sdk-go/aws/csm/reporter.go | 27 +- .../aws/aws-sdk-go/aws/ec2metadata/api.go | 29 +- .../aws/aws-sdk-go/aws/ec2metadata/service.go | 4 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 1329 ++- .../aws/aws-sdk-go/aws/endpoints/endpoints.go | 7 +- .../aws/aws-sdk-go/aws/endpoints/v3model.go | 5 +- .../aws/request/connection_reset_error.go | 17 +- .../request/connection_reset_error_other.go | 11 - .../aws/aws-sdk-go/aws/request/handlers.go | 45 + .../aws-sdk-go/aws/request/offset_reader.go | 15 +- .../aws/aws-sdk-go/aws/request/request.go | 139 +- .../aws/aws-sdk-go/aws/request/request_1_8.go | 5 +- .../aws/request/request_pagination.go | 2 +- .../aws/aws-sdk-go/aws/request/retryer.go | 145 +- .../aws/aws-sdk-go/aws/session/credentials.go | 259 + .../aws/aws-sdk-go/aws/session/doc.go | 208 +- .../aws/aws-sdk-go/aws/session/env_config.go | 63 +- .../aws/aws-sdk-go/aws/session/session.go | 283 +- .../aws-sdk-go/aws/session/shared_config.go | 366 +- .../aws/aws-sdk-go/aws/signer/v4/v4.go | 20 +- vendor/github.com/aws/aws-sdk-go/aws/types.go | 20 +- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/internal/ini/ini_parser.go | 6 +- .../aws/aws-sdk-go/internal/sdkmath/floor.go | 15 + .../internal/sdkmath/floor_go1.9.go | 56 + .../private/protocol/rest/unmarshal.go | 24 +- .../private/protocol/restxml/restxml.go | 2 +- .../aws-sdk-go/private/protocol/timestamp.go | 20 +- .../aws/aws-sdk-go/service/dynamodb/api.go | 604 +- .../aws-sdk-go/service/dynamodb/doc_custom.go | 2 +- .../aws/aws-sdk-go/service/dynamodb/errors.go | 65 +- .../aws/aws-sdk-go/service/ec2/api.go | 7441 ++++++++++++++++- .../aws-sdk-go/service/ec2/customizations.go | 4 +- .../aws/aws-sdk-go/service/ec2/doc.go | 17 +- .../aws/aws-sdk-go/service/iam/api.go | 809 +- .../aws/aws-sdk-go/service/iam/errors.go | 7 + .../service/iam/iamiface/interface.go | 8 + .../aws/aws-sdk-go/service/s3/api.go | 536 +- .../aws/aws-sdk-go/service/s3/doc_custom.go | 14 + .../aws/aws-sdk-go/service/sts/api.go | 184 +- .../aws-sdk-go/service/sts/customizations.go | 11 + .../service/sts/stsiface/interface.go | 4 + 57 files changed, 11497 insertions(+), 1702 deletions(-) create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go delete mode 100644 vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go create mode 100644 vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go create mode 100644 vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go diff --git a/go.mod b/go.mod index f10a14f5f368..2ea126576703 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/armon/go-proxyproto v0.0.0-20190211145416-68259f75880e github.com/armon/go-radix v1.0.0 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf - github.com/aws/aws-sdk-go v1.19.39 + github.com/aws/aws-sdk-go v1.23.19 github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 // indirect github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect github.com/boombuler/barcode v1.0.0 // indirect diff --git a/go.sum b/go.sum index dd1be4f43cb1..b478d212ce85 100644 --- a/go.sum +++ b/go.sum @@ -61,6 +61,8 @@ github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf h1:eg0MeVzs github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.39 h1:pIez14zQWSd/TER2Scohm7aCEG2TgoyXSOX6srOKt6o= github.com/aws/aws-sdk-go v1.19.39/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.23.19 h1:QiEkjRHkDXAThgnHKSEC63JwsSjL/jfYUOA2QYFmbSw= +github.com/aws/aws-sdk-go v1.23.19/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go index a2c5817c48f1..9cf7eaf4007f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go @@ -208,7 +208,7 @@ func (e errorList) Error() string { // How do we want to handle the array size being zero if size := len(e); size > 0 { for i := 0; i < size; i++ { - msg += fmt.Sprintf("%s", e[i].Error()) + msg += e[i].Error() // We check the next index to see if it is within the slice. // If it is, then we append a newline. We do this, because unit tests // could be broken with the additional '\n' diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go index 11c52c389687..285e54d67993 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go @@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) { // SetValueAtPath sets a value at the case insensitive lexical path inside // of a structure. func SetValueAtPath(i interface{}, path string, v interface{}) { - if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil { - for _, rval := range rvals { - if rval.Kind() == reflect.Ptr && rval.IsNil() { - continue - } - setValue(rval, v) + rvals := rValuesAtPath(i, path, true, false, v == nil) + for _, rval := range rvals { + if rval.Kind() == reflect.Ptr && rval.IsNil() { + continue } + setValue(rval, v) } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go index a397b0d044c7..0680e838cde0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/default_retryer.go @@ -14,12 +14,12 @@ import ( // struct and override the specific methods. For example, to override only // the MaxRetries method: // -// type retryer struct { -// client.DefaultRetryer -// } +// type retryer struct { +// client.DefaultRetryer +// } // -// // This implementation always has 100 max retries -// func (d retryer) MaxRetries() int { return 100 } +// // This implementation always has 100 max retries +// func (d retryer) MaxRetries() int { return 100 } type DefaultRetryer struct { NumMaxRetries int } @@ -33,25 +33,28 @@ func (d DefaultRetryer) MaxRetries() int { // RetryRules returns the delay duration before retrying this request again func (d DefaultRetryer) RetryRules(r *request.Request) time.Duration { // Set the upper limit of delay in retrying at ~five minutes - minTime := 30 - throttle := d.shouldThrottle(r) - if throttle { - if delay, ok := getRetryDelay(r); ok { - return delay + var minTime int64 = 30 + var initialDelay time.Duration + + isThrottle := r.IsErrorThrottle() + if isThrottle { + if delay, ok := getRetryAfterDelay(r); ok { + initialDelay = delay } minTime = 500 } retryCount := r.RetryCount - if throttle && retryCount > 8 { + if isThrottle && retryCount > 8 { retryCount = 8 - } else if retryCount > 13 { - retryCount = 13 + } else if retryCount > 12 { + retryCount = 12 } - delay := (1 << uint(retryCount)) * (sdkrand.SeededRand.Intn(minTime) + minTime) - return time.Duration(delay) * time.Millisecond + delay := (1 << uint(retryCount)) * (sdkrand.SeededRand.Int63n(minTime) + minTime) + return (time.Duration(delay) * time.Millisecond) + initialDelay + } // ShouldRetry returns true if the request should be retried. @@ -65,26 +68,13 @@ func (d DefaultRetryer) ShouldRetry(r *request.Request) bool { if r.HTTPResponse.StatusCode >= 500 && r.HTTPResponse.StatusCode != 501 { return true } - return r.IsErrorRetryable() || d.shouldThrottle(r) -} - -// ShouldThrottle returns true if the request should be throttled. -func (d DefaultRetryer) shouldThrottle(r *request.Request) bool { - switch r.HTTPResponse.StatusCode { - case 429: - case 502: - case 503: - case 504: - default: - return r.IsErrorThrottle() - } - return true + return r.IsErrorRetryable() || r.IsErrorThrottle() } // This will look in the Retry-After header, RFC 7231, for how long // it will wait before attempting another request -func getRetryDelay(r *request.Request) (time.Duration, bool) { +func getRetryAfterDelay(r *request.Request) (time.Duration, bool) { if !canUseRetryAfterHeader(r) { return 0, false } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go index 7b5e1276acfe..8958c32d4e9f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go @@ -67,10 +67,14 @@ func logRequest(r *request.Request) { if !bodySeekable { r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body)) } - // Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's - // Body as a NoOpCloser and will not be reset after read by the HTTP - // client reader. - r.ResetBody() + // Reset the request body because dumpRequest will re-wrap the + // r.HTTPRequest's Body as a NoOpCloser and will not be reset after + // read by the HTTP client reader. + if err := r.Error; err != nil { + r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, + r.ClientInfo.ServiceName, r.Operation.Name, err)) + return + } } r.Config.Logger.Log(fmt.Sprintf(logReqMsg, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/config.go b/vendor/github.com/aws/aws-sdk-go/aws/config.go index 10634d173d31..fd1e240f6eb5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/config.go @@ -20,7 +20,7 @@ type RequestRetryer interface{} // A Config provides service configuration for service clients. By default, // all clients will use the defaults.DefaultConfig structure. // -// // Create Session with MaxRetry configuration to be shared by multiple +// // Create Session with MaxRetries configuration to be shared by multiple // // service clients. // sess := session.Must(session.NewSession(&aws.Config{ // MaxRetries: aws.Int(3), @@ -251,7 +251,7 @@ type Config struct { // NewConfig returns a new Config pointer that can be chained with builder // methods to set multiple configuration values inline without using pointers. // -// // Create Session with MaxRetry configuration to be shared by multiple +// // Create Session with MaxRetries configuration to be shared by multiple // // service clients. // sess := session.Must(session.NewSession(aws.NewConfig(). // WithMaxRetries(3), diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go index f8853d78af2b..0c60e612ea56 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go @@ -159,9 +159,9 @@ func handleSendError(r *request.Request, err error) { Body: ioutil.NopCloser(bytes.NewReader([]byte{})), } } - // Catch all other request errors. + // Catch all request errors, and let the default retrier determine + // if the error is retryable. r.Error = awserr.New("RequestError", "send request failed", err) - r.Retryable = aws.Bool(true) // network errors are retryable // Override the error with a context canceled error, if that was canceled. ctx := r.Context() @@ -184,37 +184,39 @@ var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseH // AfterRetryHandler performs final checks to determine if the request should // be retried and how long to delay. -var AfterRetryHandler = request.NamedHandler{Name: "core.AfterRetryHandler", Fn: func(r *request.Request) { - // If one of the other handlers already set the retry state - // we don't want to override it based on the service's state - if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) { - r.Retryable = aws.Bool(r.ShouldRetry(r)) - } +var AfterRetryHandler = request.NamedHandler{ + Name: "core.AfterRetryHandler", + Fn: func(r *request.Request) { + // If one of the other handlers already set the retry state + // we don't want to override it based on the service's state + if r.Retryable == nil || aws.BoolValue(r.Config.EnforceShouldRetryCheck) { + r.Retryable = aws.Bool(r.ShouldRetry(r)) + } - if r.WillRetry() { - r.RetryDelay = r.RetryRules(r) + if r.WillRetry() { + r.RetryDelay = r.RetryRules(r) - if sleepFn := r.Config.SleepDelay; sleepFn != nil { - // Support SleepDelay for backwards compatibility and testing - sleepFn(r.RetryDelay) - } else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil { - r.Error = awserr.New(request.CanceledErrorCode, - "request context canceled", err) - r.Retryable = aws.Bool(false) - return - } + if sleepFn := r.Config.SleepDelay; sleepFn != nil { + // Support SleepDelay for backwards compatibility and testing + sleepFn(r.RetryDelay) + } else if err := aws.SleepWithContext(r.Context(), r.RetryDelay); err != nil { + r.Error = awserr.New(request.CanceledErrorCode, + "request context canceled", err) + r.Retryable = aws.Bool(false) + return + } - // when the expired token exception occurs the credentials - // need to be expired locally so that the next request to - // get credentials will trigger a credentials refresh. - if r.IsErrorExpired() { - r.Config.Credentials.Expire() - } + // when the expired token exception occurs the credentials + // need to be expired locally so that the next request to + // get credentials will trigger a credentials refresh. + if r.IsErrorExpired() { + r.Config.Credentials.Expire() + } - r.RetryCount++ - r.Error = nil - } -}} + r.RetryCount++ + r.Error = nil + } + }} // ValidateEndpointHandler is a request handler to validate a request had the // appropriate Region and Endpoint set. Will set r.Error if the endpoint or diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go index 894bbc7f82c3..4af592158144 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go @@ -50,9 +50,10 @@ package credentials import ( "fmt" - "github.com/aws/aws-sdk-go/aws/awserr" "sync" "time" + + "github.com/aws/aws-sdk-go/aws/awserr" ) // AnonymousCredentials is an empty Credential object that can be used as @@ -83,6 +84,12 @@ type Value struct { ProviderName string } +// HasKeys returns if the credentials Value has both AccessKeyID and +// SecretAccessKey value set. +func (v Value) HasKeys() bool { + return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0 +} + // A Provider is the interface for any component which will provide credentials // Value. A provider is required to manage its own Expired state, and what to // be expired means. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index c2b2c5d65c39..1a7af53a4da1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -98,8 +98,8 @@ func NewProviderClient(cfg aws.Config, handlers request.Handlers, endpoint strin return p } -// NewCredentialsClient returns a Credentials wrapper for retrieving credentials -// from an arbitrary endpoint concurrently. The client will request the +// NewCredentialsClient returns a pointer to a new Credentials object +// wrapping the endpoint credentials Provider. func NewCredentialsClient(cfg aws.Config, handlers request.Handlers, endpoint string, options ...func(*Provider)) *credentials.Credentials { return credentials.NewCredentials(NewProviderClient(cfg, handlers, endpoint, options...)) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index b6dbfd2467de..2e528d130d49 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -200,7 +200,7 @@ type AssumeRoleProvider struct { // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must // have a value between 0 and 1. Any other value may lead to expected behavior. // With a MaxJitterFrac value of 0, default) will no jitter will be used. - // + // // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the // AssumeRole call will be made with an arbitrary Duration between 27m and // 30m. @@ -258,7 +258,6 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(* // Retrieve generates a new set of temporary credentials using STS. func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { - // Apply defaults where parameters are not set. if p.RoleSessionName == "" { // Try to work out a role name that will hopefully end up unique. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go new file mode 100644 index 000000000000..b20b63394847 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go @@ -0,0 +1,100 @@ +package stscreds + +import ( + "fmt" + "io/ioutil" + "strconv" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/aws/aws-sdk-go/service/sts/stsiface" +) + +const ( + // ErrCodeWebIdentity will be used as an error code when constructing + // a new error to be returned during session creation or retrieval. + ErrCodeWebIdentity = "WebIdentityErr" + + // WebIdentityProviderName is the web identity provider name + WebIdentityProviderName = "WebIdentityCredentials" +) + +// now is used to return a time.Time object representing +// the current time. This can be used to easily test and +// compare test values. +var now = time.Now + +// WebIdentityRoleProvider is used to retrieve credentials using +// an OIDC token. +type WebIdentityRoleProvider struct { + credentials.Expiry + + client stsiface.STSAPI + ExpiryWindow time.Duration + + tokenFilePath string + roleARN string + roleSessionName string +} + +// NewWebIdentityCredentials will return a new set of credentials with a given +// configuration, role arn, and token file path. +func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials { + svc := sts.New(c) + p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path) + return credentials.NewCredentials(p) +} + +// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the +// provided stsiface.STSAPI +func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider { + return &WebIdentityRoleProvider{ + client: svc, + tokenFilePath: path, + roleARN: roleARN, + roleSessionName: roleSessionName, + } +} + +// Retrieve will attempt to assume a role from a token which is located at +// 'WebIdentityTokenFilePath' specified destination and if that is empty an +// error will be returned. +func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) { + b, err := ioutil.ReadFile(p.tokenFilePath) + if err != nil { + errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath) + return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err) + } + + sessionName := p.roleSessionName + if len(sessionName) == 0 { + // session name is used to uniquely identify a session. This simply + // uses unix time in nanoseconds to uniquely identify sessions. + sessionName = strconv.FormatInt(now().UnixNano(), 10) + } + req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{ + RoleArn: &p.roleARN, + RoleSessionName: &sessionName, + WebIdentityToken: aws.String(string(b)), + }) + // InvalidIdentityToken error is a temporary error that can occur + // when assuming an Role with a JWT web identity token. + req.RetryErrorCodes = append(req.RetryErrorCodes, sts.ErrCodeInvalidIdentityTokenException) + if err := req.Send(); err != nil { + return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err) + } + + p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow) + + value := credentials.Value{ + AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId), + SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey), + SessionToken: aws.StringValue(resp.Credentials.SessionToken), + ProviderName: WebIdentityProviderName, + } + return value, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go index 152d785b362b..25a66d1dda22 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go @@ -1,30 +1,61 @@ -// Package csm provides Client Side Monitoring (CSM) which enables sending metrics -// via UDP connection. Using the Start function will enable the reporting of -// metrics on a given port. If Start is called, with different parameters, again, -// a panic will occur. +// Package csm provides the Client Side Monitoring (CSM) client which enables +// sending metrics via UDP connection to the CSM agent. This package provides +// control options, and configuration for the CSM client. The client can be +// controlled manually, or automatically via the SDK's Session configuration. // -// Pause can be called to pause any metrics publishing on a given port. Sessions -// that have had their handlers modified via InjectHandlers may still be used. -// However, the handlers will act as a no-op meaning no metrics will be published. +// Enabling CSM client via SDK's Session configuration +// +// The CSM client can be enabled automatically via SDK's Session configuration. +// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT +// environment variable is set to a non-empty value. +// +// The configuration options for the CSM client via the SDK's session +// configuration are: +// +// * AWS_CSM_PORT= +// The port number the CSM agent will receive metrics on. +// +// * AWS_CSM_HOST= +// The hostname, or IP address the CSM agent will receive metrics on. +// Without port number. +// +// Manually enabling the CSM client +// +// The CSM client can be started, paused, and resumed manually. The Start +// function will enable the CSM client to publish metrics to the CSM agent. It +// is safe to call Start concurrently, but if Start is called additional times +// with different ClientID or address it will panic. // -// Example: // r, err := csm.Start("clientID", ":31000") // if err != nil { // panic(fmt.Errorf("failed starting CSM: %v", err)) // } // +// When controlling the CSM client manually, you must also inject its request +// handlers into the SDK's Session configuration for the SDK's API clients to +// publish metrics. +// // sess, err := session.NewSession(&aws.Config{}) // if err != nil { // panic(fmt.Errorf("failed loading session: %v", err)) // } // +// // Add CSM client's metric publishing request handlers to the SDK's +// // Session Configuration. // r.InjectHandlers(&sess.Handlers) // -// client := s3.New(sess) -// resp, err := client.GetObject(&s3.GetObjectInput{ -// Bucket: aws.String("bucket"), -// Key: aws.String("key"), -// }) +// Controlling CSM client +// +// Once the CSM client has been enabled the Get function will return a Reporter +// value that you can use to pause and resume the metrics published to the CSM +// agent. If Get function is called before the reporter is enabled with the +// Start function or via SDK's Session configuration nil will be returned. +// +// The Pause method can be called to stop the CSM client publishing metrics to +// the CSM agent. The Continue method will resume metric publishing. +// +// // Get the CSM client Reporter. +// r := csm.Get() // // // Will pause monitoring // r.Pause() @@ -35,12 +66,4 @@ // // // Resume monitoring // r.Continue() -// -// Start returns a Reporter that is used to enable or disable monitoring. If -// access to the Reporter is required later, calling Get will return the Reporter -// singleton. -// -// Example: -// r := csm.Get() -// r.Continue() package csm diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go index 2f0c6eac9a80..4b19e2800e3c 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go @@ -2,6 +2,7 @@ package csm import ( "fmt" + "strings" "sync" ) @@ -9,19 +10,40 @@ var ( lock sync.Mutex ) -// Client side metric handler names const ( - APICallMetricHandlerName = "awscsm.SendAPICallMetric" - APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" + // DefaultPort is used when no port is specified. + DefaultPort = "31000" + + // DefaultHost is the host that will be used when none is specified. + DefaultHost = "127.0.0.1" ) -// Start will start the a long running go routine to capture +// AddressWithDefaults returns a CSM address built from the host and port +// values. If the host or port is not set, default values will be used +// instead. If host is "localhost" it will be replaced with "127.0.0.1". +func AddressWithDefaults(host, port string) string { + if len(host) == 0 || strings.EqualFold(host, "localhost") { + host = DefaultHost + } + + if len(port) == 0 { + port = DefaultPort + } + + // Only IP6 host can contain a colon + if strings.Contains(host, ":") { + return "[" + host + "]:" + port + } + + return host + ":" + port +} + +// Start will start a long running go routine to capture // client side metrics. Calling start multiple time will only // start the metric listener once and will panic if a different // client ID or port is passed in. // -// Example: -// r, err := csm.Start("clientID", "127.0.0.1:8094") +// r, err := csm.Start("clientID", "127.0.0.1:31000") // if err != nil { // panic(fmt.Errorf("expected no error, but received %v", err)) // } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go index 514fc3739a5f..82a3e345e936 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/metric_chan.go @@ -16,25 +16,26 @@ var ( type metricChan struct { ch chan metric - paused int64 + paused *int64 } func newMetricChan(size int) metricChan { return metricChan{ - ch: make(chan metric, size), + ch: make(chan metric, size), + paused: new(int64), } } func (ch *metricChan) Pause() { - atomic.StoreInt64(&ch.paused, pausedEnum) + atomic.StoreInt64(ch.paused, pausedEnum) } func (ch *metricChan) Continue() { - atomic.StoreInt64(&ch.paused, runningEnum) + atomic.StoreInt64(ch.paused, runningEnum) } func (ch *metricChan) IsPaused() bool { - v := atomic.LoadInt64(&ch.paused) + v := atomic.LoadInt64(ch.paused) return v == pausedEnum } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index d9aa5b062a40..c7008d8c3fc4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go @@ -10,11 +10,6 @@ import ( "github.com/aws/aws-sdk-go/aws/request" ) -const ( - // DefaultPort is used when no port is specified - DefaultPort = "31000" -) - // Reporter will gather metrics of API requests made and // send those metrics to the CSM endpoint. type Reporter struct { @@ -123,7 +118,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) { Type: aws.String("ApiCall"), AttemptCount: aws.Int(r.RetryCount + 1), Region: r.Config.Region, - Latency: aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)), + Latency: aws.Int(int(time.Since(r.Time) / time.Millisecond)), XAmzRequestID: aws.String(r.RequestID), MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())), } @@ -190,8 +185,9 @@ func (rep *Reporter) start() { } } -// Pause will pause the metric channel preventing any new metrics from -// being added. +// Pause will pause the metric channel preventing any new metrics from being +// added. It is safe to call concurrently with other calls to Pause, but if +// called concurently with Continue can lead to unexpected state. func (rep *Reporter) Pause() { lock.Lock() defer lock.Unlock() @@ -203,8 +199,9 @@ func (rep *Reporter) Pause() { rep.close() } -// Continue will reopen the metric channel and allow for monitoring -// to be resumed. +// Continue will reopen the metric channel and allow for monitoring to be +// resumed. It is safe to call concurrently with other calls to Continue, but +// if called concurently with Pause can lead to unexpected state. func (rep *Reporter) Continue() { lock.Lock() defer lock.Unlock() @@ -219,10 +216,18 @@ func (rep *Reporter) Continue() { rep.metricsCh.Continue() } +// Client side metric handler names +const ( + APICallMetricHandlerName = "awscsm.SendAPICallMetric" + APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" +) + // InjectHandlers will will enable client side metrics and inject the proper // handlers to handle how metrics are sent. // -// Example: +// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers +// multiple times may lead to unexpected behavior, (e.g. duplicate metrics). +// // // Start must be called in order to inject the correct handlers // r, err := csm.Start("clientID", "127.0.0.1:8094") // if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go index 2c8d5f56d0e2..d126764ce4e3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go @@ -152,18 +152,19 @@ type EC2IAMInfo struct { // An EC2InstanceIdentityDocument provides the shape for unmarshaling // an instance identity document type EC2InstanceIdentityDocument struct { - DevpayProductCodes []string `json:"devpayProductCodes"` - AvailabilityZone string `json:"availabilityZone"` - PrivateIP string `json:"privateIp"` - Version string `json:"version"` - Region string `json:"region"` - InstanceID string `json:"instanceId"` - BillingProducts []string `json:"billingProducts"` - InstanceType string `json:"instanceType"` - AccountID string `json:"accountId"` - PendingTime time.Time `json:"pendingTime"` - ImageID string `json:"imageId"` - KernelID string `json:"kernelId"` - RamdiskID string `json:"ramdiskId"` - Architecture string `json:"architecture"` + DevpayProductCodes []string `json:"devpayProductCodes"` + MarketplaceProductCodes []string `json:"marketplaceProductCodes"` + AvailabilityZone string `json:"availabilityZone"` + PrivateIP string `json:"privateIp"` + Version string `json:"version"` + Region string `json:"region"` + InstanceID string `json:"instanceId"` + BillingProducts []string `json:"billingProducts"` + InstanceType string `json:"instanceType"` + AccountID string `json:"accountId"` + PendingTime time.Time `json:"pendingTime"` + ImageID string `json:"imageId"` + KernelID string `json:"kernelId"` + RamdiskID string `json:"ramdiskId"` + Architecture string `json:"architecture"` } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index f0c1d31e756a..4c5636e35005 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -123,7 +123,7 @@ func unmarshalHandler(r *request.Request) { defer r.HTTPResponse.Body.Close() b := &bytes.Buffer{} if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata respose", err) + r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata response", err) return } @@ -136,7 +136,7 @@ func unmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() b := &bytes.Buffer{} if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { - r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error respose", err) + r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error response", err) return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 14e32bc42e73..d7d98807c139 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -11,6 +11,8 @@ const ( AwsPartitionID = "aws" // AWS Standard partition. AwsCnPartitionID = "aws-cn" // AWS China partition. AwsUsGovPartitionID = "aws-us-gov" // AWS GovCloud (US) partition. + AwsIsoPartitionID = "aws-iso" // AWS ISO (US) partition. + AwsIsoBPartitionID = "aws-iso-b" // AWS ISOB (US) partition. ) // AWS Standard partition's regions. @@ -27,6 +29,7 @@ const ( EuWest1RegionID = "eu-west-1" // EU (Ireland). EuWest2RegionID = "eu-west-2" // EU (London). EuWest3RegionID = "eu-west-3" // EU (Paris). + MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). UsEast1RegionID = "us-east-1" // US East (N. Virginia). UsEast2RegionID = "us-east-2" // US East (Ohio). @@ -46,8 +49,18 @@ const ( UsGovWest1RegionID = "us-gov-west-1" // AWS GovCloud (US). ) +// AWS ISO (US) partition's regions. +const ( + UsIsoEast1RegionID = "us-iso-east-1" // US ISO East. +) + +// AWS ISOB (US) partition's regions. +const ( + UsIsobEast1RegionID = "us-isob-east-1" // US ISOB East (Ohio). +) + // DefaultResolver returns an Endpoint resolver that will be able -// to resolve endpoints for: AWS Standard, AWS China, and AWS GovCloud (US). +// to resolve endpoints for: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). // // Use DefaultPartitions() to get the list of the default partitions. func DefaultResolver() Resolver { @@ -55,7 +68,7 @@ func DefaultResolver() Resolver { } // DefaultPartitions returns a list of the partitions the SDK is bundled -// with. The available partitions are: AWS Standard, AWS China, and AWS GovCloud (US). +// with. The available partitions are: AWS Standard, AWS China, AWS GovCloud (US), AWS ISO (US), and AWS ISOB (US). // // partitions := endpoints.DefaultPartitions // for _, p := range partitions { @@ -69,6 +82,8 @@ var defaultPartitions = partitions{ awsPartition, awscnPartition, awsusgovPartition, + awsisoPartition, + awsisobPartition, } // AwsPartition returns the Resolver for AWS Standard. @@ -82,7 +97,7 @@ var awsPartition = partition{ DNSSuffix: "amazonaws.com", RegionRegex: regionRegex{ Regexp: func() *regexp.Regexp { - reg, _ := regexp.Compile("^(us|eu|ap|sa|ca)\\-\\w+\\-\\d+$") + reg, _ := regexp.Compile("^(us|eu|ap|sa|ca|me)\\-\\w+\\-\\d+$") return reg }(), }, @@ -128,6 +143,9 @@ var awsPartition = partition{ "eu-west-3": region{ Description: "EU (Paris)", }, + "me-south-1": region{ + Description: "Middle East (Bahrain)", + }, "sa-east-1": region{ Description: "South America (Sao Paulo)", }, @@ -166,6 +184,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -178,6 +197,7 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -270,6 +290,12 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + "me-south-1": endpoint{ + Hostname: "api.ecr.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, "sa-east-1": endpoint{ Hostname: "api.ecr.sa-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -308,6 +334,7 @@ var awsPartition = partition{ "ap-northeast-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-west-2": endpoint{}, @@ -327,6 +354,7 @@ var awsPartition = partition{ "api.sagemaker": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -334,8 +362,11 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ Hostname: "api-fips.sagemaker.us-east-1.amazonaws.com", @@ -381,6 +412,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -409,6 +441,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -478,6 +511,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -502,6 +536,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -533,9 +568,27 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "backup": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "batch": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -547,6 +600,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -638,6 +692,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -693,6 +748,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -729,6 +785,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -739,6 +796,7 @@ var awsPartition = partition{ "codebuild": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -750,6 +808,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ @@ -791,6 +850,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -822,6 +882,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ @@ -863,6 +924,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -959,10 +1021,13 @@ var awsPartition = partition{ "comprehendmedical": service{ Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "config": service{ @@ -980,6 +1045,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1025,10 +1091,35 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "fips-us-east-1": endpoint{ + Hostname: "datasync-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "fips-us-east-2": endpoint{ + Hostname: "datasync-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "fips-us-west-1": endpoint{ + Hostname: "datasync-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "fips-us-west-2": endpoint{ + Hostname: "datasync-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + "me-south-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "dax": service{ @@ -1056,6 +1147,7 @@ var awsPartition = partition{ "directconnect": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1067,6 +1159,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1095,6 +1188,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1117,6 +1211,12 @@ var awsPartition = partition{ Region: "ap-northeast-2", }, }, + "ap-southeast-2": endpoint{ + Hostname: "rds.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, "eu-central-1": endpoint{ Hostname: "rds.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ @@ -1129,6 +1229,12 @@ var awsPartition = partition{ Region: "eu-west-1", }, }, + "eu-west-2": endpoint{ + Hostname: "rds.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, "us-east-1": endpoint{ Hostname: "rds.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -1159,6 +1265,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "sa-east-1": endpoint{}, @@ -1180,11 +1287,17 @@ var awsPartition = partition{ "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, + "ca-central-1-fips": endpoint{ + Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "local": endpoint{ Hostname: "localhost:8000", Protocols: []string{"http"}, @@ -1192,11 +1305,36 @@ var awsPartition = partition{ Region: "us-east-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "dynamodb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "dynamodb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "dynamodb-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "dynamodb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "ec2": service{ @@ -1216,6 +1354,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1249,6 +1388,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1277,11 +1417,12 @@ var awsPartition = partition{ Region: "us-west-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "elasticbeanstalk": service{ @@ -1299,6 +1440,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1311,12 +1453,14 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1340,6 +1484,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1367,6 +1512,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{ SSLCommonName: "{service}.{region}.{dnsSuffix}", @@ -1431,11 +1577,12 @@ var awsPartition = partition{ Region: "us-west-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "events": service{ @@ -1453,6 +1600,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1463,6 +1611,7 @@ var awsPartition = partition{ "firehose": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1503,10 +1652,15 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1546,6 +1700,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1556,6 +1711,7 @@ var awsPartition = partition{ "glue": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1563,9 +1719,12 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1579,19 +1738,32 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, + "groundstation": service{ + + Endpoints: endpoints{ + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "guardduty": service{ IsRegionalized: boxedTrue, Defaults: endpoint{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1605,9 +1777,33 @@ var awsPartition = partition{ "eu-west-3": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "guardduty-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "guardduty-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "guardduty-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "guardduty-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "health": service{ @@ -1652,7 +1848,9 @@ var awsPartition = partition{ "ap-south-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -1671,11 +1869,16 @@ var awsPartition = partition{ "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1690,56 +1893,139 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, - "kafka": service{ + "iotevents": service{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, - "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, - "kinesis": service{ + "ioteventsdata": service{ Endpoints: endpoints{ - "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{ + Hostname: "data.iotevents.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + "ap-southeast-2": endpoint{ + Hostname: "data.iotevents.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + "eu-central-1": endpoint{ + Hostname: "data.iotevents.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + "eu-west-1": endpoint{ + Hostname: "data.iotevents.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + "us-east-1": endpoint{ + Hostname: "data.iotevents.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-east-2": endpoint{ + Hostname: "data.iotevents.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "us-west-2": endpoint{ + Hostname: "data.iotevents.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + }, + }, + "iotthingsgraph": service{ + Defaults: endpoint{ + CredentialScope: credentialScope{ + Service: "iotthingsgraph", + }, + }, + Endpoints: endpoints{ "ap-northeast-1": endpoint{}, - "ap-northeast-2": endpoint{}, - "ap-south-1": endpoint{}, - "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, - "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, - "kinesisanalytics": service{ + "kafka": service{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, - "kinesisvideo": service{ + "kinesis": service{ + + Endpoints: endpoints{ + "ap-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "kinesisanalytics": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "kinesisvideo": service{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, @@ -1753,12 +2039,6 @@ var awsPartition = partition{ "kms": service{ Endpoints: endpoints{ - "ProdFips": endpoint{ - Hostname: "kms-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, - }, "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, @@ -1771,6 +2051,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1778,6 +2059,16 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "lakeformation": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "lambda": service{ Endpoints: endpoints{ @@ -1793,6 +2084,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1803,6 +2095,7 @@ var awsPartition = partition{ "license-manager": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1814,6 +2107,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1854,6 +2148,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1883,6 +2178,7 @@ var awsPartition = partition{ "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -1922,6 +2218,7 @@ var awsPartition = partition{ "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, @@ -1977,6 +2274,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2025,6 +2323,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2037,11 +2336,14 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -2097,6 +2399,12 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + "eu-north-1": endpoint{ + Hostname: "rds.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, "eu-west-1": endpoint{ Hostname: "rds.eu-west-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2224,6 +2532,16 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "qldb": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "ram": service{ Endpoints: endpoints{ @@ -2234,6 +2552,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2258,6 +2577,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{ SSLCommonName: "{service}.{dnsSuffix}", @@ -2282,6 +2602,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2295,10 +2616,14 @@ var awsPartition = partition{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -2317,6 +2642,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2328,8 +2654,11 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, + "us-east-2": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -2388,6 +2717,7 @@ var awsPartition = partition{ "runtime.sagemaker": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2395,12 +2725,39 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "s3": service{ @@ -2436,8 +2793,9 @@ var awsPartition = partition{ Hostname: "s3.eu-west-1.amazonaws.com", SignatureVersions: []string{"s3", "s3v4"}, }, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "s3-external-1": endpoint{ Hostname: "s3-external-1.amazonaws.com", SignatureVersions: []string{"s3", "s3v4"}, @@ -2681,6 +3039,7 @@ var awsPartition = partition{ "securityhub": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2688,6 +3047,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2818,6 +3178,16 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "session.qldb": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "shield": service{ IsRegionalized: boxedFalse, Defaults: endpoint{ @@ -2831,6 +3201,7 @@ var awsPartition = partition{ "sms": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2842,6 +3213,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2853,6 +3225,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -2885,6 +3258,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2934,7 +3308,8 @@ var awsPartition = partition{ Region: "us-west-2", }, }, - "sa-east-1": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{ SSLCommonName: "queue.{dnsSuffix}", }, @@ -2958,6 +3333,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2980,6 +3356,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -2990,6 +3367,7 @@ var awsPartition = partition{ "storagegateway": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3001,6 +3379,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -3022,11 +3401,17 @@ var awsPartition = partition{ "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, - "eu-central-1": endpoint{}, - "eu-north-1": endpoint{}, - "eu-west-1": endpoint{}, - "eu-west-2": endpoint{}, - "eu-west-3": endpoint{}, + "ca-central-1-fips": endpoint{ + Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "local": endpoint{ Hostname: "localhost:8000", Protocols: []string{"http"}, @@ -3034,11 +3419,36 @@ var awsPartition = partition{ Region: "us-east-1", }, }, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, + "me-south-1": endpoint{}, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-1-fips": endpoint{ + Hostname: "dynamodb-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, "us-east-2": endpoint{}, + "us-east-2-fips": endpoint{ + Hostname: "dynamodb-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, "us-west-1": endpoint{}, + "us-west-1-fips": endpoint{ + Hostname: "dynamodb-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, "us-west-2": endpoint{}, + "us-west-2-fips": endpoint{ + Hostname: "dynamodb-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "sts": service{ @@ -3073,8 +3483,14 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, - "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, + "me-south-1": endpoint{ + Hostname: "sts.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + "sa-east-1": endpoint{}, + "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ Hostname: "sts-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -3105,9 +3521,15 @@ var awsPartition = partition{ }, }, "support": service{ + PartitionEndpoint: "aws-global", Endpoints: endpoints{ - "us-east-1": endpoint{}, + "aws-global": endpoint{ + Hostname: "support.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, }, }, "swf": service{ @@ -3125,6 +3547,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -3147,6 +3570,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -3164,9 +3588,11 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -3226,12 +3652,16 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, @@ -3278,6 +3708,7 @@ var awsPartition = partition{ "xray": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3289,6 +3720,7 @@ var awsPartition = partition{ "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -3554,6 +3986,15 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "greengrass": service{ + IsRegionalized: boxedTrue, + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + }, + }, "iam": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -3574,7 +4015,8 @@ var awscnPartition = partition{ }, }, Endpoints: endpoints{ - "cn-north-1": endpoint{}, + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, }, }, "kinesis": service{ @@ -3584,6 +4026,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "kms": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "lambda": service{ Endpoints: endpoints{ @@ -3591,6 +4040,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "license-manager": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "logs": service{ Endpoints: endpoints{ @@ -3741,6 +4197,18 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "support": service{ + PartitionEndpoint: "aws-cn-global", + + Endpoints: endpoints{ + "aws-cn-global": endpoint{ + Hostname: "support.cn-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + }, + }, "swf": service{ Endpoints: endpoints{ @@ -3898,9 +4366,17 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "codebuild": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "codecommit": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -3938,6 +4414,18 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "datasync": service{ + + Endpoints: endpoints{ + "fips-us-gov-west-1": endpoint{ + Hostname: "datasync-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-west-1": endpoint{}, + }, + }, "directconnect": service{ Endpoints: endpoints{ @@ -3963,6 +4451,12 @@ var awsusgovPartition = partition{ Endpoints: endpoints{ "us-gov-east-1": endpoint{}, + "us-gov-east-1-fips": endpoint{ + Hostname: "dynamodb.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, "us-gov-west-1": endpoint{}, "us-gov-west-1-fips": endpoint{ Hostname: "dynamodb.us-gov-west-1.amazonaws.com", @@ -4064,6 +4558,7 @@ var awsusgovPartition = partition{ "firehose": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -4079,10 +4574,11 @@ var awsusgovPartition = partition{ "glue": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, - "guardduty": service{ + "greengrass": service{ IsRegionalized: boxedTrue, Defaults: endpoint{ Protocols: []string{"https"}, @@ -4091,10 +4587,26 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, - "iam": service{ - PartitionEndpoint: "aws-us-gov-global", - IsRegionalized: boxedFalse, - + "guardduty": service{ + IsRegionalized: boxedTrue, + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + }, + }, + "health": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, + "iam": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + Endpoints: endpoints{ "aws-us-gov-global": endpoint{ Hostname: "iam.us-gov.amazonaws.com", @@ -4175,6 +4687,7 @@ var awsusgovPartition = partition{ }, }, Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -4185,6 +4698,23 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "neptune": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{ + Hostname: "rds.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "us-gov-west-1": endpoint{ + Hostname: "rds.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, "organizations": service{ PartitionEndpoint: "aws-us-gov-global", IsRegionalized: boxedFalse, @@ -4204,6 +4734,13 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "ram": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "rds": service{ Endpoints: endpoints{ @@ -4224,6 +4761,19 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "route53": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-us-gov-global": endpoint{ + Hostname: "route53.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, "runtime.sagemaker": service{ Endpoints: endpoints{ @@ -4287,6 +4837,31 @@ var awsusgovPartition = partition{ }, }, }, + "secretsmanager": service{ + + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + "us-gov-west-1-fips": endpoint{ + Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, + "serverlessrepo": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "us-gov-east-1": endpoint{ + Protocols: []string{"https"}, + }, + "us-gov-west-1": endpoint{ + Protocols: []string{"https"}, + }, + }, + }, "sms": service{ Endpoints: endpoints{ @@ -4348,6 +4923,12 @@ var awsusgovPartition = partition{ }, Endpoints: endpoints{ "us-gov-east-1": endpoint{}, + "us-gov-east-1-fips": endpoint{ + Hostname: "dynamodb.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, "us-gov-west-1": endpoint{}, "us-gov-west-1-fips": endpoint{ Hostname: "dynamodb.us-gov-west-1.amazonaws.com", @@ -4406,3 +4987,599 @@ var awsusgovPartition = partition{ }, }, } + +// AwsIsoPartition returns the Resolver for AWS ISO (US). +func AwsIsoPartition() Partition { + return awsisoPartition.Partition() +} + +var awsisoPartition = partition{ + ID: "aws-iso", + Name: "AWS ISO (US)", + DNSSuffix: "c2s.ic.gov", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-iso\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + Regions: regions{ + "us-iso-east-1": region{ + Description: "US ISO East", + }, + }, + Services: services{ + "api.ecr": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Hostname: "api.ecr.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + }, + }, + "application-autoscaling": service{ + Defaults: endpoint{ + Hostname: "autoscaling.{region}.amazonaws.com", + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "application-autoscaling", + }, + }, + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "autoscaling": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "cloudformation": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "cloudtrail": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "codedeploy": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "config": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "datapipeline": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "directconnect": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "dms": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "ds": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "dynamodb": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "ec2": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "ec2metadata": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-global": endpoint{ + Hostname: "169.254.169.254/latest", + Protocols: []string{"http"}, + }, + }, + }, + "ecs": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "elasticache": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "elasticloadbalancing": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "elasticmapreduce": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"https"}, + }, + }, + }, + "events": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "glacier": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "health": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "iam": service{ + PartitionEndpoint: "aws-iso-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-iso-global": endpoint{ + Hostname: "iam.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + }, + }, + "kinesis": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "kms": service{ + + Endpoints: endpoints{ + "ProdFips": endpoint{ + Hostname: "kms-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + "us-iso-east-1": endpoint{}, + }, + }, + "lambda": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "logs": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "monitoring": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "rds": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "redshift": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "s3": service{ + Defaults: endpoint{ + SignatureVersions: []string{"s3v4"}, + }, + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + }, + }, + "snowball": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "sns": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "sqs": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "states": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "streams.dynamodb": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "dynamodb", + }, + }, + Endpoints: endpoints{ + "us-iso-east-1": endpoint{ + Protocols: []string{"http", "https"}, + }, + }, + }, + "sts": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "support": service{ + PartitionEndpoint: "aws-iso-global", + + Endpoints: endpoints{ + "aws-iso-global": endpoint{ + Hostname: "support.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + }, + }, + }, + "swf": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + "workspaces": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, + }, +} + +// AwsIsoBPartition returns the Resolver for AWS ISOB (US). +func AwsIsoBPartition() Partition { + return awsisobPartition.Partition() +} + +var awsisobPartition = partition{ + ID: "aws-iso-b", + Name: "AWS ISOB (US)", + DNSSuffix: "sc2s.sgov.gov", + RegionRegex: regionRegex{ + Regexp: func() *regexp.Regexp { + reg, _ := regexp.Compile("^us\\-isob\\-\\w+\\-\\d+$") + return reg + }(), + }, + Defaults: endpoint{ + Hostname: "{service}.{region}.{dnsSuffix}", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + Regions: regions{ + "us-isob-east-1": region{ + Description: "US ISOB East (Ohio)", + }, + }, + Services: services{ + "application-autoscaling": service{ + Defaults: endpoint{ + Hostname: "autoscaling.{region}.amazonaws.com", + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "application-autoscaling", + }, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "autoscaling": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "cloudformation": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "cloudtrail": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "config": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "directconnect": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "dms": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "dynamodb": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "ec2": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "ec2metadata": service{ + PartitionEndpoint: "aws-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-global": endpoint{ + Hostname: "169.254.169.254/latest", + Protocols: []string{"http"}, + }, + }, + }, + "elasticache": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "elasticloadbalancing": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{ + Protocols: []string{"https"}, + }, + }, + }, + "elasticmapreduce": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "events": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "glacier": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "health": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "iam": service{ + PartitionEndpoint: "aws-iso-b-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-iso-b-global": endpoint{ + Hostname: "iam.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + }, + }, + "kinesis": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "kms": service{ + + Endpoints: endpoints{ + "ProdFips": endpoint{ + Hostname: "kms-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + "us-isob-east-1": endpoint{}, + }, + }, + "logs": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "monitoring": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "rds": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "redshift": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "s3": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + SignatureVersions: []string{"s3v4"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "snowball": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "sns": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "sqs": service{ + Defaults: endpoint{ + SSLCommonName: "{region}.queue.{dnsSuffix}", + Protocols: []string{"http", "https"}, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "states": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "streams.dynamodb": service{ + Defaults: endpoint{ + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Service: "dynamodb", + }, + }, + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "sts": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + "support": service{ + PartitionEndpoint: "aws-iso-b-global", + + Endpoints: endpoints{ + "aws-iso-b-global": endpoint{ + Hostname: "support.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + }, + }, + }, + "swf": service{ + + Endpoints: endpoints{ + "us-isob-east-1": endpoint{}, + }, + }, + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go index f82babf6f95f..9c936be6cf94 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go @@ -170,10 +170,13 @@ func PartitionForRegion(ps []Partition, regionID string) (Partition, bool) { // A Partition provides the ability to enumerate the partition's regions // and services. type Partition struct { - id string - p *partition + id, dnsSuffix string + p *partition } +// DNSSuffix returns the base domain name of the partition. +func (p Partition) DNSSuffix() string { return p.dnsSuffix } + // ID returns the identifier of the partition. func (p Partition) ID() string { return p.id } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go index ff6f76db6eba..523ad79ac0ac 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go @@ -54,8 +54,9 @@ type partition struct { func (p partition) Partition() Partition { return Partition{ - id: p.ID, - p: &p, + dnsSuffix: p.DNSSuffix, + id: p.ID, + p: &p, } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go index 271da432ce17..d9b37f4d32ad 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go @@ -1,18 +1,17 @@ -// +build !appengine,!plan9 - package request import ( - "net" - "os" - "syscall" + "strings" ) func isErrConnectionReset(err error) bool { - if opErr, ok := err.(*net.OpError); ok { - if sysErr, ok := opErr.Err.(*os.SyscallError); ok { - return sysErr.Err == syscall.ECONNRESET - } + if strings.Contains(err.Error(), "read: connection reset") { + return false + } + + if strings.Contains(err.Error(), "connection reset") || + strings.Contains(err.Error(), "broken pipe") { + return true } return false diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go deleted file mode 100644 index daf9eca43734..000000000000 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go +++ /dev/null @@ -1,11 +0,0 @@ -// +build appengine plan9 - -package request - -import ( - "strings" -) - -func isErrConnectionReset(err error) bool { - return strings.Contains(err.Error(), "connection reset") -} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go index 8ef8548a96d8..627ec722c051 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go @@ -59,6 +59,51 @@ func (h *Handlers) Clear() { h.Complete.Clear() } +// IsEmpty returns if there are no handlers in any of the handlerlists. +func (h *Handlers) IsEmpty() bool { + if h.Validate.Len() != 0 { + return false + } + if h.Build.Len() != 0 { + return false + } + if h.Send.Len() != 0 { + return false + } + if h.Sign.Len() != 0 { + return false + } + if h.Unmarshal.Len() != 0 { + return false + } + if h.UnmarshalStream.Len() != 0 { + return false + } + if h.UnmarshalMeta.Len() != 0 { + return false + } + if h.UnmarshalError.Len() != 0 { + return false + } + if h.ValidateResponse.Len() != 0 { + return false + } + if h.Retry.Len() != 0 { + return false + } + if h.AfterRetry.Len() != 0 { + return false + } + if h.CompleteAttempt.Len() != 0 { + return false + } + if h.Complete.Len() != 0 { + return false + } + + return true +} + // A HandlerListRunItem represents an entry in the HandlerList which // is being run. type HandlerListRunItem struct { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go index b0c2ef4fe677..9370fa50c382 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go @@ -15,12 +15,15 @@ type offsetReader struct { closed bool } -func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader { +func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) { reader := &offsetReader{} - buf.Seek(offset, sdkio.SeekStart) + _, err := buf.Seek(offset, sdkio.SeekStart) + if err != nil { + return nil, err + } reader.buf = buf - return reader + return reader, nil } // Close will close the instance of the offset reader's access to @@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) { // CloseAndCopy will return a new offsetReader with a copy of the old buffer // and close the old buffer. -func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader { - o.Close() +func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) { + if err := o.Close(); err != nil { + return nil, err + } return newOffsetReader(o.buf, offset) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 19da3fcd826b..8e332cce6a6e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -64,6 +64,15 @@ type Request struct { LastSignedAt time.Time DisableFollowRedirects bool + // Additional API error codes that should be retried. IsErrorRetryable + // will consider these codes in addition to its built in cases. + RetryErrorCodes []string + + // Additional API error codes that should be retried with throttle backoff + // delay. IsErrorThrottle will consider these codes in addition to its + // built in cases. + ThrottleErrorCodes []string + // A value greater than 0 instructs the request to be signed as Presigned URL // You should not set this field directly. Instead use Request's // Presign or PresignRequest methods. @@ -231,6 +240,10 @@ func (r *Request) WillRetry() bool { return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries() } +func fmtAttemptCount(retryCount, maxRetries int) string { + return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries) +} + // ParamsFilled returns if the request's parameters have been populated // and the parameters are valid. False is returned if no parameters are // provided or invalid. @@ -259,7 +272,18 @@ func (r *Request) SetStringBody(s string) { // SetReaderBody will set the request's body reader. func (r *Request) SetReaderBody(reader io.ReadSeeker) { r.Body = reader - r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset. + + if aws.IsReaderSeekable(reader) { + var err error + // Get the Bodies current offset so retries will start from the same + // initial position. + r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent) + if err != nil { + r.Error = awserr.New(ErrCodeSerialization, + "failed to determine start of request body", err) + return + } + } r.ResetBody() } @@ -330,16 +354,15 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil } -func debugLogReqError(r *Request, stage string, retrying bool, err error) { +const ( + notRetrying = "not retrying" +) + +func debugLogReqError(r *Request, stage, retryStr string, err error) { if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) { return } - retryStr := "not retrying" - if retrying { - retryStr = "will retry" - } - r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v", stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err)) } @@ -358,12 +381,12 @@ func (r *Request) Build() error { if !r.built { r.Handlers.Validate.Run(r) if r.Error != nil { - debugLogReqError(r, "Validate Request", false, r.Error) + debugLogReqError(r, "Validate Request", notRetrying, r.Error) return r.Error } r.Handlers.Build.Run(r) if r.Error != nil { - debugLogReqError(r, "Build Request", false, r.Error) + debugLogReqError(r, "Build Request", notRetrying, r.Error) return r.Error } r.built = true @@ -379,7 +402,7 @@ func (r *Request) Build() error { func (r *Request) Sign() error { r.Build() if r.Error != nil { - debugLogReqError(r, "Build Request", false, r.Error) + debugLogReqError(r, "Build Request", notRetrying, r.Error) return r.Error } @@ -387,12 +410,16 @@ func (r *Request) Sign() error { return r.Error } -func (r *Request) getNextRequestBody() (io.ReadCloser, error) { +func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) { if r.safeBody != nil { r.safeBody.Close() } - r.safeBody = newOffsetReader(r.Body, r.BodyStart) + r.safeBody, err = newOffsetReader(r.Body, r.BodyStart) + if err != nil { + return nil, awserr.New(ErrCodeSerialization, + "failed to get next request body reader", err) + } // Go 1.8 tightened and clarified the rules code needs to use when building // requests with the http package. Go 1.8 removed the automatic detection @@ -409,10 +436,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) { // Related golang/go#18257 l, err := aws.SeekerLen(r.Body) if err != nil { - return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err) + return nil, awserr.New(ErrCodeSerialization, + "failed to compute request body size", err) } - var body io.ReadCloser if l == 0 { body = NoBody } else if l > 0 { @@ -473,29 +500,28 @@ func (r *Request) Send() error { r.AttemptTime = time.Now() if err := r.Sign(); err != nil { - debugLogReqError(r, "Sign Request", false, err) + debugLogReqError(r, "Sign Request", notRetrying, err) return err } if err := r.sendRequest(); err == nil { return nil - } else if !shouldRetryCancel(r.Error) { - return err - } else { - r.Handlers.Retry.Run(r) - r.Handlers.AfterRetry.Run(r) + } + r.Handlers.Retry.Run(r) + r.Handlers.AfterRetry.Run(r) - if r.Error != nil || !aws.BoolValue(r.Retryable) { - return r.Error - } + if r.Error != nil || !aws.BoolValue(r.Retryable) { + return r.Error + } - r.prepareRetry() - continue + if err := r.prepareRetry(); err != nil { + r.Error = err + return err } } } -func (r *Request) prepareRetry() { +func (r *Request) prepareRetry() error { if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) { r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d", r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount)) @@ -506,12 +532,19 @@ func (r *Request) prepareRetry() { // the request's body even though the Client's Do returned. r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil) r.ResetBody() + if err := r.Error; err != nil { + return awserr.New(ErrCodeSerialization, + "failed to prepare body for retry", err) + + } // Closing response body to ensure that no response body is leaked // between retry attempts. if r.HTTPResponse != nil && r.HTTPResponse.Body != nil { r.HTTPResponse.Body.Close() } + + return nil } func (r *Request) sendRequest() (sendErr error) { @@ -520,7 +553,9 @@ func (r *Request) sendRequest() (sendErr error) { r.Retryable = nil r.Handlers.Send.Run(r) if r.Error != nil { - debugLogReqError(r, "Send Request", r.WillRetry(), r.Error) + debugLogReqError(r, "Send Request", + fmtAttemptCount(r.RetryCount, r.MaxRetries()), + r.Error) return r.Error } @@ -528,13 +563,17 @@ func (r *Request) sendRequest() (sendErr error) { r.Handlers.ValidateResponse.Run(r) if r.Error != nil { r.Handlers.UnmarshalError.Run(r) - debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error) + debugLogReqError(r, "Validate Response", + fmtAttemptCount(r.RetryCount, r.MaxRetries()), + r.Error) return r.Error } r.Handlers.Unmarshal.Run(r) if r.Error != nil { - debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error) + debugLogReqError(r, "Unmarshal Response", + fmtAttemptCount(r.RetryCount, r.MaxRetries()), + r.Error) return r.Error } @@ -561,48 +600,6 @@ func AddToUserAgent(r *Request, s string) { r.HTTPRequest.Header.Set("User-Agent", s) } -type temporary interface { - Temporary() bool -} - -func shouldRetryCancel(err error) bool { - switch err := err.(type) { - case awserr.Error: - if err.Code() == CanceledErrorCode { - return false - } - return shouldRetryCancel(err.OrigErr()) - case *url.Error: - if strings.Contains(err.Error(), "connection refused") { - // Refused connections should be retried as the service may not yet - // be running on the port. Go TCP dial considers refused - // connections as not temporary. - return true - } - // *url.Error only implements Temporary after golang 1.6 but since - // url.Error only wraps the error: - return shouldRetryCancel(err.Err) - case temporary: - // If the error is temporary, we want to allow continuation of the - // retry process - return err.Temporary() - case nil: - // `awserr.Error.OrigErr()` can be nil, meaning there was an error but - // because we don't know the cause, it is marked as retryable. See - // TestRequest4xxUnretryable for an example. - return true - default: - switch err.Error() { - case "net/http: request canceled", - "net/http: request canceled while waiting for connection": - // known 1.5 error case when an http request is cancelled - return false - } - // here we don't know the error; so we allow a retry. - return true - } -} - // SanitizeHostForHeader removes default port from host and updates request.Host func SanitizeHostForHeader(r *http.Request) { host := getHost(r) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go index 7c6a8000f675..de1292f45a23 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go @@ -4,6 +4,8 @@ package request import ( "net/http" + + "github.com/aws/aws-sdk-go/aws/awserr" ) // NoBody is a http.NoBody reader instructing Go HTTP client to not include @@ -24,7 +26,8 @@ var NoBody = http.NoBody func (r *Request) ResetBody() { body, err := r.getNextRequestBody() if err != nil { - r.Error = err + r.Error = awserr.New(ErrCodeSerialization, + "failed to reset request body", err) return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go index a633ed5acfa3..f093fc542df0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go @@ -146,7 +146,7 @@ func (r *Request) nextPageTokens() []interface{} { return nil } case bool: - if v == false { + if !v { return nil } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go index d0aa54c6d106..c4e659b01d12 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/retryer.go @@ -1,23 +1,41 @@ package request import ( + "net" + "net/url" + "strings" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" ) -// Retryer is an interface to control retry logic for a given service. -// The default implementation used by most services is the client.DefaultRetryer -// structure, which contains basic retry logic using exponential backoff. +// Retryer provides the interface drive the SDK's request retry behavior. The +// Retryer implementation is responsible for implementing exponential backoff, +// and determine if a request API error should be retried. +// +// client.DefaultRetryer is the SDK's default implementation of the Retryer. It +// uses the which uses the Request.IsErrorRetryable and Request.IsErrorThrottle +// methods to determine if the request is retried. type Retryer interface { + // RetryRules return the retry delay that should be used by the SDK before + // making another request attempt for the failed request. RetryRules(*Request) time.Duration + + // ShouldRetry returns if the failed request is retryable. + // + // Implementations may consider request attempt count when determining if a + // request is retryable, but the SDK will use MaxRetries to limit the + // number of attempts a request are made. ShouldRetry(*Request) bool + + // MaxRetries is the number of times a request may be retried before + // failing. MaxRetries() int } -// WithRetryer sets a config Retryer value to the given Config returning it -// for chaining. +// WithRetryer sets a Retryer value to the given Config returning the Config +// value for chaining. func WithRetryer(cfg *aws.Config, retryer Retryer) *aws.Config { cfg.Retryer = retryer return cfg @@ -108,32 +126,90 @@ func isNestedErrorRetryable(parentErr awserr.Error) bool { // IsErrorRetryable returns whether the error is retryable, based on its Code. // Returns false if error is nil. func IsErrorRetryable(err error) bool { - if err != nil { - if aerr, ok := err.(awserr.Error); ok { - return isCodeRetryable(aerr.Code()) || isNestedErrorRetryable(aerr) + if err == nil { + return false + } + return shouldRetryError(err) +} + +type temporary interface { + Temporary() bool +} + +func shouldRetryError(origErr error) bool { + switch err := origErr.(type) { + case awserr.Error: + if err.Code() == CanceledErrorCode { + return false + } + if isNestedErrorRetryable(err) { + return true + } + + origErr := err.OrigErr() + var shouldRetry bool + if origErr != nil { + shouldRetry := shouldRetryError(origErr) + if err.Code() == "RequestError" && !shouldRetry { + return false + } + } + if isCodeRetryable(err.Code()) { + return true + } + return shouldRetry + + case *url.Error: + if strings.Contains(err.Error(), "connection refused") { + // Refused connections should be retried as the service may not yet + // be running on the port. Go TCP dial considers refused + // connections as not temporary. + return true + } + // *url.Error only implements Temporary after golang 1.6 but since + // url.Error only wraps the error: + return shouldRetryError(err.Err) + + case temporary: + if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" { + return true + } + // If the error is temporary, we want to allow continuation of the + // retry process + return err.Temporary() || isErrConnectionReset(origErr) + + case nil: + // `awserr.Error.OrigErr()` can be nil, meaning there was an error but + // because we don't know the cause, it is marked as retryable. See + // TestRequest4xxUnretryable for an example. + return true + + default: + switch err.Error() { + case "net/http: request canceled", + "net/http: request canceled while waiting for connection": + // known 1.5 error case when an http request is cancelled + return false } + // here we don't know the error; so we allow a retry. + return true } - return false } // IsErrorThrottle returns whether the error is to be throttled based on its code. // Returns false if error is nil. func IsErrorThrottle(err error) bool { - if err != nil { - if aerr, ok := err.(awserr.Error); ok { - return isCodeThrottle(aerr.Code()) - } + if aerr, ok := err.(awserr.Error); ok && aerr != nil { + return isCodeThrottle(aerr.Code()) } return false } -// IsErrorExpiredCreds returns whether the error code is a credential expiry error. -// Returns false if error is nil. +// IsErrorExpiredCreds returns whether the error code is a credential expiry +// error. Returns false if error is nil. func IsErrorExpiredCreds(err error) bool { - if err != nil { - if aerr, ok := err.(awserr.Error); ok { - return isCodeExpiredCreds(aerr.Code()) - } + if aerr, ok := err.(awserr.Error); ok && aerr != nil { + return isCodeExpiredCreds(aerr.Code()) } return false } @@ -143,17 +219,44 @@ func IsErrorExpiredCreds(err error) bool { // // Alias for the utility function IsErrorRetryable func (r *Request) IsErrorRetryable() bool { + if isErrCode(r.Error, r.RetryErrorCodes) { + return true + } + return IsErrorRetryable(r.Error) } -// IsErrorThrottle returns whether the error is to be throttled based on its code. -// Returns false if the request has no Error set +// IsErrorThrottle returns whether the error is to be throttled based on its +// code. Returns false if the request has no Error set. // // Alias for the utility function IsErrorThrottle func (r *Request) IsErrorThrottle() bool { + if isErrCode(r.Error, r.ThrottleErrorCodes) { + return true + } + + if r.HTTPResponse != nil { + switch r.HTTPResponse.StatusCode { + case 429, 502, 503, 504: + return true + } + } + return IsErrorThrottle(r.Error) } +func isErrCode(err error, codes []string) bool { + if aerr, ok := err.(awserr.Error); ok && aerr != nil { + for _, code := range codes { + if code == aerr.Code() { + return true + } + } + } + + return false +} + // IsErrorExpired returns whether the error code is a credential expiry error. // Returns false if the request has no Error set. // diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go new file mode 100644 index 000000000000..7713ccfca5eb --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -0,0 +1,259 @@ +package session + +import ( + "fmt" + "os" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/credentials/processcreds" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" + "github.com/aws/aws-sdk-go/aws/defaults" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/internal/shareddefaults" +) + +func resolveCredentials(cfg *aws.Config, + envCfg envConfig, sharedCfg sharedConfig, + handlers request.Handlers, + sessOpts Options, +) (*credentials.Credentials, error) { + + switch { + case len(sessOpts.Profile) != 0: + // User explicitly provided an Profile in the session's configuration + // so load that profile from shared config first. + // Github(aws/aws-sdk-go#2727) + return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) + + case envCfg.Creds.HasKeys(): + // Environment credentials + return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil + + case len(envCfg.WebIdentityTokenFilePath) != 0: + // Web identity token from environment, RoleARN required to also be + // set. + return assumeWebIdentity(cfg, handlers, + envCfg.WebIdentityTokenFilePath, + envCfg.RoleARN, + envCfg.RoleSessionName, + ) + + default: + // Fallback to the "default" credential resolution chain. + return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) + } +} + +// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but +// 'AWS_IAM_ROLE_ARN' was not set. +var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil) + +// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but +// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set. +var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil) + +func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers, + filepath string, + roleARN, sessionName string, +) (*credentials.Credentials, error) { + + if len(filepath) == 0 { + return nil, WebIdentityEmptyTokenFilePathErr + } + + if len(roleARN) == 0 { + return nil, WebIdentityEmptyRoleARNErr + } + + creds := stscreds.NewWebIdentityCredentials( + &Session{ + Config: cfg, + Handlers: handlers.Copy(), + }, + roleARN, + sessionName, + filepath, + ) + + return creds, nil +} + +func resolveCredsFromProfile(cfg *aws.Config, + envCfg envConfig, sharedCfg sharedConfig, + handlers request.Handlers, + sessOpts Options, +) (creds *credentials.Credentials, err error) { + + switch { + case sharedCfg.SourceProfile != nil: + // Assume IAM role with credentials source from a different profile. + creds, err = resolveCredsFromProfile(cfg, envCfg, + *sharedCfg.SourceProfile, handlers, sessOpts, + ) + + case sharedCfg.Creds.HasKeys(): + // Static Credentials from Shared Config/Credentials file. + creds = credentials.NewStaticCredentialsFromCreds( + sharedCfg.Creds, + ) + + case len(sharedCfg.CredentialProcess) != 0: + // Get credentials from CredentialProcess + creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) + + case len(sharedCfg.CredentialSource) != 0: + creds, err = resolveCredsFromSource(cfg, envCfg, + sharedCfg, handlers, sessOpts, + ) + + case len(sharedCfg.WebIdentityTokenFile) != 0: + // Credentials from Assume Web Identity token require an IAM Role, and + // that roll will be assumed. May be wrapped with another assume role + // via SourceProfile. + return assumeWebIdentity(cfg, handlers, + sharedCfg.WebIdentityTokenFile, + sharedCfg.RoleARN, + sharedCfg.RoleSessionName, + ) + + default: + // Fallback to default credentials provider, include mock errors for + // the credential chain so user can identify why credentials failed to + // be retrieved. + creds = credentials.NewCredentials(&credentials.ChainProvider{ + VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), + Providers: []credentials.Provider{ + &credProviderError{ + Err: awserr.New("EnvAccessKeyNotFound", + "failed to find credentials in the environment.", nil), + }, + &credProviderError{ + Err: awserr.New("SharedCredsLoad", + fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil), + }, + defaults.RemoteCredProvider(*cfg, handlers), + }, + }) + } + if err != nil { + return nil, err + } + + if len(sharedCfg.RoleARN) > 0 { + cfgCp := *cfg + cfgCp.Credentials = creds + return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) + } + + return creds, nil +} + +// valid credential source values +const ( + credSourceEc2Metadata = "Ec2InstanceMetadata" + credSourceEnvironment = "Environment" + credSourceECSContainer = "EcsContainer" +) + +func resolveCredsFromSource(cfg *aws.Config, + envCfg envConfig, sharedCfg sharedConfig, + handlers request.Handlers, + sessOpts Options, +) (creds *credentials.Credentials, err error) { + + switch sharedCfg.CredentialSource { + case credSourceEc2Metadata: + p := defaults.RemoteCredProvider(*cfg, handlers) + creds = credentials.NewCredentials(p) + + case credSourceEnvironment: + creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds) + + case credSourceECSContainer: + if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { + return nil, ErrSharedConfigECSContainerEnvVarEmpty + } + + p := defaults.RemoteCredProvider(*cfg, handlers) + creds = credentials.NewCredentials(p) + + default: + return nil, ErrSharedConfigInvalidCredSource + } + + return creds, nil +} + +func credsFromAssumeRole(cfg aws.Config, + handlers request.Handlers, + sharedCfg sharedConfig, + sessOpts Options, +) (*credentials.Credentials, error) { + + if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil { + // AssumeRole Token provider is required if doing Assume Role + // with MFA. + return nil, AssumeRoleTokenProviderNotSetError{} + } + + return stscreds.NewCredentials( + &Session{ + Config: &cfg, + Handlers: handlers.Copy(), + }, + sharedCfg.RoleARN, + func(opt *stscreds.AssumeRoleProvider) { + opt.RoleSessionName = sharedCfg.RoleSessionName + opt.Duration = sessOpts.AssumeRoleDuration + + // Assume role with external ID + if len(sharedCfg.ExternalID) > 0 { + opt.ExternalID = aws.String(sharedCfg.ExternalID) + } + + // Assume role with MFA + if len(sharedCfg.MFASerial) > 0 { + opt.SerialNumber = aws.String(sharedCfg.MFASerial) + opt.TokenProvider = sessOpts.AssumeRoleTokenProvider + } + }, + ), nil +} + +// AssumeRoleTokenProviderNotSetError is an error returned when creating a +// session when the MFAToken option is not set when shared config is configured +// load assume a role with an MFA token. +type AssumeRoleTokenProviderNotSetError struct{} + +// Code is the short id of the error. +func (e AssumeRoleTokenProviderNotSetError) Code() string { + return "AssumeRoleTokenProviderNotSetError" +} + +// Message is the description of the error +func (e AssumeRoleTokenProviderNotSetError) Message() string { + return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.") +} + +// OrigErr is the underlying error that caused the failure. +func (e AssumeRoleTokenProviderNotSetError) OrigErr() error { + return nil +} + +// Error satisfies the error interface. +func (e AssumeRoleTokenProviderNotSetError) Error() string { + return awserr.SprintError(e.Code(), e.Message(), "", nil) +} + +type credProviderError struct { + Err error +} + +func (c credProviderError) Retrieve() (credentials.Value, error) { + return credentials.Value{}, c.Err +} +func (c credProviderError) IsExpired() bool { + return true +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go index 38a7b05a6216..7ec66e7e589a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/doc.go @@ -1,97 +1,93 @@ /* -Package session provides configuration for the SDK's service clients. - -Sessions can be shared across all service clients that share the same base -configuration. The Session is built from the SDK's default configuration and -request handlers. - -Sessions should be cached when possible, because creating a new Session will -load all configuration values from the environment, and config files each time -the Session is created. Sharing the Session value across all of your service -clients will ensure the configuration is loaded the fewest number of times possible. - -Concurrency +Package session provides configuration for the SDK's service clients. Sessions +can be shared across service clients that share the same base configuration. Sessions are safe to use concurrently as long as the Session is not being -modified. The SDK will not modify the Session once the Session has been created. -Creating service clients concurrently from a shared Session is safe. - -Sessions from Shared Config - -Sessions can be created using the method above that will only load the -additional config if the AWS_SDK_LOAD_CONFIG environment variable is set. -Alternatively you can explicitly create a Session with shared config enabled. -To do this you can use NewSessionWithOptions to configure how the Session will -be created. Using the NewSessionWithOptions with SharedConfigState set to -SharedConfigEnable will create the session as if the AWS_SDK_LOAD_CONFIG -environment variable was set. +modified. Sessions should be cached when possible, because creating a new +Session will load all configuration values from the environment, and config +files each time the Session is created. Sharing the Session value across all of +your service clients will ensure the configuration is loaded the fewest number +of times possible. -Creating Sessions - -When creating Sessions optional aws.Config values can be passed in that will -override the default, or loaded config values the Session is being created -with. This allows you to provide additional, or case based, configuration -as needed. +Sessions options from Shared Config By default NewSession will only load credentials from the shared credentials file (~/.aws/credentials). If the AWS_SDK_LOAD_CONFIG environment variable is set to a truthy value the Session will be created from the configuration values from the shared config (~/.aws/config) and shared credentials -(~/.aws/credentials) files. See the section Sessions from Shared Config for -more information. +(~/.aws/credentials) files. Using the NewSessionWithOptions with +SharedConfigState set to SharedConfigEnable will create the session as if the +AWS_SDK_LOAD_CONFIG environment variable was set. -Create a Session with the default config and request handlers. With credentials -region, and profile loaded from the environment and shared config automatically. -Requires the AWS_PROFILE to be set, or "default" is used. +Credential and config loading order - // Create Session - sess := session.Must(session.NewSession()) +The Session will attempt to load configuration and credentials from the +environment, configuration files, and other credential sources. The order +configuration is loaded in is: - // Create a Session with a custom region - sess := session.Must(session.NewSession(&aws.Config{ - Region: aws.String("us-east-1"), - })) + * Environment Variables + * Shared Credentials file + * Shared Configuration file (if SharedConfig is enabled) + * EC2 Instance Metadata (credentials only) - // Create a S3 client instance from a session - sess := session.Must(session.NewSession()) +The Environment variables for credentials will have precedence over shared +config even if SharedConfig is enabled. To override this behavior, and use +shared config credentials instead specify the session.Options.Profile, (e.g. +when using credential_source=Environment to assume a role). + + sess, err := session.NewSessionWithOptions(session.Options{ + Profile: "myProfile", + }) - svc := s3.New(sess) +Creating Sessions -Create Session With Option Overrides +Creating a Session without additional options will load credentials region, and +profile loaded from the environment and shared config automatically. See, +"Environment Variables" section for information on environment variables used +by Session. -In addition to NewSession, Sessions can be created using NewSessionWithOptions. -This func allows you to control and override how the Session will be created -through code instead of being driven by environment variables only. + // Create Session + sess, err := session.NewSession() -Use NewSessionWithOptions when you want to provide the config profile, or -override the shared config state (AWS_SDK_LOAD_CONFIG). + +When creating Sessions optional aws.Config values can be passed in that will +override the default, or loaded, config values the Session is being created +with. This allows you to provide additional, or case based, configuration +as needed. + + // Create a Session with a custom region + sess, err := session.NewSession(&aws.Config{ + Region: aws.String("us-west-2"), + }) + +Use NewSessionWithOptions to provide additional configuration driving how the +Session's configuration will be loaded. Such as, specifying shared config +profile, or override the shared config state, (AWS_SDK_LOAD_CONFIG). // Equivalent to session.NewSession() - sess := session.Must(session.NewSessionWithOptions(session.Options{ + sess, err := session.NewSessionWithOptions(session.Options{ // Options - })) + }) - // Specify profile to load for the session's config - sess := session.Must(session.NewSessionWithOptions(session.Options{ - Profile: "profile_name", - })) + sess, err := session.NewSessionWithOptions(session.Options{ + // Specify profile to load for the session's config + Profile: "profile_name", - // Specify profile for config and region for requests - sess := session.Must(session.NewSessionWithOptions(session.Options{ - Config: aws.Config{Region: aws.String("us-east-1")}, - Profile: "profile_name", - })) + // Provide SDK Config options, such as Region. + Config: aws.Config{ + Region: aws.String("us-west-2"), + }, - // Force enable Shared Config support - sess := session.Must(session.NewSessionWithOptions(session.Options{ + // Force enable Shared Config support SharedConfigState: session.SharedConfigEnable, - })) + }) Adding Handlers -You can add handlers to a session for processing HTTP requests. All service -clients that use the session inherit the handlers. For example, the following -handler logs every request and its payload made by a service client: +You can add handlers to a session to decorate API operation, (e.g. adding HTTP +headers). All clients that use the Session receive a copy of the Session's +handlers. For example, the following request handler added to the Session logs +every requests made. // Create a session, and add additional handlers for all service // clients created with the Session to inherit. Adds logging handler. @@ -99,22 +95,15 @@ handler logs every request and its payload made by a service client: sess.Handlers.Send.PushFront(func(r *request.Request) { // Log every request made and its payload - logger.Printf("Request: %s/%s, Payload: %s", + logger.Printf("Request: %s/%s, Params: %s", r.ClientInfo.ServiceName, r.Operation, r.Params) }) -Deprecated "New" function - -The New session function has been deprecated because it does not provide good -way to return errors that occur when loading the configuration files and values. -Because of this, NewSession was created so errors can be retrieved when -creating a session fails. - Shared Config Fields -By default the SDK will only load the shared credentials file's (~/.aws/credentials) -credentials values, and all other config is provided by the environment variables, -SDK defaults, and user provided aws.Config values. +By default the SDK will only load the shared credentials file's +(~/.aws/credentials) credentials values, and all other config is provided by +the environment variables, SDK defaults, and user provided aws.Config values. If the AWS_SDK_LOAD_CONFIG environment variable is set, or SharedConfigEnable option is used to create the Session the full shared config values will be @@ -125,24 +114,31 @@ files have the same format. If both config files are present the configuration from both files will be read. The Session will be created from configuration values from the shared -credentials file (~/.aws/credentials) over those in the shared config file (~/.aws/config). +credentials file (~/.aws/credentials) over those in the shared config file +(~/.aws/config). -Credentials are the values the SDK should use for authenticating requests with -AWS Services. They are from a configuration file will need to include both -aws_access_key_id and aws_secret_access_key must be provided together in the -same file to be considered valid. The values will be ignored if not a complete -group. aws_session_token is an optional field that can be provided if both of -the other two fields are also provided. +Credentials are the values the SDK uses to authenticating requests with AWS +Services. When specified in a file, both aws_access_key_id and +aws_secret_access_key must be provided together in the same file to be +considered valid. They will be ignored if both are not present. +aws_session_token is an optional field that can be provided in addition to the +other two fields. aws_access_key_id = AKID aws_secret_access_key = SECRET aws_session_token = TOKEN -Assume Role values allow you to configure the SDK to assume an IAM role using -a set of credentials provided in a config file via the source_profile field. -Both "role_arn" and "source_profile" are required. The SDK supports assuming -a role with MFA token if the session option AssumeRoleTokenProvider -is set. + ; region only supported if SharedConfigEnabled. + region = us-east-1 + +Assume Role configuration + +The role_arn field allows you to configure the SDK to assume an IAM role using +a set of credentials from another source. Such as when paired with static +credentials, "profile_source", "credential_process", or "credential_source" +fields. If "role_arn" is provided, a source of credentials must also be +specified, such as "source_profile", "credential_source", or +"credential_process". role_arn = arn:aws:iam:::role/ source_profile = profile_with_creds @@ -150,40 +146,16 @@ is set. mfa_serial = role_session_name = session_name -Region is the region the SDK should use for looking up AWS service endpoints -and signing requests. - - region = us-east-1 - -Assume Role with MFA token -To create a session with support for assuming an IAM role with MFA set the -session option AssumeRoleTokenProvider to a function that will prompt for the -MFA token code when the SDK assumes the role and refreshes the role's credentials. -This allows you to configure the SDK via the shared config to assumea role -with MFA tokens. - -In order for the SDK to assume a role with MFA the SharedConfigState -session option must be set to SharedConfigEnable, or AWS_SDK_LOAD_CONFIG -environment variable set. - -The shared configuration instructs the SDK to assume an IAM role with MFA -when the mfa_serial configuration field is set in the shared config -(~/.aws/config) or shared credentials (~/.aws/credentials) file. - -If mfa_serial is set in the configuration, the SDK will assume the role, and -the AssumeRoleTokenProvider session option is not set an an error will -be returned when creating the session. +The SDK supports assuming a role with MFA token. If "mfa_serial" is set, you +must also set the Session Option.AssumeRoleTokenProvider. The Session will fail +to load if the AssumeRoleTokenProvider is not specified. sess := session.Must(session.NewSessionWithOptions(session.Options{ AssumeRoleTokenProvider: stscreds.StdinTokenProvider, })) - // Create service client value configured for credentials - // from assumed role. - svc := s3.New(sess) - -To setup assume role outside of a session see the stscreds.AssumeRoleProvider +To setup Assume Role outside of a session see the stscreds.AssumeRoleProvider documentation. Environment Variables diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index e3959b959ef9..60a6f9ce2a4d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -99,21 +99,41 @@ type envConfig struct { CustomCABundle string csmEnabled string - CSMEnabled bool + CSMEnabled *bool CSMPort string + CSMHost string CSMClientID string - enableEndpointDiscovery string // Enables endpoint discovery via environment variables. // // AWS_ENABLE_ENDPOINT_DISCOVERY=true EnableEndpointDiscovery *bool + enableEndpointDiscovery string + + // Specifies the WebIdentity token the SDK should use to assume a role + // with. + // + // AWS_WEB_IDENTITY_TOKEN_FILE=file_path + WebIdentityTokenFilePath string + + // Specifies the IAM role arn to use when assuming an role. + // + // AWS_ROLE_ARN=role_arn + RoleARN string + + // Specifies the IAM role session name to use when assuming a role. + // + // AWS_ROLE_SESSION_NAME=session_name + RoleSessionName string } var ( csmEnabledEnvKey = []string{ "AWS_CSM_ENABLED", } + csmHostEnvKey = []string{ + "AWS_CSM_HOST", + } csmPortEnvKey = []string{ "AWS_CSM_PORT", } @@ -150,6 +170,15 @@ var ( sharedConfigFileEnvKey = []string{ "AWS_CONFIG_FILE", } + webIdentityTokenFilePathEnvKey = []string{ + "AWS_WEB_IDENTITY_TOKEN_FILE", + } + roleARNEnvKey = []string{ + "AWS_ROLE_ARN", + } + roleSessionNameEnvKey = []string{ + "AWS_ROLE_SESSION_NAME", + } ) // loadEnvConfig retrieves the SDK's environment configuration. @@ -178,21 +207,33 @@ func envConfigLoad(enableSharedConfig bool) envConfig { cfg.EnableSharedConfig = enableSharedConfig - setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey) - setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey) - setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey) + // Static environment credentials + var creds credentials.Value + setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey) + setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey) + setFromEnvVal(&creds.SessionToken, credSessionEnvKey) + if creds.HasKeys() { + // Require logical grouping of credentials + creds.ProviderName = EnvProviderName + cfg.Creds = creds + } + + // Role Metadata + setFromEnvVal(&cfg.RoleARN, roleARNEnvKey) + setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey) + + // Web identity environment variables + setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey) // CSM environment variables setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) + setFromEnvVal(&cfg.CSMHost, csmHostEnvKey) setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) - cfg.CSMEnabled = len(cfg.csmEnabled) > 0 - // Require logical grouping of credentials - if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 { - cfg.Creds = credentials.Value{} - } else { - cfg.Creds.ProviderName = EnvProviderName + if len(cfg.csmEnabled) != 0 { + v, _ := strconv.ParseBool(cfg.csmEnabled) + cfg.CSMEnabled = &v } regionKeys := regionEnvKeys diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index be4b5f077722..fa1362ff7406 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -8,19 +8,17 @@ import ( "io/ioutil" "net/http" "os" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/corehandlers" "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/credentials/processcreds" - "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/csm" "github.com/aws/aws-sdk-go/aws/defaults" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/internal/shareddefaults" ) const ( @@ -106,8 +104,20 @@ func New(cfgs ...*aws.Config) *Session { } s := deprecatedNewSession(cfgs...) - if envCfg.CSMEnabled { - enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) + + if csmCfg, err := loadCSMConfig(envCfg, []string{}); err != nil { + if l := s.Config.Logger; l != nil { + l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err)) + } + } else if csmCfg.Enabled { + err := enableCSM(&s.Handlers, csmCfg, s.Config.Logger) + if err != nil { + err = fmt.Errorf("failed to enable CSM, %v", err) + s.Config.Logger.Log("ERROR:", err.Error()) + s.Handlers.Validate.PushBack(func(r *request.Request) { + r.Error = err + }) + } } return s @@ -210,6 +220,12 @@ type Options struct { // the config enables assume role wit MFA via the mfa_serial field. AssumeRoleTokenProvider func() (string, error) + // When the SDK's shared config is configured to assume a role this option + // may be provided to set the expiry duration of the STS credentials. + // Defaults to 15 minutes if not set as documented in the + // stscreds.AssumeRoleProvider. + AssumeRoleDuration time.Duration + // Reader for a custom Credentials Authority (CA) bundle in PEM format that // the SDK will use instead of the default system's root CA bundle. Use this // only if you want to replace the CA bundle the SDK uses for TLS requests. @@ -224,6 +240,12 @@ type Options struct { // to also enable this feature. CustomCABundle session option field has priority // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. CustomCABundle io.Reader + + // The handlers that the session and all API clients will be created with. + // This must be a complete set of handlers. Use the defaults.Handlers() + // function to initialize this value before changing the handlers to be + // used by the SDK. + Handlers request.Handlers } // NewSessionWithOptions returns a new Session created from SDK defaults, config files, @@ -263,7 +285,7 @@ func NewSessionWithOptions(opts Options) (*Session, error) { envCfg = loadEnvConfig() } - if len(opts.Profile) > 0 { + if len(opts.Profile) != 0 { envCfg.Profile = opts.Profile } @@ -329,27 +351,33 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session { return s } -func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) { - logger.Log("Enabling CSM") - if len(port) == 0 { - port = csm.DefaultPort +func enableCSM(handlers *request.Handlers, cfg csmConfig, logger aws.Logger) error { + if logger != nil { + logger.Log("Enabling CSM") } - r, err := csm.Start(clientID, "127.0.0.1:"+port) + r, err := csm.Start(cfg.ClientID, csm.AddressWithDefaults(cfg.Host, cfg.Port)) if err != nil { - return + return err } r.InjectHandlers(handlers) + + return nil } func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { cfg := defaults.Config() - handlers := defaults.Handlers() + + handlers := opts.Handlers + if handlers.IsEmpty() { + handlers = defaults.Handlers() + } // Get a merged version of the user provided config to determine if // credentials were. userCfg := &aws.Config{} userCfg.MergeIn(cfgs...) + cfg.MergeIn(userCfg) // Ordered config files will be loaded in with later files overwriting // previous config file values. @@ -366,9 +394,17 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, } // Load additional config from file(s) - sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles) + sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig) if err != nil { - return nil, err + if len(envCfg.Profile) == 0 && !envCfg.EnableSharedConfig && (envCfg.Creds.HasKeys() || userCfg.Credentials != nil) { + // Special case where the user has not explicitly specified an AWS_PROFILE, + // or session.Options.profile, shared config is not enabled, and the + // environment has credentials, allow the shared config file to fail to + // load since the user has already provided credentials, and nothing else + // is required to be read file. Github(aws/aws-sdk-go#2455) + } else if _, ok := err.(SharedConfigProfileNotExistsError); !ok { + return nil, err + } } if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { @@ -381,8 +417,16 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, } initHandlers(s) - if envCfg.CSMEnabled { - enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) + + if csmCfg, err := loadCSMConfig(envCfg, cfgFiles); err != nil { + if l := s.Config.Logger; l != nil { + l.Log(fmt.Sprintf("ERROR: failed to load CSM configuration, %v", err)) + } + } else if csmCfg.Enabled { + err = enableCSM(&s.Handlers, csmCfg, s.Config.Logger) + if err != nil { + return nil, err + } } // Setup HTTP client with custom cert bundle if enabled @@ -395,6 +439,46 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, return s, nil } +type csmConfig struct { + Enabled bool + Host string + Port string + ClientID string +} + +var csmProfileName = "aws_csm" + +func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) { + if envCfg.CSMEnabled != nil { + if *envCfg.CSMEnabled { + return csmConfig{ + Enabled: true, + ClientID: envCfg.CSMClientID, + Host: envCfg.CSMHost, + Port: envCfg.CSMPort, + }, nil + } + return csmConfig{}, nil + } + + sharedCfg, err := loadSharedConfig(csmProfileName, cfgFiles, false) + if err != nil { + if _, ok := err.(SharedConfigProfileNotExistsError); !ok { + return csmConfig{}, err + } + } + if sharedCfg.CSMEnabled != nil && *sharedCfg.CSMEnabled == true { + return csmConfig{ + Enabled: true, + ClientID: sharedCfg.CSMClientID, + Host: sharedCfg.CSMHost, + Port: sharedCfg.CSMPort, + }, nil + } + + return csmConfig{}, nil +} + func loadCustomCABundle(s *Session, bundle io.Reader) error { var t *http.Transport switch v := s.Config.HTTPClient.Transport.(type) { @@ -443,9 +527,11 @@ func loadCertPool(r io.Reader) (*x509.CertPool, error) { return p, nil } -func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error { - // Merge in user provided configuration - cfg.MergeIn(userCfg) +func mergeConfigSrcs(cfg, userCfg *aws.Config, + envCfg envConfig, sharedCfg sharedConfig, + handlers request.Handlers, + sessOpts Options, +) error { // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { @@ -464,164 +550,19 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share } } - // Configure credentials if not already set + // Configure credentials if not already set by the user when creating the + // Session. if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { - - // inspect the profile to see if a credential source has been specified. - if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { - - // if both credential_source and source_profile have been set, return an error - // as this is undefined behavior. - if len(sharedCfg.AssumeRole.SourceProfile) > 0 { - return ErrSharedConfigSourceCollision - } - - // valid credential source values - const ( - credSourceEc2Metadata = "Ec2InstanceMetadata" - credSourceEnvironment = "Environment" - credSourceECSContainer = "EcsContainer" - ) - - switch sharedCfg.AssumeRole.CredentialSource { - case credSourceEc2Metadata: - cfgCp := *cfg - p := defaults.RemoteCredProvider(cfgCp, handlers) - cfgCp.Credentials = credentials.NewCredentials(p) - - if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { - // AssumeRole Token provider is required if doing Assume Role - // with MFA. - return AssumeRoleTokenProviderNotSetError{} - } - - cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts) - case credSourceEnvironment: - cfg.Credentials = credentials.NewStaticCredentialsFromCreds( - envCfg.Creds, - ) - case credSourceECSContainer: - if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { - return ErrSharedConfigECSContainerEnvVarEmpty - } - - cfgCp := *cfg - p := defaults.RemoteCredProvider(cfgCp, handlers) - creds := credentials.NewCredentials(p) - - cfg.Credentials = creds - default: - return ErrSharedConfigInvalidCredSource - } - - return nil - } - - if len(envCfg.Creds.AccessKeyID) > 0 { - cfg.Credentials = credentials.NewStaticCredentialsFromCreds( - envCfg.Creds, - ) - } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { - cfgCp := *cfg - cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( - sharedCfg.AssumeRoleSource.Creds, - ) - - if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { - // AssumeRole Token provider is required if doing Assume Role - // with MFA. - return AssumeRoleTokenProviderNotSetError{} - } - - cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts) - } else if len(sharedCfg.Creds.AccessKeyID) > 0 { - cfg.Credentials = credentials.NewStaticCredentialsFromCreds( - sharedCfg.Creds, - ) - } else if len(sharedCfg.CredentialProcess) > 0 { - cfg.Credentials = processcreds.NewCredentials( - sharedCfg.CredentialProcess, - ) - } else { - // Fallback to default credentials provider, include mock errors - // for the credential chain so user can identify why credentials - // failed to be retrieved. - cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{ - VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), - Providers: []credentials.Provider{ - &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)}, - &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)}, - defaults.RemoteCredProvider(*cfg, handlers), - }, - }) + creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) + if err != nil { + return err } + cfg.Credentials = creds } return nil } -func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials { - return stscreds.NewCredentials( - &Session{ - Config: &cfg, - Handlers: handlers.Copy(), - }, - sharedCfg.AssumeRole.RoleARN, - func(opt *stscreds.AssumeRoleProvider) { - opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName - - // Assume role with external ID - if len(sharedCfg.AssumeRole.ExternalID) > 0 { - opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) - } - - // Assume role with MFA - if len(sharedCfg.AssumeRole.MFASerial) > 0 { - opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial) - opt.TokenProvider = sessOpts.AssumeRoleTokenProvider - } - }, - ) -} - -// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the -// MFAToken option is not set when shared config is configured load assume a -// role with an MFA token. -type AssumeRoleTokenProviderNotSetError struct{} - -// Code is the short id of the error. -func (e AssumeRoleTokenProviderNotSetError) Code() string { - return "AssumeRoleTokenProviderNotSetError" -} - -// Message is the description of the error -func (e AssumeRoleTokenProviderNotSetError) Message() string { - return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.") -} - -// OrigErr is the underlying error that caused the failure. -func (e AssumeRoleTokenProviderNotSetError) OrigErr() error { - return nil -} - -// Error satisfies the error interface. -func (e AssumeRoleTokenProviderNotSetError) Error() string { - return awserr.SprintError(e.Code(), e.Message(), "", nil) -} - -type credProviderError struct { - Err error -} - -var emptyCreds = credentials.Value{} - -func (c credProviderError) Retrieve() (credentials.Value, error) { - return credentials.Value{}, c.Err -} -func (c credProviderError) IsExpired() bool { - return true -} - func initHandlers(s *Session) { // Add the Validate parameter handler if it is not disabled. s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 7cb44021b3fc..d91ac93a5444 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -5,7 +5,6 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/internal/ini" ) @@ -23,13 +22,23 @@ const ( mfaSerialKey = `mfa_serial` // optional roleSessionNameKey = `role_session_name` // optional + // CSM options + csmEnabledKey = `csm_enabled` + csmHostKey = `csm_host` + csmPortKey = `csm_port` + csmClientIDKey = `csm_client_id` + // Additional Config fields regionKey = `region` // endpoint discovery group enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional + // External Credential Process - credentialProcessKey = `credential_process` + credentialProcessKey = `credential_process` // optional + + // Web Identity Token File + webIdentityTokenFileKey = `web_identity_token_file` // optional // DefaultSharedConfigProfile is the default profile to be used when // loading configuration from the config files if another profile name @@ -37,36 +46,33 @@ const ( DefaultSharedConfigProfile = `default` ) -type assumeRoleConfig struct { - RoleARN string - SourceProfile string - CredentialSource string - ExternalID string - MFASerial string - RoleSessionName string -} - // sharedConfig represents the configuration fields of the SDK config files. type sharedConfig struct { - // Credentials values from the config file. Both aws_access_key_id - // and aws_secret_access_key must be provided together in the same file - // to be considered valid. The values will be ignored if not a complete group. - // aws_session_token is an optional field that can be provided if both of the - // other two fields are also provided. + // Credentials values from the config file. Both aws_access_key_id and + // aws_secret_access_key must be provided together in the same file to be + // considered valid. The values will be ignored if not a complete group. + // aws_session_token is an optional field that can be provided if both of + // the other two fields are also provided. // // aws_access_key_id // aws_secret_access_key // aws_session_token Creds credentials.Value - AssumeRole assumeRoleConfig - AssumeRoleSource *sharedConfig + CredentialSource string + CredentialProcess string + WebIdentityTokenFile string - // An external process to request credentials - CredentialProcess string + RoleARN string + RoleSessionName string + ExternalID string + MFASerial string - // Region is the region the SDK should use for looking up AWS service endpoints - // and signing requests. + SourceProfileName string + SourceProfile *sharedConfig + + // Region is the region the SDK should use for looking up AWS service + // endpoints and signing requests. // // region Region string @@ -76,6 +82,12 @@ type sharedConfig struct { // // endpoint_discovery_enabled = true EnableEndpointDiscovery *bool + + // CSM Options + CSMEnabled *bool + CSMHost string + CSMPort string + CSMClientID string } type sharedConfigFile struct { @@ -83,17 +95,18 @@ type sharedConfigFile struct { IniData ini.Sections } -// loadSharedConfig retrieves the configuration from the list of files -// using the profile provided. The order the files are listed will determine +// loadSharedConfig retrieves the configuration from the list of files using +// the profile provided. The order the files are listed will determine // precedence. Values in subsequent files will overwrite values defined in // earlier files. // // For example, given two files A and B. Both define credentials. If the order -// of the files are A then B, B's credential values will be used instead of A's. +// of the files are A then B, B's credential values will be used instead of +// A's. // // See sharedConfig.setFromFile for information how the config files // will be loaded. -func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) { +func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) { if len(profile) == 0 { profile = DefaultSharedConfigProfile } @@ -104,16 +117,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) } cfg := sharedConfig{} - if err = cfg.setFromIniFiles(profile, files); err != nil { + profiles := map[string]struct{}{} + if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil { return sharedConfig{}, err } - if len(cfg.AssumeRole.SourceProfile) > 0 { - if err := cfg.setAssumeRoleSource(profile, files); err != nil { - return sharedConfig{}, err - } - } - return cfg, nil } @@ -137,60 +145,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) { return files, nil } -func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error { - var assumeRoleSrc sharedConfig - - if len(cfg.AssumeRole.CredentialSource) > 0 { - // setAssumeRoleSource is only called when source_profile is found. - // If both source_profile and credential_source are set, then - // ErrSharedConfigSourceCollision will be returned - return ErrSharedConfigSourceCollision +func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error { + // Trim files from the list that don't exist. + var skippedFiles int + var profileNotFoundErr error + for _, f := range files { + if err := cfg.setFromIniFile(profile, f, exOpts); err != nil { + if _, ok := err.(SharedConfigProfileNotExistsError); ok { + // Ignore profiles not defined in individual files. + profileNotFoundErr = err + skippedFiles++ + continue + } + return err + } + } + if skippedFiles == len(files) { + // If all files were skipped because the profile is not found, return + // the original profile not found error. + return profileNotFoundErr } - // Multiple level assume role chains are not support - if cfg.AssumeRole.SourceProfile == origProfile { - assumeRoleSrc = *cfg - assumeRoleSrc.AssumeRole = assumeRoleConfig{} + if _, ok := profiles[profile]; ok { + // if this is the second instance of the profile the Assume Role + // options must be cleared because they are only valid for the + // first reference of a profile. The self linked instance of the + // profile only have credential provider options. + cfg.clearAssumeRoleOptions() } else { - err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files) - if err != nil { + // First time a profile has been seen, It must either be a assume role + // or credentials. Assert if the credential type requires a role ARN, + // the ARN is also set. + if err := cfg.validateCredentialsRequireARN(profile); err != nil { return err } } + profiles[profile] = struct{}{} - if len(assumeRoleSrc.Creds.AccessKeyID) == 0 { - return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN} + if err := cfg.validateCredentialType(); err != nil { + return err } - cfg.AssumeRoleSource = &assumeRoleSrc + // Link source profiles for assume roles + if len(cfg.SourceProfileName) != 0 { + // Linked profile via source_profile ignore credential provider + // options, the source profile must provide the credentials. + cfg.clearCredentialOptions() - return nil -} - -func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error { - // Trim files from the list that don't exist. - for _, f := range files { - if err := cfg.setFromIniFile(profile, f); err != nil { + srcCfg := &sharedConfig{} + err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts) + if err != nil { + // SourceProfile that doesn't exist is an error in configuration. if _, ok := err.(SharedConfigProfileNotExistsError); ok { - // Ignore proviles missings - continue + err = SharedConfigAssumeRoleError{ + RoleARN: cfg.RoleARN, + SourceProfile: cfg.SourceProfileName, + } } return err } + + if !srcCfg.hasCredentials() { + return SharedConfigAssumeRoleError{ + RoleARN: cfg.RoleARN, + SourceProfile: cfg.SourceProfileName, + } + } + + cfg.SourceProfile = srcCfg } return nil } -// setFromFile loads the configuration from the file using -// the profile provided. A sharedConfig pointer type value is used so that -// multiple config file loadings can be chained. +// setFromFile loads the configuration from the file using the profile +// provided. A sharedConfig pointer type value is used so that multiple config +// file loadings can be chained. // // Only loads complete logically grouped values, and will not set fields in cfg -// for incomplete grouped values in the config. Such as credentials. For example -// if a config file only includes aws_access_key_id but no aws_secret_access_key -// the aws_access_key_id will be ignored. -func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error { +// for incomplete grouped values in the config. Such as credentials. For +// example if a config file only includes aws_access_key_id but no +// aws_secret_access_key the aws_access_key_id will be ignored. +func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error { section, ok := file.IniData.GetSection(profile) if !ok { // Fallback to to alternate profile name: profile @@ -200,51 +236,141 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e } } + if exOpts { + // Assume Role Parameters + updateString(&cfg.RoleARN, section, roleArnKey) + updateString(&cfg.ExternalID, section, externalIDKey) + updateString(&cfg.MFASerial, section, mfaSerialKey) + updateString(&cfg.RoleSessionName, section, roleSessionNameKey) + updateString(&cfg.SourceProfileName, section, sourceProfileKey) + updateString(&cfg.CredentialSource, section, credentialSourceKey) + + updateString(&cfg.Region, section, regionKey) + } + + updateString(&cfg.CredentialProcess, section, credentialProcessKey) + updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey) + // Shared Credentials - akid := section.String(accessKeyIDKey) - secret := section.String(secretAccessKey) - if len(akid) > 0 && len(secret) > 0 { - cfg.Creds = credentials.Value{ - AccessKeyID: akid, - SecretAccessKey: secret, - SessionToken: section.String(sessionTokenKey), - ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), - } + creds := credentials.Value{ + AccessKeyID: section.String(accessKeyIDKey), + SecretAccessKey: section.String(secretAccessKey), + SessionToken: section.String(sessionTokenKey), + ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), + } + if creds.HasKeys() { + cfg.Creds = creds + } + + // Endpoint discovery + updateBoolPtr(&cfg.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey) + + // CSM options + updateBoolPtr(&cfg.CSMEnabled, section, csmEnabledKey) + updateString(&cfg.CSMHost, section, csmHostKey) + updateString(&cfg.CSMPort, section, csmPortKey) + updateString(&cfg.CSMClientID, section, csmClientIDKey) + + return nil +} + +func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error { + var credSource string + + switch { + case len(cfg.SourceProfileName) != 0: + credSource = sourceProfileKey + case len(cfg.CredentialSource) != 0: + credSource = credentialSourceKey + case len(cfg.WebIdentityTokenFile) != 0: + credSource = webIdentityTokenFileKey } - // Assume Role - roleArn := section.String(roleArnKey) - srcProfile := section.String(sourceProfileKey) - credentialSource := section.String(credentialSourceKey) - hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 - if len(roleArn) > 0 && hasSource { - cfg.AssumeRole = assumeRoleConfig{ - RoleARN: roleArn, - SourceProfile: srcProfile, - CredentialSource: credentialSource, - ExternalID: section.String(externalIDKey), - MFASerial: section.String(mfaSerialKey), - RoleSessionName: section.String(roleSessionNameKey), + if len(credSource) != 0 && len(cfg.RoleARN) == 0 { + return CredentialRequiresARNError{ + Type: credSource, + Profile: profile, } } - // `credential_process` - if credProc := section.String(credentialProcessKey); len(credProc) > 0 { - cfg.CredentialProcess = credProc + return nil +} + +func (cfg *sharedConfig) validateCredentialType() error { + // Only one or no credential type can be defined. + if !oneOrNone( + len(cfg.SourceProfileName) != 0, + len(cfg.CredentialSource) != 0, + len(cfg.CredentialProcess) != 0, + len(cfg.WebIdentityTokenFile) != 0, + ) { + return ErrSharedConfigSourceCollision } - // Region - if v := section.String(regionKey); len(v) > 0 { - cfg.Region = v + return nil +} + +func (cfg *sharedConfig) hasCredentials() bool { + switch { + case len(cfg.SourceProfileName) != 0: + case len(cfg.CredentialSource) != 0: + case len(cfg.CredentialProcess) != 0: + case len(cfg.WebIdentityTokenFile) != 0: + case cfg.Creds.HasKeys(): + default: + return false } - // Endpoint discovery - if section.Has(enableEndpointDiscoveryKey) { - v := section.Bool(enableEndpointDiscoveryKey) - cfg.EnableEndpointDiscovery = &v + return true +} + +func (cfg *sharedConfig) clearCredentialOptions() { + cfg.CredentialSource = "" + cfg.CredentialProcess = "" + cfg.WebIdentityTokenFile = "" + cfg.Creds = credentials.Value{} +} + +func (cfg *sharedConfig) clearAssumeRoleOptions() { + cfg.RoleARN = "" + cfg.ExternalID = "" + cfg.MFASerial = "" + cfg.RoleSessionName = "" + cfg.SourceProfileName = "" +} + +func oneOrNone(bs ...bool) bool { + var count int + + for _, b := range bs { + if b { + count++ + if count > 1 { + return false + } + } } - return nil + return true +} + +// updateString will only update the dst with the value in the section key, key +// is present in the section. +func updateString(dst *string, section ini.Section, key string) { + if !section.Has(key) { + return + } + *dst = section.String(key) +} + +// updateBoolPtr will only update the dst with the value in the section key, +// key is present in the section. +func updateBoolPtr(dst **bool, section ini.Section, key string) { + if !section.Has(key) { + return + } + *dst = new(bool) + **dst = section.Bool(key) } // SharedConfigLoadError is an error for the shared config file failed to load. @@ -304,7 +430,8 @@ func (e SharedConfigProfileNotExistsError) Error() string { // profile contains assume role information, but that information is invalid // or not complete. type SharedConfigAssumeRoleError struct { - RoleARN string + RoleARN string + SourceProfile string } // Code is the short id of the error. @@ -314,8 +441,10 @@ func (e SharedConfigAssumeRoleError) Code() string { // Message is the description of the error func (e SharedConfigAssumeRoleError) Message() string { - return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials", - e.RoleARN) + return fmt.Sprintf( + "failed to load assume role for %s, source profile %s has no shared credentials", + e.RoleARN, e.SourceProfile, + ) } // OrigErr is the underlying error that caused the failure. @@ -327,3 +456,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error { func (e SharedConfigAssumeRoleError) Error() string { return awserr.SprintError(e.Code(), e.Message(), "", nil) } + +// CredentialRequiresARNError provides the error for shared config credentials +// that are incorrectly configured in the shared config or credentials file. +type CredentialRequiresARNError struct { + // type of credentials that were configured. + Type string + + // Profile name the credentials were in. + Profile string +} + +// Code is the short id of the error. +func (e CredentialRequiresARNError) Code() string { + return "CredentialRequiresARNError" +} + +// Message is the description of the error +func (e CredentialRequiresARNError) Message() string { + return fmt.Sprintf( + "credential type %s requires role_arn, profile %s", + e.Type, e.Profile, + ) +} + +// OrigErr is the underlying error that caused the failure. +func (e CredentialRequiresARNError) OrigErr() error { + return nil +} + +// Error satisfies the error interface. +func (e CredentialRequiresARNError) Error() string { + return awserr.SprintError(e.Code(), e.Message(), "", nil) +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 523db79f8d2a..8104793aa5bc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -687,7 +687,11 @@ func (ctx *signingCtx) buildBodyDigest() error { if !aws.IsReaderSeekable(ctx.Body) { return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body) } - hash = hex.EncodeToString(makeSha256Reader(ctx.Body)) + hashBytes, err := makeSha256Reader(ctx.Body) + if err != nil { + return err + } + hash = hex.EncodeToString(hashBytes) } if includeSHA256Header { @@ -734,10 +738,16 @@ func makeSha256(data []byte) []byte { return hash.Sum(nil) } -func makeSha256Reader(reader io.ReadSeeker) []byte { +func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) { hash := sha256.New() - start, _ := reader.Seek(0, sdkio.SeekCurrent) - defer reader.Seek(start, sdkio.SeekStart) + start, err := reader.Seek(0, sdkio.SeekCurrent) + if err != nil { + return nil, err + } + defer func() { + // ensure error is return if unable to seek back to start of payload. + _, err = reader.Seek(start, sdkio.SeekStart) + }() // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies // smaller than 32KB. Fall back to io.Copy if we fail to determine the size. @@ -748,7 +758,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte { io.CopyN(hash, reader, size) } - return hash.Sum(nil) + return hash.Sum(nil), nil } const doubleSpace = " " diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go index 8b6f23425a66..455091540fdf 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go @@ -7,13 +7,18 @@ import ( "github.com/aws/aws-sdk-go/internal/sdkio" ) -// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should -// only be used with an io.Reader that is also an io.Seeker. Doing so may -// cause request signature errors, or request body's not sent for GET, HEAD -// and DELETE HTTP methods. +// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the +// SDK to accept an io.Reader that is not also an io.Seeker for unsigned +// streaming payload API operations. // -// Deprecated: Should only be used with io.ReadSeeker. If using for -// S3 PutObject to stream content use s3manager.Uploader instead. +// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API +// operation's input will prevent that operation being retried in the case of +// network errors, and cause operation requests to fail if the operation +// requires payload signing. +// +// Note: If using With S3 PutObject to stream an object upload The SDK's S3 +// Upload manager (s3manager.Uploader) provides support for streaming with the +// ability to retry network errors. func ReadSeekCloser(r io.Reader) ReaderSeekerCloser { return ReaderSeekerCloser{r} } @@ -43,7 +48,8 @@ func IsReaderSeekable(r io.Reader) bool { // Read reads from the reader up to size of p. The number of bytes read, and // error if it occurred will be returned. // -// If the reader is not an io.Reader zero bytes read, and nil error will be returned. +// If the reader is not an io.Reader zero bytes read, and nil error will be +// returned. // // Performs the same functionality as io.Reader Read func (r ReaderSeekerCloser) Read(p []byte) (int, error) { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index b82d20b7ff7c..56913fc04f97 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.19.39" +const SDKVersion = "1.23.19" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index f99703372c4e..e56dcee2f8e5 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go @@ -304,7 +304,9 @@ loop: stmt := newCommentStatement(tok) stack.Push(stmt) default: - return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok)) + return nil, NewParseError( + fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", + k, tok.Type())) } if len(tokens) > 0 { @@ -314,7 +316,7 @@ loop: // this occurs when a statement has not been completed if stack.top > 1 { - return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container)) + return nil, NewParseError(fmt.Sprintf("incomplete ini expression")) } // returns a sublist which excludes the start symbol diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go new file mode 100644 index 000000000000..44898eed0fdd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go @@ -0,0 +1,15 @@ +// +build go1.10 + +package sdkmath + +import "math" + +// Round returns the nearest integer, rounding half away from zero. +// +// Special cases are: +// Round(±0) = ±0 +// Round(±Inf) = ±Inf +// Round(NaN) = NaN +func Round(x float64) float64 { + return math.Round(x) +} diff --git a/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go new file mode 100644 index 000000000000..810ec7f08b00 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go @@ -0,0 +1,56 @@ +// +build !go1.10 + +package sdkmath + +import "math" + +// Copied from the Go standard library's (Go 1.12) math/floor.go for use in +// Go version prior to Go 1.10. +const ( + uvone = 0x3FF0000000000000 + mask = 0x7FF + shift = 64 - 11 - 1 + bias = 1023 + signMask = 1 << 63 + fracMask = 1<= 0.5 { + // return t + Copysign(1, x) + // } + // return t + // } + bits := math.Float64bits(x) + e := uint(bits>>shift) & mask + if e < bias { + // Round abs(x) < 1 including denormals. + bits &= signMask // +-0 + if e == bias-1 { + bits |= uvone // +-1 + } + } else if e < bias+shift { + // Round any abs(x) >= 1 containing a fractional component [0,1). + // + // Numbers with larger exponents are returned unchanged since they + // must be either an integer, infinity, or NaN. + const half = 1 << (shift - 1) + e -= bias + bits += half >> e + bits &^= fracMask >> e + } + return math.Float64frombits(bits) +} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go index de021367da24..74e361e070d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go @@ -146,6 +146,9 @@ func unmarshalStatusCode(v reflect.Value, statusCode int) { } func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) error { + if len(headers) == 0 { + return nil + } switch r.Interface().(type) { case map[string]*string: // we only support string map value types out := map[string]*string{} @@ -155,19 +158,28 @@ func unmarshalHeaderMap(r reflect.Value, headers http.Header, prefix string) err out[k[len(prefix):]] = &v[0] } } - r.Set(reflect.ValueOf(out)) + if len(out) != 0 { + r.Set(reflect.ValueOf(out)) + } + } return nil } func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) error { - isJSONValue := tag.Get("type") == "jsonvalue" - if isJSONValue { + switch tag.Get("type") { + case "jsonvalue": if len(header) == 0 { return nil } - } else if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) { - return nil + case "blob": + if len(header) == 0 { + return nil + } + default: + if !v.IsValid() || (header == "" && v.Elem().Kind() != reflect.String) { + return nil + } } switch v.Interface().(type) { @@ -178,7 +190,7 @@ func unmarshalHeader(v reflect.Value, header string, tag reflect.StructTag) erro if err != nil { return err } - v.Set(reflect.ValueOf(&b)) + v.Set(reflect.ValueOf(b)) case *bool: b, err := strconv.ParseBool(header) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go index cf569645dc22..07a6187ea624 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go @@ -39,7 +39,7 @@ func Build(r *request.Request) { r.Error = awserr.NewRequestFailure( awserr.New(request.ErrCodeSerialization, "failed to encode rest XML request", err), - r.HTTPResponse.StatusCode, + 0, r.RequestID, ) return diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go index b7ed6c6f8100..05d4ff519258 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go @@ -1,8 +1,11 @@ package protocol import ( + "math" "strconv" "time" + + "github.com/aws/aws-sdk-go/internal/sdkmath" ) // Names of time formats supported by the SDK @@ -13,12 +16,19 @@ const ( ) // Time formats supported by the SDK +// Output time is intended to not contain decimals const ( // RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT" + // This format is used for output time without seconds precision + RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT" + // RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z - ISO8601TimeFormat = "2006-01-02T15:04:05Z" + ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z" + + // This format is used for output time without seconds precision + ISO8601OutputTimeFormat = "2006-01-02T15:04:05Z" ) // IsKnownTimestampFormat returns if the timestamp format name @@ -42,9 +52,9 @@ func FormatTime(name string, t time.Time) string { switch name { case RFC822TimeFormatName: - return t.Format(RFC822TimeFormat) + return t.Format(RFC822OutputTimeFormat) case ISO8601TimeFormatName: - return t.Format(ISO8601TimeFormat) + return t.Format(ISO8601OutputTimeFormat) case UnixTimeFormatName: return strconv.FormatInt(t.Unix(), 10) default: @@ -62,10 +72,12 @@ func ParseTime(formatName, value string) (time.Time, error) { return time.Parse(ISO8601TimeFormat, value) case UnixTimeFormatName: v, err := strconv.ParseFloat(value, 64) + _, dec := math.Modf(v) + dec = sdkmath.Round(dec*1e3) / 1e3 //Rounds 0.1229999 to 0.123 if err != nil { return time.Time{}, err } - return time.Unix(int64(v), 0), nil + return time.Unix(int64(v), int64(dec*(1e9))), nil default: panic("unknown timestamp format name, " + formatName) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go index bf4c2c5d72bb..8c889ff34554 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go @@ -90,23 +90,23 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // one or more tables. You identify requested items by primary key. // // A single operation can retrieve up to 16 MB of data, which can contain as -// many as 100 items. BatchGetItem will return a partial result if the response +// many as 100 items. BatchGetItem returns a partial result if the response // size limit is exceeded, the table's provisioned throughput is exceeded, or // an internal processing failure occurs. If a partial result is returned, the // operation returns a value for UnprocessedKeys. You can use this value to // retry the operation starting with the next item to get. // -// If you request more than 100 items BatchGetItem will return a ValidationException -// with the message "Too many items requested for the BatchGetItem call". +// If you request more than 100 items, BatchGetItem returns a ValidationException +// with the message "Too many items requested for the BatchGetItem call." // // For example, if you ask to retrieve 100 items, but each individual item is // 300 KB in size, the system returns 52 items (so as not to exceed the 16 MB // limit). It also returns an appropriate UnprocessedKeys value so you can get // the next page of results. If desired, your application can include its own -// logic to assemble the pages of results into one data set. +// logic to assemble the pages of results into one dataset. // // If none of the items can be processed due to insufficient provisioned throughput -// on all of the tables in the request, then BatchGetItem will return a ProvisionedThroughputExceededException. +// on all of the tables in the request, then BatchGetItem returns a ProvisionedThroughputExceededException. // If at least one of the items is successfully processed, then BatchGetItem // completes successfully, while returning the keys of the unread items in UnprocessedKeys. // @@ -133,7 +133,7 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // // If a requested item does not exist, it is not returned in the result. Requests // for nonexistent items consume the minimum read capacity units according to -// the type of read. For more information, see Capacity Units Calculations (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#CapacityUnitCalculations) +// the type of read. For more information, see Working with Tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#CapacityUnitCalculations) // in the Amazon DynamoDB Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -158,8 +158,8 @@ func (c *DynamoDB) BatchGetItemRequest(input *BatchGetItemInput) (req *request.R // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -317,9 +317,8 @@ func (c *DynamoDB) BatchWriteItemRequest(input *BatchWriteItemInput) (req *reque // check for unprocessed items and submit a new BatchWriteItem request with // those unprocessed items until all items have been processed. // -// Note that if none of the items can be processed due to insufficient provisioned -// throughput on all of the tables in the request, then BatchWriteItem will -// return a ProvisionedThroughputExceededException. +// If none of the items can be processed due to insufficient provisioned throughput +// on all of the tables in the request, then BatchWriteItem returns a ProvisionedThroughputExceededException. // // If DynamoDB returns any unprocessed items, you should retry the batch operation // on those items. However, we strongly recommend that you use an exponential @@ -328,16 +327,15 @@ func (c *DynamoDB) BatchWriteItemRequest(input *BatchWriteItemInput) (req *reque // tables. If you delay the batch operation using exponential backoff, the individual // requests in the batch are much more likely to succeed. // -// For more information, see Batch Operations and Error Handling (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#BatchOperations) +// For more information, see Batch Operations and Error Handling (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#Programming.Errors.BatchOperations) // in the Amazon DynamoDB Developer Guide. // // With BatchWriteItem, you can efficiently write or delete large amounts of -// data, such as from Amazon Elastic MapReduce (EMR), or copy data from another -// database into DynamoDB. In order to improve performance with these large-scale -// operations, BatchWriteItem does not behave in the same way as individual -// PutItem and DeleteItem calls would. For example, you cannot specify conditions -// on individual put and delete requests, and BatchWriteItem does not return -// deleted items in the response. +// data, such as from Amazon EMR, or copy data from another database into DynamoDB. +// In order to improve performance with these large-scale operations, BatchWriteItem +// does not behave in the same way as individual PutItem and DeleteItem calls +// would. For example, you cannot specify conditions on individual put and delete +// requests, and BatchWriteItem does not return deleted items in the response. // // If you use a programming language that supports concurrency, you can use // threads to write items in parallel. Your application must include the necessary @@ -400,8 +398,8 @@ func (c *DynamoDB) BatchWriteItemRequest(input *BatchWriteItemInput) (req *reque // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -495,10 +493,10 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // // Creates a backup for an existing table. // -// Each time you create an On-Demand Backup, the entire table data is backed +// Each time you create an on-demand backup, the entire table data is backed // up. There is no limit to the number of on-demand backups that can be taken. // -// When you create an On-Demand Backup, a time marker of the request is cataloged, +// When you create an on-demand backup, a time marker of the request is cataloged, // and the backup is created asynchronously, by applying all changes until the // time of the request to the last full table snapshot. Backup requests are // processed instantaneously and become available for restore within minutes. @@ -510,9 +508,8 @@ func (c *DynamoDB) CreateBackupRequest(input *CreateBackupInput) (req *request.R // // If you submit a backup request on 2018-12-14 at 14:25:00, the backup is guaranteed // to contain all data committed to the table up to 14:24:00, and data committed -// after 14:26:00 will not be. The backup may or may not contain data modifications -// made between 14:24:00 and 14:26:00. On-Demand Backup does not support causal -// consistency. +// after 14:26:00 will not be. The backup might contain data modifications made +// between 14:24:00 and 14:26:00. On-demand backup does not support causal consistency. // // Along with data, the following are also included on the backups: // @@ -652,7 +649,7 @@ func (c *DynamoDB) CreateGlobalTableRequest(input *CreateGlobalTableInput) (req // // Creates a global table from an existing table. A global table creates a replication // relationship between two or more DynamoDB tables with the same table name -// in the provided regions. +// in the provided Regions. // // If you want to add a new replica table to a global table, each of the following // conditions must be true: @@ -804,8 +801,8 @@ func (c *DynamoDB) CreateTableRequest(input *CreateTableInput) (req *request.Req // CreateTable API operation for Amazon DynamoDB. // // The CreateTable operation adds a new table to your account. In an AWS account, -// table names must be unique within each region. That is, you can have two -// tables with same name if you create the tables in different regions. +// table names must be unique within each Region. That is, you can have two +// tables with same name if you create the tables in different Regions. // // CreateTable is an asynchronous operation. Upon receiving a CreateTable request, // DynamoDB immediately returns a response with a TableStatus of CREATING. After @@ -1106,8 +1103,8 @@ func (c *DynamoDB) DeleteItemRequest(input *DeleteItemInput) (req *request.Reque // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -1449,8 +1446,8 @@ func (c *DynamoDB) DescribeContinuousBackupsRequest(input *DescribeContinuousBac // If point in time recovery is enabled, PointInTimeRecoveryStatus will be set // to ENABLED. // -// Once continuous backups and point in time recovery are enabled, you can restore -// to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. +// After continuous backups and point in time recovery are enabled, you can +// restore to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. // // LatestRestorableDateTime is typically 5 minutes before the current time. // You can restore your table to any point in time during the last 35 days. @@ -1796,7 +1793,7 @@ func (c *DynamoDB) DescribeGlobalTableSettingsRequest(input *DescribeGlobalTable // DescribeGlobalTableSettings API operation for Amazon DynamoDB. // -// Describes region specific settings for a global table. +// Describes Region-specific settings for a global table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1900,12 +1897,12 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // DescribeLimits API operation for Amazon DynamoDB. // // Returns the current provisioned-capacity limits for your AWS account in a -// region, both for the region as a whole and for any one DynamoDB table that +// Region, both for the Region as a whole and for any one DynamoDB table that // you create there. // // When you establish an AWS account, the account has initial limits on the // maximum read capacity units and write capacity units that you can provision -// across all of your DynamoDB tables in a given region. Also, there are per-table +// across all of your DynamoDB tables in a given Region. Also, there are per-table // limits that apply when you create a table there. For more information, see // Limits (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) // page in the Amazon DynamoDB Developer Guide. @@ -1918,11 +1915,11 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // // For example, you could use one of the AWS SDKs to do the following: // -// Call DescribeLimits for a particular region to obtain your current account +// Call DescribeLimits for a particular Region to obtain your current account // limits on provisioned capacity there. // // Create a variable to hold the aggregate read capacity units provisioned for -// all your tables in that region, and one to hold the aggregate write capacity +// all your tables in that Region, and one to hold the aggregate write capacity // units. Zero them both. // // Call ListTables to obtain a list of all your DynamoDB tables. @@ -1938,7 +1935,7 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // these GSIs and add their provisioned capacity values to your variables // as well. // -// Report the account limits for that region returned by DescribeLimits, along +// Report the account limits for that Region returned by DescribeLimits, along // with the total current provisioned capacity levels you have calculated. // // This will let you see whether you are getting close to your account-level @@ -1948,8 +1945,8 @@ func (c *DynamoDB) DescribeLimitsRequest(input *DescribeLimitsInput) (req *reque // the sum of the provisioned capacity of the new table itself and all its global // secondary indexes. // -// For existing tables and their GSIs, DynamoDB will not let you increase provisioned -// capacity extremely rapidly, but the only upper limit that applies is that +// For existing tables and their GSIs, DynamoDB doesn't let you increase provisioned +// capacity extremely rapidly. But the only upper limit that applies is that // the aggregate provisioned capacity over all your tables and GSIs cannot exceed // either of the per-account limits. // @@ -2303,8 +2300,8 @@ func (c *DynamoDB) GetItemRequest(input *GetItemInput) (req *request.Request, ou // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -2398,13 +2395,13 @@ func (c *DynamoDB) ListBackupsRequest(input *ListBackupsInput) (req *request.Req // // List backups associated with an AWS account. To list backups for a given // table, specify TableName. ListBackups returns a paginated list of results -// with at most 1MB worth of items in a page. You can also specify a limit for -// the maximum number of entries to be returned in a page. +// with at most 1 MB worth of items in a page. You can also specify a limit +// for the maximum number of entries to be returned in a page. // -// In the request, start time is inclusive but end time is exclusive. Note that -// these limits are for the time at which the original backup was requested. +// In the request, start time is inclusive, but end time is exclusive. Note +// that these limits are for the time at which the original backup was requested. // -// You can call ListBackups a maximum of 5 times per second. +// You can call ListBackups a maximum of five times per second. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2504,7 +2501,7 @@ func (c *DynamoDB) ListGlobalTablesRequest(input *ListGlobalTablesInput) (req *r // ListGlobalTables API operation for Amazon DynamoDB. // -// Lists all global tables that have a replica in the specified region. +// Lists all global tables that have a replica in the specified Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2901,10 +2898,10 @@ func (c *DynamoDB) PutItemRequest(input *PutItemInput) (req *request.Request, ou // // * PutItem in the AWS SDK for Ruby V2 (http://docs.aws.amazon.com/goto/SdkForRubyV2/dynamodb-2012-08-10/PutItem) // -// When you add an item, the primary key attribute(s) are the only required -// attributes. Attribute values cannot be null. String and Binary type attributes -// must have lengths greater than zero. Set type attributes cannot be empty. -// Requests with empty values will be rejected with a ValidationException exception. +// When you add an item, the primary key attributes are the only required attributes. +// Attribute values cannot be null. String and Binary type attributes must have +// lengths greater than zero. Set type attributes cannot be empty. Requests +// with empty values will be rejected with a ValidationException exception. // // To prevent a new item from replacing an existing item, use a conditional // expression that contains the attribute_not_exists function with the name @@ -2947,8 +2944,8 @@ func (c *DynamoDB) PutItemRequest(input *PutItemInput) (req *request.Request, ou // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -3117,8 +3114,8 @@ func (c *DynamoDB) QueryRequest(input *QueryInput) (req *request.Request, output // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -3271,7 +3268,7 @@ func (c *DynamoDB) RestoreTableFromBackupRequest(input *RestoreTableFromBackupIn // // * IAM policies // -// * Cloudwatch metrics and alarms +// * Amazon CloudWatch metrics and alarms // // * Tags // @@ -3431,7 +3428,7 @@ func (c *DynamoDB) RestoreTableToPointInTimeRequest(input *RestoreTableToPointIn // // * IAM policies // -// * Cloudwatch metrics and alarms +// * Amazon CloudWatch metrics and alarms // // * Tags // @@ -3580,16 +3577,16 @@ func (c *DynamoDB) ScanRequest(input *ScanInput) (req *request.Request, output * // every item in a table or a secondary index. To have DynamoDB return fewer // items, you can provide a FilterExpression operation. // -// If the total number of scanned items exceeds the maximum data set size limit +// If the total number of scanned items exceeds the maximum dataset size limit // of 1 MB, the scan stops and results are returned to the user as a LastEvaluatedKey // value to continue the scan in a subsequent operation. The results also include // the number of items exceeding the limit. A scan can result in no table data // meeting the filter criteria. // -// A single Scan operation will read up to the maximum number of items set (if -// using the Limit parameter) or a maximum of 1 MB of data and then apply any -// filtering to the results using FilterExpression. If LastEvaluatedKey is present -// in the response, you will need to paginate the result set. For more information, +// A single Scan operation reads up to the maximum number of items set (if using +// the Limit parameter) or a maximum of 1 MB of data and then apply any filtering +// to the results using FilterExpression. If LastEvaluatedKey is present in +// the response, you need to paginate the result set. For more information, // see Paginating the Results (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Scan.html#Scan.Pagination) // in the Amazon DynamoDB Developer Guide. // @@ -3627,8 +3624,8 @@ func (c *DynamoDB) ScanRequest(input *ScanInput) (req *request.Request, output * // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -3773,8 +3770,8 @@ func (c *DynamoDB) TagResourceRequest(input *TagResourceInput) (req *request.Req // // Associate a set of tags with an Amazon DynamoDB resource. You can then activate // these user-defined tags so that they appear on the Billing and Cost Management -// console for cost allocation tracking. You can call TagResource up to 5 times -// per second, per account. +// console for cost allocation tracking. You can call TagResource up to five +// times per second, per account. // // For an overview on tagging DynamoDB resources, see Tagging for DynamoDB (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) // in the Amazon DynamoDB Developer Guide. @@ -3902,10 +3899,21 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // // TransactGetItems is a synchronous operation that atomically retrieves multiple // items from one or more tables (but not from indexes) in a single account -// and region. A TransactGetItems call can contain up to 10 TransactGetItem +// and Region. A TransactGetItems call can contain up to 25 TransactGetItem // objects, each of which contains a Get structure that specifies an item to -// retrieve from a table in the account and region. A call to TransactGetItems -// cannot retrieve items from tables in more than one AWS account or region. +// retrieve from a table in the account and Region. A call to TransactGetItems +// cannot retrieve items from tables in more than one AWS account or Region. +// The aggregate size of the items in the transaction cannot exceed 4 MB. +// +// All AWS Regions and AWS GovCloud (US) support up to 25 items per transaction +// with up to 4 MB of data, except the following AWS Regions: +// +// * China (Beijing) +// +// * China (Ningxia) +// +// The China (Beijing) and China (Ningxia) Regions support up to 10 items per +// transaction with up to 4 MB of data. // // DynamoDB rejects the entire TransactGetItems request if any of the following // is true: @@ -3918,6 +3926,8 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // // * There is a user error, such as an invalid data format. // +// * The aggregate size of the items in the transaction cannot exceed 4 MB. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3931,9 +3941,9 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // might not be specified correctly, or its status might not be ACTIVE. // // * ErrCodeTransactionCanceledException "TransactionCanceledException" -// The entire transaction request was rejected. +// The entire transaction request was canceled. // -// DynamoDB rejects a TransactWriteItems request under the following circumstances: +// DynamoDB cancels a TransactWriteItems request under the following circumstances: // // * A condition in one of the condition expressions is not met. // @@ -3950,9 +3960,11 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // -// DynamoDB rejects a TransactGetItems request under the following circumstances: +// DynamoDB cancels a TransactGetItems request under the following circumstances: // // * There is an ongoing TransactGetItems operation that conflicts with a // concurrent PutItem, UpdateItem, DeleteItem or TransactWriteItems request. @@ -3964,8 +3976,61 @@ func (c *DynamoDB) TransactGetItemsRequest(input *TransactGetItemsInput) (req *r // * There is insufficient provisioned capacity for the transaction to be // completed. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // +// If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons +// property. This property is not set for other languages. Transaction cancellation +// reasons are ordered in the order of requested items, if an item has no error +// it will have NONE code and Null message. +// +// Cancellation reason codes and possible error messages: +// +// * No Errors: Code: NONE Message: null +// +// * Conditional Check Failed: Code: ConditionalCheckFailed Message: The +// conditional request failed. +// +// * Item Collection Size Limit Exceeded: Code: ItemCollectionSizeLimitExceeded +// Message: Collection size exceeded. +// +// * Transaction Conflict: Code: TransactionConflict Message: Transaction +// is ongoing for the item. +// +// * Provisioned Throughput Exceeded: Code: ProvisionedThroughputExceeded +// Messages: The level of configured provisioned throughput for the table +// was exceeded. Consider increasing your provisioning level with the UpdateTable +// API. This Message is received when provisioned throughput is exceeded +// is on a provisioned DynamoDB table. The level of configured provisioned +// throughput for one or more global secondary indexes of the table was exceeded. +// Consider increasing your provisioning level for the under-provisioned +// global secondary indexes with the UpdateTable API. This message is returned +// when provisioned throughput is exceeded is on a provisioned GSI. +// +// * Throttling Error: Code: ThrottlingError Messages: Throughput exceeds +// the current capacity of your table or index. DynamoDB is automatically +// scaling your table or index so please try again shortly. If exceptions +// persist, check if you have a hot key: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html. +// This message is returned when writes get throttled on an On-Demand table +// as DynamoDB is automatically scaling the table. Throughput exceeds the +// current capacity for one or more global secondary indexes. DynamoDB is +// automatically scaling your index so please try again shortly. This message +// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is automatically scaling the GSI. +// +// * Validation Error: Code: ValidationError Messages: One or more parameter +// values were invalid. The update expression attempted to update the secondary +// index key beyond allowed size limits. The update expression attempted +// to update the secondary index key to unsupported type. An operand in the +// update expression has an incorrect data type. Item size to update has +// exceeded the maximum allowed size. Number overflow. Attempting to store +// a number with magnitude larger than supported range. Type mismatch for +// attribute to update. Nesting Levels have exceeded supported limits. The +// document path provided in the update expression is invalid for update. +// The provided expression refers to an attribute that does not exist in +// the item. +// // * ErrCodeProvisionedThroughputExceededException "ProvisionedThroughputExceededException" // Your request rate is too high. The AWS SDKs for DynamoDB automatically retry // requests that receive this exception. Your request is eventually successful, @@ -4064,11 +4129,22 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // TransactWriteItems API operation for Amazon DynamoDB. // -// TransactWriteItems is a synchronous write operation that groups up to 10 +// TransactWriteItems is a synchronous write operation that groups up to 25 // action requests. These actions can target items in different tables, but -// not in different AWS accounts or regions, and no two actions can target the +// not in different AWS accounts or Regions, and no two actions can target the // same item. For example, you cannot both ConditionCheck and Update the same -// item. +// item. The aggregate size of the items in the transaction cannot exceed 4 +// MB. +// +// All AWS Regions and AWS GovCloud (US) support up to 25 items per transaction +// with up to 4 MB of data, except the following AWS Regions: +// +// * China (Beijing) +// +// * China (Ningxia) +// +// The China (Beijing) and China (Ningxia) Regions support up to 10 items per +// transaction with up to 4 MB of data. // // The actions are completed atomically so that either all of them succeed, // or all of them fail. They are defined by the following objects: @@ -4077,44 +4153,45 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // specifies the primary key of the item to be written, the name of the table // to write it in, an optional condition expression that must be satisfied // for the write to succeed, a list of the item's attributes, and a field -// indicating whether or not to retrieve the item's attributes if the condition +// indicating whether to retrieve the item's attributes if the condition // is not met. // // * Update — Initiates an UpdateItem operation to update an existing item. // This structure specifies the primary key of the item to be updated, the // name of the table where it resides, an optional condition expression that // must be satisfied for the update to succeed, an expression that defines -// one or more attributes to be updated, and a field indicating whether or -// not to retrieve the item's attributes if the condition is not met. +// one or more attributes to be updated, and a field indicating whether to +// retrieve the item's attributes if the condition is not met. // // * Delete — Initiates a DeleteItem operation to delete an existing item. // This structure specifies the primary key of the item to be deleted, the // name of the table where it resides, an optional condition expression that // must be satisfied for the deletion to succeed, and a field indicating -// whether or not to retrieve the item's attributes if the condition is not -// met. +// whether to retrieve the item's attributes if the condition is not met. // // * ConditionCheck — Applies a condition to an item that is not being // modified by the transaction. This structure specifies the primary key // of the item to be checked, the name of the table where it resides, a condition // expression that must be satisfied for the transaction to succeed, and -// a field indicating whether or not to retrieve the item's attributes if -// the condition is not met. +// a field indicating whether to retrieve the item's attributes if the condition +// is not met. // // DynamoDB rejects the entire TransactWriteItems request if any of the following // is true: // // * A condition in one of the condition expressions is not met. // -// * A conflicting operation is in the process of updating the same item. +// * An ongoing operation is in the process of updating the same item. // // * There is insufficient provisioned capacity for the transaction to be // completed. // -// * An item size becomes too large (bigger than 400 KB), a Local Secondary -// Index (LSI) becomes too large, or a similar validation error occurs because +// * An item size becomes too large (bigger than 400 KB), a local secondary +// index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MB. +// // * There is a user error, such as an invalid data format. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4130,9 +4207,9 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // might not be specified correctly, or its status might not be ACTIVE. // // * ErrCodeTransactionCanceledException "TransactionCanceledException" -// The entire transaction request was rejected. +// The entire transaction request was canceled. // -// DynamoDB rejects a TransactWriteItems request under the following circumstances: +// DynamoDB cancels a TransactWriteItems request under the following circumstances: // // * A condition in one of the condition expressions is not met. // @@ -4149,9 +4226,11 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // -// DynamoDB rejects a TransactGetItems request under the following circumstances: +// DynamoDB cancels a TransactGetItems request under the following circumstances: // // * There is an ongoing TransactGetItems operation that conflicts with a // concurrent PutItem, UpdateItem, DeleteItem or TransactWriteItems request. @@ -4163,8 +4242,61 @@ func (c *DynamoDB) TransactWriteItemsRequest(input *TransactWriteItemsInput) (re // * There is insufficient provisioned capacity for the transaction to be // completed. // +// * The aggregate size of the items in the transaction exceeds 4 MBs. +// // * There is a user error, such as an invalid data format. // +// If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons +// property. This property is not set for other languages. Transaction cancellation +// reasons are ordered in the order of requested items, if an item has no error +// it will have NONE code and Null message. +// +// Cancellation reason codes and possible error messages: +// +// * No Errors: Code: NONE Message: null +// +// * Conditional Check Failed: Code: ConditionalCheckFailed Message: The +// conditional request failed. +// +// * Item Collection Size Limit Exceeded: Code: ItemCollectionSizeLimitExceeded +// Message: Collection size exceeded. +// +// * Transaction Conflict: Code: TransactionConflict Message: Transaction +// is ongoing for the item. +// +// * Provisioned Throughput Exceeded: Code: ProvisionedThroughputExceeded +// Messages: The level of configured provisioned throughput for the table +// was exceeded. Consider increasing your provisioning level with the UpdateTable +// API. This Message is received when provisioned throughput is exceeded +// is on a provisioned DynamoDB table. The level of configured provisioned +// throughput for one or more global secondary indexes of the table was exceeded. +// Consider increasing your provisioning level for the under-provisioned +// global secondary indexes with the UpdateTable API. This message is returned +// when provisioned throughput is exceeded is on a provisioned GSI. +// +// * Throttling Error: Code: ThrottlingError Messages: Throughput exceeds +// the current capacity of your table or index. DynamoDB is automatically +// scaling your table or index so please try again shortly. If exceptions +// persist, check if you have a hot key: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html. +// This message is returned when writes get throttled on an On-Demand table +// as DynamoDB is automatically scaling the table. Throughput exceeds the +// current capacity for one or more global secondary indexes. DynamoDB is +// automatically scaling your index so please try again shortly. This message +// is returned when when writes get throttled on an On-Demand GSI as DynamoDB +// is automatically scaling the GSI. +// +// * Validation Error: Code: ValidationError Messages: One or more parameter +// values were invalid. The update expression attempted to update the secondary +// index key beyond allowed size limits. The update expression attempted +// to update the secondary index key to unsupported type. An operand in the +// update expression has an incorrect data type. Item size to update has +// exceeded the maximum allowed size. Number overflow. Attempting to store +// a number with magnitude larger than supported range. Type mismatch for +// attribute to update. Nesting Levels have exceeded supported limits. The +// document path provided in the update expression is invalid for update. +// The provided expression refers to an attribute that does not exist in +// the item. +// // * ErrCodeTransactionInProgressException "TransactionInProgressException" // The transaction with the given request token is already in progress. // @@ -4272,7 +4404,7 @@ func (c *DynamoDB) UntagResourceRequest(input *UntagResourceInput) (req *request // UntagResource API operation for Amazon DynamoDB. // // Removes the association of tags from an Amazon DynamoDB resource. You can -// call UntagResource up to 5 times per second, per account. +// call UntagResource up to five times per second, per account. // // For an overview on tagging DynamoDB resources, see Tagging for DynamoDB (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html) // in the Amazon DynamoDB Developer Guide. @@ -4408,7 +4540,7 @@ func (c *DynamoDB) UpdateContinuousBackupsRequest(input *UpdateContinuousBackups // to any point in time within EarliestRestorableDateTime and LatestRestorableDateTime. // // LatestRestorableDateTime is typically 5 minutes before the current time. -// You can restore your table to any point in time during the last 35 days.. +// You can restore your table to any point in time during the last 35 days. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4517,9 +4649,9 @@ func (c *DynamoDB) UpdateGlobalTableRequest(input *UpdateGlobalTableInput) (req // // Adds or removes replicas in the specified global table. The global table // must already exist to be able to use this operation. Any replica to be added -// must be empty, must have the same name as the global table, must have the -// same key schema, and must have DynamoDB Streams enabled and must have same -// provisioned and maximum write capacity units. +// must be empty, have the same name as the global table, have the same key +// schema, have DynamoDB Streams enabled, and have the same provisioned and +// maximum write capacity units. // // Although you can use UpdateGlobalTable to add replicas and remove replicas // in a single request, for simplicity we recommend that you issue separate @@ -4816,8 +4948,8 @@ func (c *DynamoDB) UpdateItemRequest(input *UpdateItemInput) (req *request.Reque // // * ErrCodeRequestLimitExceeded "RequestLimitExceeded" // Throughput exceeds the current throughput limit for your account. Please -// contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) -// to request a limit increase. +// contact AWS Support at AWS Support (https://aws.amazon.com/support) to request +// a limit increase. // // * ErrCodeInternalServerError "InternalServerError" // An error occurred on the server side. @@ -4916,11 +5048,11 @@ func (c *DynamoDB) UpdateTableRequest(input *UpdateTableInput) (req *request.Req // // * Modify the provisioned throughput settings of the table. // -// * Enable or disable Streams on the table. +// * Enable or disable DynamoDB Streams on the table. // // * Remove a global secondary index from the table. // -// * Create a new global secondary index on the table. Once the index begins +// * Create a new global secondary index on the table. After the index begins // backfilling, you can use UpdateTable to perform other operations. // // UpdateTable is an asynchronous operation; while it is executing, the table @@ -5049,9 +5181,9 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // UpdateTimeToLive API operation for Amazon DynamoDB. // -// The UpdateTimeToLive method will enable or disable TTL for the specified -// table. A successful UpdateTimeToLive call returns the current TimeToLiveSpecification; -// it may take up to one hour for the change to fully process. Any additional +// The UpdateTimeToLive method enables or disables Time to Live (TTL) for the +// specified table. A successful UpdateTimeToLive call returns the current TimeToLiveSpecification. +// It can take up to one hour for the change to fully process. Any additional // UpdateTimeToLive calls for the same table during this one hour duration result // in a ValidationException. // @@ -5061,7 +5193,7 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // deleted. // // The epoch time format is the number of seconds elapsed since 12:00:00 AM -// January 1st, 1970 UTC. +// January 1, 1970 UTC. // // DynamoDB deletes expired items on a best-effort basis to ensure availability // of throughput for other data operations. @@ -5071,8 +5203,8 @@ func (c *DynamoDB) UpdateTimeToLiveRequest(input *UpdateTimeToLiveInput) (req *r // to the nature of the workload. Items that have expired and not been deleted // will still show up in reads, queries, and scans. // -// As items are deleted, they are removed from any Local Secondary Index and -// Global Secondary Index immediately in the same eventually consistent way +// As items are deleted, they are removed from any local secondary index and +// global secondary index immediately in the same eventually consistent way // as a standard delete operation. // // For more information, see Time To Live (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html) @@ -6111,7 +6243,7 @@ type BatchGetItemInput struct { // You could then use this substitution in an expression, as in this example: // #P = :val Tokens that begin with the : character are expression attribute // values, which are placeholders for the actual value at runtime. For more - // information on expression attribute names, see Accessing Item Attributes + // information about expression attribute names, see Accessing Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. // @@ -6125,8 +6257,8 @@ type BatchGetItemInput struct { // to retrieve from the table. These attributes can include scalars, sets, // or elements of a JSON document. The attributes in the expression must // be separated by commas. If no attribute names are specified, then all - // attributes will be returned. If any of the requested attributes are not - // found, they will not appear in the result. For more information, see Accessing + // attributes are returned. If any of the requested attributes are not found, + // they do not appear in the result. For more information, see Accessing // Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. // @@ -6292,10 +6424,10 @@ type BatchWriteItemInput struct { // and their values. Each entry in this map consists of an attribute name // and an attribute value. Attribute values must not be null; string and // binary type attributes must have lengths greater than zero; and set type - // attributes must not be empty. Requests that contain empty values will - // be rejected with a ValidationException exception. If you specify any attributes - // that are part of an index key, then the data types for those attributes - // must match those of the schema in the table's attribute definition. + // attributes must not be empty. Requests that contain empty values are rejected + // with a ValidationException exception. If you specify any attributes that + // are part of an index key, then the data types for those attributes must + // match those of the schema in the table's attribute definition. // // RequestItems is a required field RequestItems map[string][]*WriteRequest `min:"1" type:"map" required:"true"` @@ -7182,7 +7314,7 @@ type CreateGlobalTableInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // The regions where the global table needs to be created. + // The Regions where the global table needs to be created. // // ReplicationGroup is a required field ReplicationGroup []*Replica `type:"list" required:"true"` @@ -7324,7 +7456,7 @@ type CreateTableInput struct { // specification is composed of: ProjectionType - One of the following: KEYS_ONLY // - Only the index and primary keys are projected into the index. INCLUDE // - Only the specified table attributes are projected into the index. The - // list of projected attributes are in NonKeyAttributes. ALL - All of the + // list of projected attributes is in NonKeyAttributes. ALL - All of the // table attributes are projected into the index. NonKeyAttributes - A list // of one or more non-key attribute names that are projected into the secondary // index. The total count of attributes provided in NonKeyAttributes, summed @@ -7349,7 +7481,7 @@ type CreateTableInput struct { // key RANGE - sort key // // The partition key of an item is also known as its hash attribute. The term - // "hash attribute" derives from DynamoDB' usage of an internal hash function + // "hash attribute" derives from the DynamoDB usage of an internal hash function // to evenly distribute data items across partitions, based on their partition // key values. // @@ -7364,7 +7496,7 @@ type CreateTableInput struct { // exactly two elements, in this order: The first element must have a KeyType // of HASH, and the second element must have a KeyType of RANGE. // - // For more information, see Specifying the Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key) + // For more information, see Working with Tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key) // in the Amazon DynamoDB Developer Guide. // // KeySchema is a required field @@ -7389,7 +7521,7 @@ type CreateTableInput struct { // specification is composed of: ProjectionType - One of the following: KEYS_ONLY // - Only the index and primary keys are projected into the index. INCLUDE // - Only the specified table attributes are projected into the index. The - // list of projected attributes are in NonKeyAttributes. ALL - All of the + // list of projected attributes is in NonKeyAttributes. ALL - All of the // table attributes are projected into the index. NonKeyAttributes - A list // of one or more non-key attribute names that are projected into the secondary // index. The total count of attributes provided in NonKeyAttributes, summed @@ -7414,8 +7546,8 @@ type CreateTableInput struct { // The settings for DynamoDB Streams on the table. These settings consist of: // - // * StreamEnabled - Indicates whether Streams is to be enabled (true) or - // disabled (false). + // * StreamEnabled - Indicates whether DynamoDB Streams is to be enabled + // (true) or disabled (false). // // * StreamViewType - When an item in the table is modified, StreamViewType // determines what information is written to the table's stream. Valid values @@ -7828,7 +7960,7 @@ type DeleteItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information about condition expressions, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -7875,7 +8007,7 @@ type DeleteItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -7897,7 +8029,7 @@ type DeleteItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -8054,7 +8186,7 @@ type DeleteItemOutput struct { // includes the total provisioned throughput consumed, along with statistics // for the table and any indexes involved in the operation. ConsumedCapacity // is only returned if the ReturnConsumedCapacity parameter was specified. For - // more information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // more information, see Provisioned Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -8243,7 +8375,7 @@ func (s *DeleteTableOutput) SetTableDescription(v *TableDescription) *DeleteTabl type DescribeBackupInput struct { _ struct{} `type:"structure"` - // The ARN associated with the backup. + // The Amazon Resource Name (ARN) associated with the backup. // // BackupArn is a required field BackupArn *string `min:"37" type:"string" required:"true"` @@ -8520,7 +8652,7 @@ type DescribeGlobalTableSettingsOutput struct { // The name of the global table. GlobalTableName *string `min:"3" type:"string"` - // The region specific settings for the global table. + // The Region-specific settings for the global table. ReplicaSettings []*ReplicaSettingsDescription `type:"list"` } @@ -8566,20 +8698,20 @@ type DescribeLimitsOutput struct { _ struct{} `type:"structure"` // The maximum total read capacity units that your account allows you to provision - // across all of your tables in this region. + // across all of your tables in this Region. AccountMaxReadCapacityUnits *int64 `min:"1" type:"long"` // The maximum total write capacity units that your account allows you to provision - // across all of your tables in this region. + // across all of your tables in this Region. AccountMaxWriteCapacityUnits *int64 `min:"1" type:"long"` // The maximum read capacity units that your account allows you to provision - // for a new table that you are creating in this region, including the read + // for a new table that you are creating in this Region, including the read // capacity units provisioned for its global secondary indexes (GSIs). TableMaxReadCapacityUnits *int64 `min:"1" type:"long"` // The maximum write capacity units that your account allows you to provision - // for a new table that you are creating in this region, including the write + // for a new table that you are creating in this Region, including the write // capacity units provisioned for its global secondary indexes (GSIs). TableMaxWriteCapacityUnits *int64 `min:"1" type:"long"` } @@ -9132,7 +9264,7 @@ type GetItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -9152,11 +9284,11 @@ type GetItemInput struct { // These attributes can include scalars, sets, or elements of a JSON document. // The attributes in the expression must be separated by commas. // - // If no attribute names are specified, then all attributes will be returned. - // If any of the requested attributes are not found, they will not appear in - // the result. + // If no attribute names are specified, then all attributes are returned. If + // any of the requested attributes are not found, they do not appear in the + // result. // - // For more information, see Accessing Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information, see Specifying Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ProjectionExpression *string `type:"string"` @@ -9263,7 +9395,7 @@ type GetItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -10177,10 +10309,10 @@ type ListBackupsInput struct { // * ALL - All types of on-demand backups (USER and SYSTEM). BackupType *string `type:"string" enum:"BackupTypeFilter"` - // LastEvaluatedBackupArn is the ARN of the backup last evaluated when the current - // page of results was returned, inclusive of the current page of results. This - // value may be specified as the ExclusiveStartBackupArn of a new ListBackups - // operation in order to fetch the next page of results. + // LastEvaluatedBackupArn is the Amazon Resource Name (ARN) of the backup last + // evaluated when the current page of results was returned, inclusive of the + // current page of results. This value may be specified as the ExclusiveStartBackupArn + // of a new ListBackups operation in order to fetch the next page of results. ExclusiveStartBackupArn *string `min:"37" type:"string"` // Maximum number of backups to return at once. @@ -10276,9 +10408,9 @@ type ListBackupsOutput struct { // If LastEvaluatedBackupArn is empty, then the last page of results has been // processed and there are no more results to be retrieved. // - // If LastEvaluatedBackupArn is not empty, this may or may not indicate there - // is more data to be returned. All results are guaranteed to have been returned - // if and only if no value for LastEvaluatedBackupArn is returned. + // If LastEvaluatedBackupArn is not empty, this may or may not indicate that + // there is more data to be returned. All results are guaranteed to have been + // returned if and only if no value for LastEvaluatedBackupArn is returned. LastEvaluatedBackupArn *string `min:"37" type:"string"` } @@ -10313,7 +10445,7 @@ type ListGlobalTablesInput struct { // The maximum number of table names to return. Limit *int64 `min:"1" type:"integer"` - // Lists the global tables in a specific region. + // Lists the global tables in a specific Region. RegionName *string `type:"string"` } @@ -11232,7 +11364,7 @@ type PutItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information on condition expressions, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -11279,7 +11411,7 @@ type PutItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -11301,7 +11433,7 @@ type PutItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -11319,7 +11451,7 @@ type PutItemInput struct { // types for those attributes must match those of the schema in the table's // attribute definition. // - // For more information about primary keys, see Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html#DataModelPrimaryKey) + // For more information about primary keys, see Primary Key (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.PrimaryKey) // in the Amazon DynamoDB Developer Guide. // // Each element in the Item map is an AttributeValue object. @@ -11470,7 +11602,7 @@ type PutItemOutput struct { // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only // returned if the ReturnConsumedCapacity parameter was specified. For more - // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // information, see Read/Write Capacity Mode (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -11579,7 +11711,7 @@ type QueryInput struct { // The primary key of the first item that this operation will evaluate. Use // the value that was returned for LastEvaluatedKey in the previous operation. // - // The data type for ExclusiveStartKey must be String, Number or Binary. No + // The data type for ExclusiveStartKey must be String, Number, or Binary. No // set data types are allowed. ExclusiveStartKey map[string]*AttributeValue `type:"map"` @@ -11615,7 +11747,7 @@ type QueryInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -11661,7 +11793,7 @@ type QueryInput struct { // parameter, you must also provide TableName. IndexName *string `min:"3" type:"string"` - // The condition that specifies the key value(s) for items to be retrieved by + // The condition that specifies the key values for items to be retrieved by // the Query action. // // The condition must perform an equality test on a single partition key value. @@ -11740,7 +11872,7 @@ type QueryInput struct { // items). If DynamoDB processes the number of items up to the limit while processing // the results, it stops the operation and returns the matching values up to // that point, and a key in LastEvaluatedKey to apply in a subsequent operation, - // so that you can pick up where you left off. Also, if the processed data set + // so that you can pick up where you left off. Also, if the processed dataset // size exceeds 1 MB before DynamoDB reaches this limit, it stops the operation // and returns the matching values up to the limit, and a key in LastEvaluatedKey // to apply in a subsequent operation to continue the operation. For more information, @@ -11801,10 +11933,10 @@ type QueryInput struct { // // * ALL_ATTRIBUTES - Returns all of the item attributes from the specified // table or index. If you query a local secondary index, then for each matching - // item in the index DynamoDB will fetch the entire item from the parent - // table. If the index is configured to project all item attributes, then - // all of the data can be obtained from the local secondary index, and no - // fetching is required. + // item in the index, DynamoDB fetches the entire item from the parent table. + // If the index is configured to project all item attributes, then all of + // the data can be obtained from the local secondary index, and no fetching + // is required. // // * ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves // all attributes that have been projected into the index. If the index is @@ -11820,7 +11952,7 @@ type QueryInput struct { // index and request only attributes that are projected into that index, // the operation will read only the index and not the table. If any of the // requested attributes are not projected into the local secondary index, - // DynamoDB will fetch each of these attributes from the parent table. This + // DynamoDB fetches each of these attributes from the parent table. This // extra fetching incurs additional throughput cost and latency. If you query // or scan a global secondary index, you can only request attributes that // are projected into the index. Global secondary index queries cannot fetch @@ -12008,8 +12140,8 @@ type QueryOutput struct { // The capacity units consumed by the Query operation. The data returned includes // the total provisioned throughput consumed, along with statistics for the // table and any indexes involved in the operation. ConsumedCapacity is only - // returned if the ReturnConsumedCapacity parameter was specified For more information, - // see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) + // returned if the ReturnConsumedCapacity parameter was specified. For more + // information, see Provisioned Throughput (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ProvisionedThroughputIntro.html) // in the Amazon DynamoDB Developer Guide. ConsumedCapacity *ConsumedCapacity `type:"structure"` @@ -12605,7 +12737,7 @@ func (s *RestoreSummary) SetSourceTableArn(v string) *RestoreSummary { type RestoreTableFromBackupInput struct { _ struct{} `type:"structure"` - // The ARN associated with the backup. + // The Amazon Resource Name (ARN) associated with the backup. // // BackupArn is a required field BackupArn *string `min:"37" type:"string" required:"true"` @@ -12787,28 +12919,20 @@ func (s *RestoreTableToPointInTimeOutput) SetTableDescription(v *TableDescriptio type SSEDescription struct { _ struct{} `type:"structure"` - // The KMS master key ARN used for the KMS encryption. + // The KMS customer master key (CMK) ARN used for the KMS encryption. KMSMasterKeyArn *string `type:"string"` - // Server-side encryption type: - // - // * AES256 - Server-side encryption which uses the AES256 algorithm (not - // applicable). + // Server-side encryption type. The only supported value is: // // * KMS - Server-side encryption which uses AWS Key Management Service. // Key is stored in your account and is managed by AWS KMS (KMS charges apply). SSEType *string `type:"string" enum:"SSEType"` - // The current state of server-side encryption: - // - // * ENABLING - Server-side encryption is being enabled. + // Represents the current state of server-side encryption. The only supported + // values are: // // * ENABLED - Server-side encryption is enabled. // - // * DISABLING - Server-side encryption is being disabled. - // - // * DISABLED - Server-side encryption is disabled. - // // * UPDATING - Server-side encryption is being updated. Status *string `type:"string" enum:"SSEStatus"` } @@ -12845,22 +12969,19 @@ func (s *SSEDescription) SetStatus(v string) *SSEDescription { type SSESpecification struct { _ struct{} `type:"structure"` - // Indicates whether server-side encryption is enabled (true) or disabled (false) - // on the table. If enabled (true), server-side encryption type is set to KMS. - // If disabled (false) or not specified, server-side encryption is set to AWS - // owned CMK. + // Indicates whether server-side encryption is done using an AWS managed CMK + // or an AWS owned CMK. If enabled (true), server-side encryption type is set + // to KMS and an AWS managed CMK is used (AWS KMS charges apply). If disabled + // (false) or not specified, server-side encryption is set to AWS owned CMK. Enabled *bool `type:"boolean"` - // The KMS Master Key (CMK) which should be used for the KMS encryption. To - // specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or - // alias ARN. Note that you should only provide this parameter if the key is - // different from the default DynamoDB KMS Master Key alias/aws/dynamodb. + // The KMS Customer Master Key (CMK) which should be used for the KMS encryption. + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. Note that you should only provide this parameter if the key + // is different from the default DynamoDB Customer Master Key alias/aws/dynamodb. KMSMasterKeyId *string `type:"string"` - // Server-side encryption type: - // - // * AES256 - Server-side encryption which uses the AES256 algorithm (not - // applicable). + // Server-side encryption type. The only supported value is: // // * KMS - Server-side encryption which uses AWS Key Management Service. // Key is stored in your account and is managed by AWS KMS (KMS charges apply). @@ -12913,7 +13034,7 @@ type ScanInput struct { // // * If ConsistentRead is false, then the data returned from Scan might not // contain the results from other recently completed write operations (PutItem, - // UpdateItem or DeleteItem). + // UpdateItem, or DeleteItem). // // * If ConsistentRead is true, then all of the write operations that completed // before the Scan began are guaranteed to be contained in the Scan response. @@ -12968,7 +13089,7 @@ type ScanInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes + // For more information on expression attribute names, see Specifying Item Attributes // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -12990,7 +13111,7 @@ type ScanInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -13015,11 +13136,11 @@ type ScanInput struct { // items). If DynamoDB processes the number of items up to the limit while processing // the results, it stops the operation and returns the matching values up to // that point, and a key in LastEvaluatedKey to apply in a subsequent operation, - // so that you can pick up where you left off. Also, if the processed data set + // so that you can pick up where you left off. Also, if the processed dataset // size exceeds 1 MB before DynamoDB reaches this limit, it stops the operation // and returns the matching values up to the limit, and a key in LastEvaluatedKey // to apply in a subsequent operation to continue the operation. For more information, - // see Query and Scan (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScan.html) + // see Working with Queries (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScan.html) // in the Amazon DynamoDB Developer Guide. Limit *int64 `min:"1" type:"integer"` @@ -13031,7 +13152,7 @@ type ScanInput struct { // If any of the requested attributes are not found, they will not appear in // the result. // - // For more information, see Accessing Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information, see Specifying Item Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ProjectionExpression *string `type:"string"` @@ -13079,10 +13200,10 @@ type ScanInput struct { // // * ALL_ATTRIBUTES - Returns all of the item attributes from the specified // table or index. If you query a local secondary index, then for each matching - // item in the index DynamoDB will fetch the entire item from the parent - // table. If the index is configured to project all item attributes, then - // all of the data can be obtained from the local secondary index, and no - // fetching is required. + // item in the index, DynamoDB fetches the entire item from the parent table. + // If the index is configured to project all item attributes, then all of + // the data can be obtained from the local secondary index, and no fetching + // is required. // // * ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves // all attributes that have been projected into the index. If the index is @@ -13096,13 +13217,13 @@ type ScanInput struct { // This return value is equivalent to specifying AttributesToGet without // specifying any value for Select. If you query or scan a local secondary // index and request only attributes that are projected into that index, - // the operation will read only the index and not the table. If any of the - // requested attributes are not projected into the local secondary index, - // DynamoDB will fetch each of these attributes from the parent table. This - // extra fetching incurs additional throughput cost and latency. If you query - // or scan a global secondary index, you can only request attributes that - // are projected into the index. Global secondary index queries cannot fetch - // attributes from the parent table. + // the operation reads only the index and not the table. If any of the requested + // attributes are not projected into the local secondary index, DynamoDB + // fetches each of these attributes from the parent table. This extra fetching + // incurs additional throughput cost and latency. If you query or scan a + // global secondary index, you can only request attributes that are projected + // into the index. Global secondary index queries cannot fetch attributes + // from the parent table. // // If neither Select nor AttributesToGet are specified, DynamoDB defaults to // ALL_ATTRIBUTES when accessing a table, and ALL_PROJECTED_ATTRIBUTES when @@ -13674,7 +13795,7 @@ type TableDescription struct { // // * KeyType - The role of the attribute: HASH - partition key RANGE - sort // key The partition key of an item is also known as its hash attribute. - // The term "hash attribute" derives from DynamoDB' usage of an internal + // The term "hash attribute" derives from DynamoDB's usage of an internal // hash function to evenly distribute data items across partitions, based // on their partition key values. The sort key of an item is also known as // its range attribute. The term "range attribute" derives from the way DynamoDB @@ -13911,9 +14032,9 @@ func (s *TableDescription) SetTableStatus(v string) *TableDescription { type Tag struct { _ struct{} `type:"structure"` - // The key of the tag.Tag keys are case sensitive. Each DynamoDB table can only - // have up to one tag with the same key. If you try to add an existing tag (same - // key), the existing tag value will be updated to the new value. + // The key of the tag. Tag keys are case sensitive. Each DynamoDB table can + // only have up to one tag with the same key. If you try to add an existing + // tag (same key), the existing tag value will be updated to the new value. // // Key is a required field Key *string `min:"1" type:"string" required:"true"` @@ -14049,10 +14170,10 @@ func (s TagResourceOutput) GoString() string { type TimeToLiveDescription struct { _ struct{} `type:"structure"` - // The name of the Time to Live attribute for items in the table. + // The name of the TTL attribute for items in the table. AttributeName *string `min:"1" type:"string"` - // The Time to Live status for the table. + // The TTL status for the table. TimeToLiveStatus *string `type:"string" enum:"TimeToLiveStatus"` } @@ -14078,19 +14199,19 @@ func (s *TimeToLiveDescription) SetTimeToLiveStatus(v string) *TimeToLiveDescrip return s } -// Represents the settings used to enable or disable Time to Live for the specified -// table. +// Represents the settings used to enable or disable Time to Live (TTL) for +// the specified table. type TimeToLiveSpecification struct { _ struct{} `type:"structure"` - // The name of the Time to Live attribute used to store the expiration time - // for items in the table. + // The name of the TTL attribute used to store the expiration time for items + // in the table. // // AttributeName is a required field AttributeName *string `min:"1" type:"string" required:"true"` - // Indicates whether Time To Live is to be enabled (true) or disabled (false) - // on the table. + // Indicates whether TTL is to be enabled (true) or disabled (false) on the + // table. // // Enabled is a required field Enabled *bool `type:"boolean" required:"true"` @@ -14191,7 +14312,7 @@ type TransactGetItemsInput struct { // is valid. ReturnConsumedCapacity *string `type:"string" enum:"ReturnConsumedCapacity"` - // An ordered array of up to 10 TransactGetItem objects, each of which contains + // An ordered array of up to 25 TransactGetItem objects, each of which contains // a Get structure. // // TransactItems is a required field @@ -14255,7 +14376,7 @@ type TransactGetItemsOutput struct { // consumed by the TransactGetItems call in that table. ConsumedCapacity []*ConsumedCapacity `type:"list"` - // An ordered array of up to 10 ItemResponse objects, each of which corresponds + // An ordered array of up to 25 ItemResponse objects, each of which corresponds // to the TransactGetItem object in the same position in the TransactItems array. // Each ItemResponse object contains a Map of the name-value pairs that are // the projected attributes of the requested item. @@ -14379,19 +14500,20 @@ type TransactWriteItemsInput struct { // // Although multiple identical calls using the same client request token produce // the same result on the server (no side effects), the responses to the calls - // may not be the same. If the ReturnConsumedCapacity> parameter is set, then + // might not be the same. If the ReturnConsumedCapacity> parameter is set, then // the initial TransactWriteItems call returns the amount of write capacity - // units consumed in making the changes, and subsequent TransactWriteItems calls - // with the same client token return the amount of read capacity units consumed + // units consumed in making the changes. Subsequent TransactWriteItems calls + // with the same client token return the number of read capacity units consumed // in reading the item. // // A client request token is valid for 10 minutes after the first request that - // uses it completes. After 10 minutes, any request with the same client token - // is treated as a new request. Do not resubmit the same request with the same - // client token for more than 10 minutes or the result may not be idempotent. + // uses it is completed. After 10 minutes, any request with the same client + // token is treated as a new request. Do not resubmit the same request with + // the same client token for more than 10 minutes, or the result might not be + // idempotent. // // If you submit a request with the same client token but a change in other - // parameters within the 10 minute idempotency window, DynamoDB returns an IdempotentParameterMismatch + // parameters within the 10-minute idempotency window, DynamoDB returns an IdempotentParameterMismatch // exception. ClientRequestToken *string `min:"1" type:"string" idempotencyToken:"true"` @@ -14416,10 +14538,10 @@ type TransactWriteItemsInput struct { // NONE (the default), no statistics are returned. ReturnItemCollectionMetrics *string `type:"string" enum:"ReturnItemCollectionMetrics"` - // An ordered array of up to 10 TransactWriteItem objects, each of which contains + // An ordered array of up to 25 TransactWriteItem objects, each of which contains // a ConditionCheck, Put, Update, or Delete object. These can operate on items // in different tables, but the tables must reside in the same AWS account and - // region, and no two of them can operate on the same item. + // Region, and no two of them can operate on the same item. // // TransactItems is a required field TransactItems []*TransactWriteItem `min:"1" type:"list" required:"true"` @@ -14498,7 +14620,7 @@ type TransactWriteItemsOutput struct { // A list of tables that were processed by TransactWriteItems and, for each // table, information about any item collections that were affected by individual - // UpdateItem, PutItem or DeleteItem operations. + // UpdateItem, PutItem, or DeleteItem operations. ItemCollectionMetrics map[string][]*ItemCollectionMetrics `type:"map"` } @@ -14527,14 +14649,14 @@ func (s *TransactWriteItemsOutput) SetItemCollectionMetrics(v map[string][]*Item type UntagResourceInput struct { _ struct{} `type:"structure"` - // The Amazon DyanamoDB resource the tags will be removed from. This value is - // an Amazon Resource Name (ARN). + // The DynamoDB resource that the tags will be removed from. This value is an + // Amazon Resource Name (ARN). // // ResourceArn is a required field ResourceArn *string `min:"1" type:"string" required:"true"` // A list of tag keys. Existing tags of the resource whose keys are members - // of this list will be removed from the Amazon DynamoDB resource. + // of this list will be removed from the DynamoDB resource. // // TagKeys is a required field TagKeys []*string `type:"list" required:"true"` @@ -14864,7 +14986,7 @@ type UpdateGlobalTableInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // A list of regions that should be added or removed from the global table. + // A list of Regions that should be added or removed from the global table. // // ReplicaUpdates is a required field ReplicaUpdates []*ReplicaUpdate `type:"list" required:"true"` @@ -14960,7 +15082,7 @@ type UpdateGlobalTableSettingsInput struct { // GlobalTableName is a required field GlobalTableName *string `min:"3" type:"string" required:"true"` - // AutoScaling settings for managing provisioned write capacity for the global + // Auto scaling settings for managing provisioned write capacity for the global // table. GlobalTableProvisionedWriteCapacityAutoScalingSettingsUpdate *AutoScalingSettingsUpdate `type:"structure"` @@ -14968,7 +15090,7 @@ type UpdateGlobalTableSettingsInput struct { // a ThrottlingException. GlobalTableProvisionedWriteCapacityUnits *int64 `min:"1" type:"long"` - // Represents the settings for a global table in a region that will be modified. + // Represents the settings for a global table in a Region that will be modified. ReplicaSettingsUpdate []*ReplicaSettingsUpdate `min:"1" type:"list"` } @@ -15074,7 +15196,7 @@ type UpdateGlobalTableSettingsOutput struct { // The name of the global table. GlobalTableName *string `min:"3" type:"string"` - // The region specific settings for the global table. + // The Region-specific settings for the global table. ReplicaSettings []*ReplicaSettingsDescription `type:"list"` } @@ -15120,7 +15242,7 @@ type UpdateItemInput struct { // // * Logical operators: AND | OR | NOT // - // For more information on condition expressions, see Specifying Conditions + // For more information about condition expressions, see Specifying Conditions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ConditionExpression *string `type:"string"` @@ -15155,7 +15277,7 @@ type UpdateItemInput struct { // The name of this attribute conflicts with a reserved word, so it cannot be // used directly in an expression. (For the complete list of reserved words, // see Reserved Words (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ReservedWords.html) - // in the Amazon DynamoDB Developer Guide). To work around this, you could specify + // in the Amazon DynamoDB Developer Guide.) To work around this, you could specify // the following for ExpressionAttributeNames: // // * {"#P":"Percentile"} @@ -15167,8 +15289,8 @@ type UpdateItemInput struct { // Tokens that begin with the : character are expression attribute values, which // are placeholders for the actual value at runtime. // - // For more information on expression attribute names, see Accessing Item Attributes - // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) + // For more information about expression attribute names, see Specifying Item + // Attributes (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.AccessingItemAttributes.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeNames map[string]*string `type:"map"` @@ -15189,7 +15311,7 @@ type UpdateItemInput struct { // // ProductStatus IN (:avail, :back, :disc) // - // For more information on expression attribute values, see Specifying Conditions + // For more information on expression attribute values, see Condition Expressions // (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Expressions.SpecifyingConditions.html) // in the Amazon DynamoDB Developer Guide. ExpressionAttributeValues map[string]*AttributeValue `type:"map"` @@ -15257,12 +15379,12 @@ type UpdateItemInput struct { TableName *string `min:"3" type:"string" required:"true"` // An expression that defines one or more attributes to be updated, the action - // to be performed on them, and new value(s) for them. + // to be performed on them, and new values for them. // // The following action values are available for UpdateExpression. // // * SET - Adds one or more attributes and values to an item. If any of these - // attribute already exist, they are replaced by the new values. You can + // attributes already exist, they are replaced by the new values. You can // also use SET to add or subtract from an attribute that is of type Number. // For example: SET myNum = myNum + :val SET supports the following functions: // if_not_exists (path, operand) - if the item does not contain an attribute @@ -15529,9 +15651,9 @@ type UpdateTableInput struct { // Represents the DynamoDB Streams configuration for the table. // - // You will receive a ResourceInUseException if you attempt to enable a stream - // on a table that already has a stream, or if you attempt to disable a stream - // on a table which does not have a stream. + // You receive a ResourceInUseException if you try to enable a stream on a table + // that already has a stream, or if you try to disable a stream on a table that + // doesn't have a stream. StreamSpecification *StreamSpecification `type:"structure"` // The name of the table to be updated. diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go index 5ebc58072846..013e9b1d2a3f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go @@ -3,7 +3,7 @@ AttributeValue Marshaling and Unmarshaling Helpers Utility helpers to marshal and unmarshal AttributeValue to and from Go types can be found in the dynamodbattribute sub package. This package -provides has specialized functions for the common ways of working with +provides specialized functions for the common ways of working with AttributeValues. Such as map[string]*AttributeValue, []*AttributeValue, and directly with *AttributeValue. This is helpful for marshaling Go types for API operations such as PutItem, and unmarshaling Query and Scan APIs' responses. diff --git a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go index 5485db7e4a49..71f3e7d3d532 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go @@ -124,8 +124,8 @@ const ( // "RequestLimitExceeded". // // Throughput exceeds the current throughput limit for your account. Please - // contact AWS Support at AWS Support (https://docs.aws.amazon.com/https:/aws.amazon.com/support) - // to request a limit increase. + // contact AWS Support at AWS Support (https://aws.amazon.com/support) to request + // a limit increase. ErrCodeRequestLimitExceeded = "RequestLimitExceeded" // ErrCodeResourceInUseException for service response error code @@ -165,9 +165,9 @@ const ( // ErrCodeTransactionCanceledException for service response error code // "TransactionCanceledException". // - // The entire transaction request was rejected. + // The entire transaction request was canceled. // - // DynamoDB rejects a TransactWriteItems request under the following circumstances: + // DynamoDB cancels a TransactWriteItems request under the following circumstances: // // * A condition in one of the condition expressions is not met. // @@ -184,9 +184,11 @@ const ( // index (LSI) becomes too large, or a similar validation error occurs because // of changes made by the transaction. // + // * The aggregate size of the items in the transaction exceeds 4 MBs. + // // * There is a user error, such as an invalid data format. // - // DynamoDB rejects a TransactGetItems request under the following circumstances: + // DynamoDB cancels a TransactGetItems request under the following circumstances: // // * There is an ongoing TransactGetItems operation that conflicts with a // concurrent PutItem, UpdateItem, DeleteItem or TransactWriteItems request. @@ -198,7 +200,60 @@ const ( // * There is insufficient provisioned capacity for the transaction to be // completed. // + // * The aggregate size of the items in the transaction exceeds 4 MBs. + // // * There is a user error, such as an invalid data format. + // + // If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons + // property. This property is not set for other languages. Transaction cancellation + // reasons are ordered in the order of requested items, if an item has no error + // it will have NONE code and Null message. + // + // Cancellation reason codes and possible error messages: + // + // * No Errors: Code: NONE Message: null + // + // * Conditional Check Failed: Code: ConditionalCheckFailed Message: The + // conditional request failed. + // + // * Item Collection Size Limit Exceeded: Code: ItemCollectionSizeLimitExceeded + // Message: Collection size exceeded. + // + // * Transaction Conflict: Code: TransactionConflict Message: Transaction + // is ongoing for the item. + // + // * Provisioned Throughput Exceeded: Code: ProvisionedThroughputExceeded + // Messages: The level of configured provisioned throughput for the table + // was exceeded. Consider increasing your provisioning level with the UpdateTable + // API. This Message is received when provisioned throughput is exceeded + // is on a provisioned DynamoDB table. The level of configured provisioned + // throughput for one or more global secondary indexes of the table was exceeded. + // Consider increasing your provisioning level for the under-provisioned + // global secondary indexes with the UpdateTable API. This message is returned + // when provisioned throughput is exceeded is on a provisioned GSI. + // + // * Throttling Error: Code: ThrottlingError Messages: Throughput exceeds + // the current capacity of your table or index. DynamoDB is automatically + // scaling your table or index so please try again shortly. If exceptions + // persist, check if you have a hot key: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html. + // This message is returned when writes get throttled on an On-Demand table + // as DynamoDB is automatically scaling the table. Throughput exceeds the + // current capacity for one or more global secondary indexes. DynamoDB is + // automatically scaling your index so please try again shortly. This message + // is returned when when writes get throttled on an On-Demand GSI as DynamoDB + // is automatically scaling the GSI. + // + // * Validation Error: Code: ValidationError Messages: One or more parameter + // values were invalid. The update expression attempted to update the secondary + // index key beyond allowed size limits. The update expression attempted + // to update the secondary index key to unsupported type. An operand in the + // update expression has an incorrect data type. Item size to update has + // exceeded the maximum allowed size. Number overflow. Attempting to store + // a number with magnitude larger than supported range. Type mismatch for + // attribute to update. Nesting Levels have exceeded supported limits. The + // document path provided in the update expression is invalid for update. + // The provided expression refers to an attribute that does not exist in + // the item. ErrCodeTransactionCanceledException = "TransactionCanceledException" // ErrCodeTransactionConflictException for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index 592939cee050..711fdaadcba8 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -778,7 +778,6 @@ func (c *EC2) AssignPrivateIpAddressesRequest(input *AssignPrivateIpAddressesInp output = &AssignPrivateIpAddressesOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } @@ -1062,7 +1061,7 @@ func (c *EC2) AssociateDhcpOptionsRequest(input *AssociateDhcpOptionsInput) (req // its DHCP lease. You can explicitly renew the lease using the operating system // on the instance. // -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html) +// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1218,7 +1217,7 @@ func (c *EC2) AssociateRouteTableRequest(input *AssociateRouteTableInput) (req * // an association ID, which you need in order to disassociate the route table // from the subnet later. A route table can be associated with multiple subnets. // -// For more information, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1449,7 +1448,7 @@ func (c *EC2) AssociateVpcCidrBlockRequest(input *AssociateVpcCidrBlockInput) (r // IPv6 CIDR block size is fixed at /56. // // For more information about associating CIDR blocks with your VPC and applicable -// restrictions, see VPC and Subnet Sizing (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC_Sizing) +// restrictions, see VPC and Subnet Sizing (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1612,7 +1611,7 @@ func (c *EC2) AttachInternetGatewayRequest(input *AttachInternetGatewayInput) (r // // Attaches an internet gateway to a VPC, enabling connectivity between the // internet and the VPC. For more information about your VPC and internet gateway, -// see the Amazon Virtual Private Cloud User Guide (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/). +// see the Amazon Virtual Private Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1763,15 +1762,12 @@ func (c *EC2) AttachVolumeRequest(input *AttachVolumeInput) (req *request.Reques // Attaches an EBS volume to a running or stopped instance and exposes it to // the instance with the specified device name. // -// Encrypted EBS volumes may only be attached to instances that support Amazon -// EBS encryption. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// Encrypted EBS volumes must be attached to instances that support Amazon EBS +// encryption. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. // -// For a list of supported device names, see Attaching an EBS Volume to an Instance -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html). -// Any device names that aren't reserved for instance store volumes can be used -// for EBS volumes. For more information, see Amazon EC2 Instance Store (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) -// in the Amazon Elastic Compute Cloud User Guide. +// After you attach an EBS volume, you must make it available. For more information, +// see Making an EBS Volume Available For Use (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html). // // If a volume has an AWS Marketplace product code: // @@ -1785,8 +1781,7 @@ func (c *EC2) AttachVolumeRequest(input *AttachVolumeInput) (req *request.Reques // the product. For example, you can't detach a volume from a Windows instance // and attach it to a Linux instance. // -// For more information about EBS volumes, see Attaching Amazon EBS Volumes -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html) +// For more information, see Attaching Amazon EBS Volumes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-attaching-volume.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2020,9 +2015,9 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // [VPC only] Adds the specified egress rules to a security group for use with // a VPC. // -// An outbound rule permits instances to send traffic to the specified destination -// IPv4 or IPv6 CIDR address ranges, or to the specified destination security -// groups for the same VPC. +// An outbound rule permits instances to send traffic to the specified IPv4 +// or IPv6 CIDR address ranges, or to the instances associated with the specified +// destination security groups. // // You specify a protocol for each rule (for example, TCP). For the TCP and // UDP protocols, you must also specify the destination port or port range. @@ -2110,9 +2105,9 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // // Adds the specified ingress rules to a security group. // -// An inbound rule permits instances to receive traffic from the specified destination -// IPv4 or IPv6 CIDR address ranges, or from the specified destination security -// groups. +// An inbound rule permits instances to receive traffic from the specified IPv4 +// or IPv6 CIDR address ranges, or from the instances associated with the specified +// destination security groups. // // You specify a protocol for each rule (for example, TCP). For TCP and UDP, // you must also specify the destination port or port range. For ICMP/ICMPv6, @@ -3140,14 +3135,13 @@ func (c *EC2) CopySnapshotRequest(input *CopySnapshotInput) (req *request.Reques // Copies a point-in-time snapshot of an EBS volume and stores it in Amazon // S3. You can copy the snapshot within the same Region or from one Region to // another. You can use the snapshot to create EBS volumes or Amazon Machine -// Images (AMIs). The snapshot is copied to the regional endpoint that you send -// the HTTP request to. +// Images (AMIs). // // Copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted -// snapshots remain unencrypted, unless the Encrypted flag is specified during -// the snapshot copy operation. By default, encrypted snapshot copies use the -// default AWS Key Management Service (AWS KMS) customer master key (CMK); however, -// you can specify a non-default CMK with the KmsKeyId parameter. +// snapshots remain unencrypted, unless you enable encryption for the snapshot +// copy operation. By default, encrypted snapshot copies use the default AWS +// Key Management Service (AWS KMS) customer master key (CMK); however, you +// can specify a different CMK. // // To copy an encrypted snapshot that has been shared from another account, // you must have permissions for the CMK used to encrypt the snapshot. @@ -3484,7 +3478,7 @@ func (c *EC2) CreateCustomerGatewayRequest(input *CreateCustomerGatewayInput) (r // gateway is the appliance at your end of the VPN connection. (The device on // the AWS side of the VPN connection is the virtual private gateway.) You must // provide the Internet-routable IP address of the customer gateway's external -// interface. The IP address must be static and may be behind a device performing +// interface. The IP address must be static and can be behind a device performing // network address translation (NAT). // // For devices that use Border Gateway Protocol (BGP), you can also provide @@ -3580,7 +3574,7 @@ func (c *EC2) CreateDefaultSubnetRequest(input *CreateDefaultSubnetInput) (req * // Creates a default subnet with a size /20 IPv4 CIDR block in the specified // Availability Zone in your default VPC. You can have only one default subnet // per Availability Zone. For more information, see Creating a Default Subnet -// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html#create-default-subnet) +// (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#create-default-subnet) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3657,7 +3651,7 @@ func (c *EC2) CreateDefaultVpcRequest(input *CreateDefaultVpcInput) (req *reques // // Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet // in each Availability Zone. For more information about the components of a -// default VPC, see Default VPC and Default Subnets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html) +// default VPC, see Default VPC and Default Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) // in the Amazon Virtual Private Cloud User Guide. You cannot specify the components // of the default VPC yourself. // @@ -3750,9 +3744,9 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // * domain-name-servers - The IP addresses of up to four domain name servers, // or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. // If specifying more than one domain name server, specify the IP addresses -// in a single parameter, separated by commas. ITo have your instance to -// receive a custom DNS hostname as specified in domain-name, you must set -// domain-name-servers to a custom DNS server. +// in a single parameter, separated by commas. To have your instance receive +// a custom DNS hostname as specified in domain-name, you must set domain-name-servers +// to a custom DNS server. // // * domain-name - If you're using AmazonProvidedDNS in us-east-1, specify // ec2.internal. If you're using AmazonProvidedDNS in another Region, specify @@ -3778,7 +3772,7 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // only a DNS server that we provide (AmazonProvidedDNS). If you create a set // of options, and if your VPC has an internet gateway, make sure to set the // domain-name-servers option either to AmazonProvidedDNS or to a domain name -// server of your choice. For more information, see DHCP Options Sets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html) +// server of your choice. For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4015,7 +4009,7 @@ func (c *EC2) CreateFlowLogsRequest(input *CreateFlowLogsInput) (req *request.Re // // Flow log data for a monitored network interface is recorded as flow log records, // which are log events consisting of fields that describe the traffic flow. -// For more information, see Flow Log Records (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records) +// For more information, see Flow Log Records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records) // in the Amazon Virtual Private Cloud User Guide. // // When publishing to CloudWatch Logs, flow log records are published to a log @@ -4024,7 +4018,7 @@ func (c *EC2) CreateFlowLogsRequest(input *CreateFlowLogsInput) (req *request.Re // interfaces are published to a single log file object that is stored in the // specified bucket. // -// For more information, see VPC Flow Logs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html) +// For more information, see VPC Flow Logs (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4346,7 +4340,7 @@ func (c *EC2) CreateInternetGatewayRequest(input *CreateInternetGatewayInput) (r // gateway, you attach it to a VPC using AttachInternetGateway. // // For more information about your VPC and internet gateway, see the Amazon -// Virtual Private Cloud User Guide (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/). +// Virtual Private Cloud User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4665,7 +4659,7 @@ func (c *EC2) CreateNatGatewayRequest(input *CreateNatGatewayInput) (req *reques // the IP address range of the subnet. Internet-bound traffic from a private // subnet can be routed to the NAT gateway, therefore enabling instances in // the private subnet to connect to the internet. For more information, see -// NAT Gateways (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html) +// NAT Gateways (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4743,7 +4737,7 @@ func (c *EC2) CreateNetworkAclRequest(input *CreateNetworkAclInput) (req *reques // Creates a network ACL in a VPC. Network ACLs provide an optional layer of // security (in addition to security groups) for the instances in your VPC. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4834,7 +4828,7 @@ func (c *EC2) CreateNetworkAclEntryRequest(input *CreateNetworkAclEntryInput) (r // After you add an entry, you can't modify it; you must either replace it, // or create an entry and delete the old one. // -// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) +// For more information about network ACLs, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5265,7 +5259,7 @@ func (c *EC2) CreateRouteRequest(input *CreateRouteInput) (req *request.Request, // route in the list covers a smaller number of IP addresses and is therefore // more specific, so we use that route to determine where to target the traffic. // -// For more information about route tables, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// For more information about route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5343,7 +5337,7 @@ func (c *EC2) CreateRouteTableRequest(input *CreateRouteTableInput) (req *reques // Creates a route table for the specified VPC. After you create a route table, // you can add routes and associate the table with a subnet. // -// For more information, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5578,6 +5572,83 @@ func (c *EC2) CreateSnapshotWithContext(ctx aws.Context, input *CreateSnapshotIn return out, req.Send() } +const opCreateSnapshots = "CreateSnapshots" + +// CreateSnapshotsRequest generates a "aws/request.Request" representing the +// client's request for the CreateSnapshots operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSnapshots for more information on using the CreateSnapshots +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateSnapshotsRequest method. +// req, resp := client.CreateSnapshotsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSnapshots +func (c *EC2) CreateSnapshotsRequest(input *CreateSnapshotsInput) (req *request.Request, output *CreateSnapshotsOutput) { + op := &request.Operation{ + Name: opCreateSnapshots, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateSnapshotsInput{} + } + + output = &CreateSnapshotsOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSnapshots API operation for Amazon Elastic Compute Cloud. +// +// Creates crash-consistent snapshots of multiple EBS volumes and stores the +// data in S3. Volumes are chosen by specifying an instance. Any attached volumes +// will produce one snapshot each that is crash-consistent across the instance. +// Boot volumes can be excluded by changing the paramaters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateSnapshots for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSnapshots +func (c *EC2) CreateSnapshots(input *CreateSnapshotsInput) (*CreateSnapshotsOutput, error) { + req, out := c.CreateSnapshotsRequest(input) + return out, req.Send() +} + +// CreateSnapshotsWithContext is the same as CreateSnapshots with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSnapshots for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateSnapshotsWithContext(ctx aws.Context, input *CreateSnapshotsInput, opts ...request.Option) (*CreateSnapshotsOutput, error) { + req, out := c.CreateSnapshotsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateSpotDatafeedSubscription = "CreateSpotDatafeedSubscription" // CreateSpotDatafeedSubscriptionRequest generates a "aws/request.Request" representing the @@ -5724,7 +5795,7 @@ func (c *EC2) CreateSubnetRequest(input *CreateSubnetInput) (req *request.Reques // It's therefore possible to have a subnet with no running instances (they're // all stopped), but no remaining IP addresses available. // -// For more information about subnets, see Your VPC and Subnets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) +// For more information about subnets, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5838,6 +5909,333 @@ func (c *EC2) CreateTagsWithContext(ctx aws.Context, input *CreateTagsInput, opt return out, req.Send() } +const opCreateTrafficMirrorFilter = "CreateTrafficMirrorFilter" + +// CreateTrafficMirrorFilterRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrafficMirrorFilter operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrafficMirrorFilter for more information on using the CreateTrafficMirrorFilter +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTrafficMirrorFilterRequest method. +// req, resp := client.CreateTrafficMirrorFilterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilter +func (c *EC2) CreateTrafficMirrorFilterRequest(input *CreateTrafficMirrorFilterInput) (req *request.Request, output *CreateTrafficMirrorFilterOutput) { + op := &request.Operation{ + Name: opCreateTrafficMirrorFilter, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrafficMirrorFilterInput{} + } + + output = &CreateTrafficMirrorFilterOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrafficMirrorFilter API operation for Amazon Elastic Compute Cloud. +// +// Creates a Traffic Mirror filter. +// +// A Traffic Mirror filter is a set of rules that defines the traffic to mirror. +// +// By default, no traffic is mirrored. To mirror traffic, use CreateTrafficMirrorFilterRule +// to add Traffic Mirror rules to the filter. The rules you add define what +// traffic gets mirrored. You can also use ModifyTrafficMirrorFilterNetworkServices +// to mirror supported network services. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTrafficMirrorFilter for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilter +func (c *EC2) CreateTrafficMirrorFilter(input *CreateTrafficMirrorFilterInput) (*CreateTrafficMirrorFilterOutput, error) { + req, out := c.CreateTrafficMirrorFilterRequest(input) + return out, req.Send() +} + +// CreateTrafficMirrorFilterWithContext is the same as CreateTrafficMirrorFilter with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrafficMirrorFilter for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTrafficMirrorFilterWithContext(ctx aws.Context, input *CreateTrafficMirrorFilterInput, opts ...request.Option) (*CreateTrafficMirrorFilterOutput, error) { + req, out := c.CreateTrafficMirrorFilterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTrafficMirrorFilterRule = "CreateTrafficMirrorFilterRule" + +// CreateTrafficMirrorFilterRuleRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrafficMirrorFilterRule operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrafficMirrorFilterRule for more information on using the CreateTrafficMirrorFilterRule +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTrafficMirrorFilterRuleRequest method. +// req, resp := client.CreateTrafficMirrorFilterRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilterRule +func (c *EC2) CreateTrafficMirrorFilterRuleRequest(input *CreateTrafficMirrorFilterRuleInput) (req *request.Request, output *CreateTrafficMirrorFilterRuleOutput) { + op := &request.Operation{ + Name: opCreateTrafficMirrorFilterRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrafficMirrorFilterRuleInput{} + } + + output = &CreateTrafficMirrorFilterRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrafficMirrorFilterRule API operation for Amazon Elastic Compute Cloud. +// +// Creates a Traffic Mirror rule. +// +// A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror. +// +// You need the Traffic Mirror filter ID when you create the rule. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTrafficMirrorFilterRule for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilterRule +func (c *EC2) CreateTrafficMirrorFilterRule(input *CreateTrafficMirrorFilterRuleInput) (*CreateTrafficMirrorFilterRuleOutput, error) { + req, out := c.CreateTrafficMirrorFilterRuleRequest(input) + return out, req.Send() +} + +// CreateTrafficMirrorFilterRuleWithContext is the same as CreateTrafficMirrorFilterRule with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrafficMirrorFilterRule for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTrafficMirrorFilterRuleWithContext(ctx aws.Context, input *CreateTrafficMirrorFilterRuleInput, opts ...request.Option) (*CreateTrafficMirrorFilterRuleOutput, error) { + req, out := c.CreateTrafficMirrorFilterRuleRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTrafficMirrorSession = "CreateTrafficMirrorSession" + +// CreateTrafficMirrorSessionRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrafficMirrorSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrafficMirrorSession for more information on using the CreateTrafficMirrorSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTrafficMirrorSessionRequest method. +// req, resp := client.CreateTrafficMirrorSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorSession +func (c *EC2) CreateTrafficMirrorSessionRequest(input *CreateTrafficMirrorSessionInput) (req *request.Request, output *CreateTrafficMirrorSessionOutput) { + op := &request.Operation{ + Name: opCreateTrafficMirrorSession, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrafficMirrorSessionInput{} + } + + output = &CreateTrafficMirrorSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrafficMirrorSession API operation for Amazon Elastic Compute Cloud. +// +// Creates a Traffic Mirror session. +// +// A Traffic Mirror session actively copies packets from a Traffic Mirror source +// to a Traffic Mirror target. Create a filter, and then assign it to the session +// to define a subset of the traffic to mirror, for example all TCP traffic. +// +// The Traffic Mirror source and the Traffic Mirror target (monitoring appliances) +// can be in the same VPC, or in a different VPC connected via VPC peering or +// a transit gateway. +// +// By default, no traffic is mirrored. Use CreateTrafficMirrorFilter to create +// filter rules that specify the traffic to mirror. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTrafficMirrorSession for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorSession +func (c *EC2) CreateTrafficMirrorSession(input *CreateTrafficMirrorSessionInput) (*CreateTrafficMirrorSessionOutput, error) { + req, out := c.CreateTrafficMirrorSessionRequest(input) + return out, req.Send() +} + +// CreateTrafficMirrorSessionWithContext is the same as CreateTrafficMirrorSession with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrafficMirrorSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTrafficMirrorSessionWithContext(ctx aws.Context, input *CreateTrafficMirrorSessionInput, opts ...request.Option) (*CreateTrafficMirrorSessionOutput, error) { + req, out := c.CreateTrafficMirrorSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTrafficMirrorTarget = "CreateTrafficMirrorTarget" + +// CreateTrafficMirrorTargetRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrafficMirrorTarget operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrafficMirrorTarget for more information on using the CreateTrafficMirrorTarget +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTrafficMirrorTargetRequest method. +// req, resp := client.CreateTrafficMirrorTargetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorTarget +func (c *EC2) CreateTrafficMirrorTargetRequest(input *CreateTrafficMirrorTargetInput) (req *request.Request, output *CreateTrafficMirrorTargetOutput) { + op := &request.Operation{ + Name: opCreateTrafficMirrorTarget, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateTrafficMirrorTargetInput{} + } + + output = &CreateTrafficMirrorTargetOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrafficMirrorTarget API operation for Amazon Elastic Compute Cloud. +// +// Creates a target for your Traffic Mirror session. +// +// A Traffic Mirror target is the destination for mirrored traffic. The Traffic +// Mirror source and the Traffic Mirror target (monitoring appliances) can be +// in the same VPC, or in different VPCs connected via VPC peering or a transit +// gateway. +// +// A Traffic Mirror target can be a network interface, or a Network Load Balancer. +// +// To use the target in a Traffic Mirror session, use CreateTrafficMirrorSession. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateTrafficMirrorTarget for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorTarget +func (c *EC2) CreateTrafficMirrorTarget(input *CreateTrafficMirrorTargetInput) (*CreateTrafficMirrorTargetOutput, error) { + req, out := c.CreateTrafficMirrorTargetRequest(input) + return out, req.Send() +} + +// CreateTrafficMirrorTargetWithContext is the same as CreateTrafficMirrorTarget with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrafficMirrorTarget for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateTrafficMirrorTargetWithContext(ctx aws.Context, input *CreateTrafficMirrorTargetInput, opts ...request.Option) (*CreateTrafficMirrorTargetOutput, error) { + req, out := c.CreateTrafficMirrorTargetRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateTransitGateway = "CreateTransitGateway" // CreateTransitGatewayRequest generates a "aws/request.Request" representing the @@ -6212,10 +6610,10 @@ func (c *EC2) CreateVolumeRequest(input *CreateVolumeInput) (req *request.Reques // Any AWS Marketplace product codes from the snapshot are propagated to the // volume. // -// You can create encrypted volumes with the Encrypted parameter. Encrypted -// volumes may only be attached to instances that support Amazon EBS encryption. -// Volumes that are created from encrypted snapshots are also automatically -// encrypted. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// You can create encrypted volumes. Encrypted volumes must be attached to instances +// that support Amazon EBS encryption. Volumes that are created from encrypted +// snapshots are also automatically encrypted. For more information, see Amazon +// EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. // // You can tag your volumes during creation. For more information, see Tagging @@ -6300,7 +6698,7 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // Creates a VPC with the specified IPv4 CIDR block. The smallest VPC you can // create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 // netmask (65,536 IPv4 addresses). For more information about how large to -// make your VPC, see Your VPC and Subnets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) +// make your VPC, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // You can optionally request an Amazon-provided IPv6 CIDR block for the VPC. @@ -6309,7 +6707,7 @@ func (c *EC2) CreateVpcRequest(input *CreateVpcInput) (req *request.Request, out // // By default, each instance you launch in the VPC has the default DHCP options, // which include only a default DNS server that we provide (AmazonProvidedDNS). -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html) +// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // You can specify the instance tenancy value for the VPC when you create it. @@ -6392,7 +6790,7 @@ func (c *EC2) CreateVpcEndpointRequest(input *CreateVpcEndpointInput) (req *requ // Creates a VPC endpoint for a specified service. An endpoint enables you to // create a private connection between your VPC and the service. The service // may be provided by AWS, an AWS Marketplace partner, or another AWS account. -// For more information, see VPC Endpoints (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) +// For more information, see VPC Endpoints (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) // in the Amazon Virtual Private Cloud User Guide. // // A gateway endpoint serves as a target for a route in your route table for @@ -6565,7 +6963,7 @@ func (c *EC2) CreateVpcEndpointServiceConfigurationRequest(input *CreateVpcEndpo // // To create an endpoint service configuration, you must first create a Network // Load Balancer for your service. For more information, see VPC Endpoint Services -// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/endpoint-service.html) +// (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6647,7 +7045,7 @@ func (c *EC2) CreateVpcPeeringConnectionRequest(input *CreateVpcPeeringConnectio // CIDR blocks. // // Limitations and rules apply to a VPC peering connection. For more information, -// see the limitations (https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/vpc-peering-basics.html#vpc-peering-limitations) +// see the limitations (https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations) // section in the VPC Peering Guide. // // The owner of the accepter VPC must accept the peering request to activate @@ -6730,7 +7128,7 @@ func (c *EC2) CreateVpnConnectionRequest(input *CreateVpnConnectionInput) (req * // CreateVpnConnection API operation for Amazon Elastic Compute Cloud. // // Creates a VPN connection between an existing virtual private gateway and -// a VPN customer gateway. The supported connection types are ipsec.1 and ipsec.2. +// a VPN customer gateway. The supported connection type is ipsec.1. // // The response includes information that you need to give to your network administrator // to configure your customer gateway. @@ -8858,6 +9256,308 @@ func (c *EC2) DeleteTagsWithContext(ctx aws.Context, input *DeleteTagsInput, opt return out, req.Send() } +const opDeleteTrafficMirrorFilter = "DeleteTrafficMirrorFilter" + +// DeleteTrafficMirrorFilterRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrafficMirrorFilter operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrafficMirrorFilter for more information on using the DeleteTrafficMirrorFilter +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTrafficMirrorFilterRequest method. +// req, resp := client.DeleteTrafficMirrorFilterRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorFilter +func (c *EC2) DeleteTrafficMirrorFilterRequest(input *DeleteTrafficMirrorFilterInput) (req *request.Request, output *DeleteTrafficMirrorFilterOutput) { + op := &request.Operation{ + Name: opDeleteTrafficMirrorFilter, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrafficMirrorFilterInput{} + } + + output = &DeleteTrafficMirrorFilterOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTrafficMirrorFilter API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Traffic Mirror filter. +// +// You cannot delete a Traffic Mirror filter that is in use by a Traffic Mirror +// session. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTrafficMirrorFilter for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorFilter +func (c *EC2) DeleteTrafficMirrorFilter(input *DeleteTrafficMirrorFilterInput) (*DeleteTrafficMirrorFilterOutput, error) { + req, out := c.DeleteTrafficMirrorFilterRequest(input) + return out, req.Send() +} + +// DeleteTrafficMirrorFilterWithContext is the same as DeleteTrafficMirrorFilter with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrafficMirrorFilter for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTrafficMirrorFilterWithContext(ctx aws.Context, input *DeleteTrafficMirrorFilterInput, opts ...request.Option) (*DeleteTrafficMirrorFilterOutput, error) { + req, out := c.DeleteTrafficMirrorFilterRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTrafficMirrorFilterRule = "DeleteTrafficMirrorFilterRule" + +// DeleteTrafficMirrorFilterRuleRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrafficMirrorFilterRule operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrafficMirrorFilterRule for more information on using the DeleteTrafficMirrorFilterRule +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTrafficMirrorFilterRuleRequest method. +// req, resp := client.DeleteTrafficMirrorFilterRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorFilterRule +func (c *EC2) DeleteTrafficMirrorFilterRuleRequest(input *DeleteTrafficMirrorFilterRuleInput) (req *request.Request, output *DeleteTrafficMirrorFilterRuleOutput) { + op := &request.Operation{ + Name: opDeleteTrafficMirrorFilterRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrafficMirrorFilterRuleInput{} + } + + output = &DeleteTrafficMirrorFilterRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTrafficMirrorFilterRule API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Traffic Mirror rule. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTrafficMirrorFilterRule for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorFilterRule +func (c *EC2) DeleteTrafficMirrorFilterRule(input *DeleteTrafficMirrorFilterRuleInput) (*DeleteTrafficMirrorFilterRuleOutput, error) { + req, out := c.DeleteTrafficMirrorFilterRuleRequest(input) + return out, req.Send() +} + +// DeleteTrafficMirrorFilterRuleWithContext is the same as DeleteTrafficMirrorFilterRule with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrafficMirrorFilterRule for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTrafficMirrorFilterRuleWithContext(ctx aws.Context, input *DeleteTrafficMirrorFilterRuleInput, opts ...request.Option) (*DeleteTrafficMirrorFilterRuleOutput, error) { + req, out := c.DeleteTrafficMirrorFilterRuleRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTrafficMirrorSession = "DeleteTrafficMirrorSession" + +// DeleteTrafficMirrorSessionRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrafficMirrorSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrafficMirrorSession for more information on using the DeleteTrafficMirrorSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTrafficMirrorSessionRequest method. +// req, resp := client.DeleteTrafficMirrorSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorSession +func (c *EC2) DeleteTrafficMirrorSessionRequest(input *DeleteTrafficMirrorSessionInput) (req *request.Request, output *DeleteTrafficMirrorSessionOutput) { + op := &request.Operation{ + Name: opDeleteTrafficMirrorSession, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrafficMirrorSessionInput{} + } + + output = &DeleteTrafficMirrorSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTrafficMirrorSession API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Traffic Mirror session. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTrafficMirrorSession for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorSession +func (c *EC2) DeleteTrafficMirrorSession(input *DeleteTrafficMirrorSessionInput) (*DeleteTrafficMirrorSessionOutput, error) { + req, out := c.DeleteTrafficMirrorSessionRequest(input) + return out, req.Send() +} + +// DeleteTrafficMirrorSessionWithContext is the same as DeleteTrafficMirrorSession with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrafficMirrorSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTrafficMirrorSessionWithContext(ctx aws.Context, input *DeleteTrafficMirrorSessionInput, opts ...request.Option) (*DeleteTrafficMirrorSessionOutput, error) { + req, out := c.DeleteTrafficMirrorSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTrafficMirrorTarget = "DeleteTrafficMirrorTarget" + +// DeleteTrafficMirrorTargetRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrafficMirrorTarget operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrafficMirrorTarget for more information on using the DeleteTrafficMirrorTarget +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTrafficMirrorTargetRequest method. +// req, resp := client.DeleteTrafficMirrorTargetRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorTarget +func (c *EC2) DeleteTrafficMirrorTargetRequest(input *DeleteTrafficMirrorTargetInput) (req *request.Request, output *DeleteTrafficMirrorTargetOutput) { + op := &request.Operation{ + Name: opDeleteTrafficMirrorTarget, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTrafficMirrorTargetInput{} + } + + output = &DeleteTrafficMirrorTargetOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTrafficMirrorTarget API operation for Amazon Elastic Compute Cloud. +// +// Deletes the specified Traffic Mirror target. +// +// You cannot delete a Traffic Mirror target that is in use by a Traffic Mirror +// session. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DeleteTrafficMirrorTarget for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DeleteTrafficMirrorTarget +func (c *EC2) DeleteTrafficMirrorTarget(input *DeleteTrafficMirrorTargetInput) (*DeleteTrafficMirrorTargetOutput, error) { + req, out := c.DeleteTrafficMirrorTargetRequest(input) + return out, req.Send() +} + +// DeleteTrafficMirrorTargetWithContext is the same as DeleteTrafficMirrorTarget with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrafficMirrorTarget for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DeleteTrafficMirrorTargetWithContext(ctx aws.Context, input *DeleteTrafficMirrorTargetInput, opts ...request.Option) (*DeleteTrafficMirrorTargetOutput, error) { + req, out := c.DeleteTrafficMirrorTargetRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTransitGateway = "DeleteTransitGateway" // DeleteTransitGatewayRequest generates a "aws/request.Request" representing the @@ -11698,7 +12398,7 @@ func (c *EC2) DescribeDhcpOptionsRequest(input *DescribeDhcpOptionsInput) (req * // // Describes one or more of your DHCP options sets. // -// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html) +// For more information, see DHCP Options Sets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11985,6 +12685,80 @@ func (c *EC2) DescribeElasticGpusWithContext(ctx aws.Context, input *DescribeEla return out, req.Send() } +const opDescribeExportImageTasks = "DescribeExportImageTasks" + +// DescribeExportImageTasksRequest generates a "aws/request.Request" representing the +// client's request for the DescribeExportImageTasks operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeExportImageTasks for more information on using the DescribeExportImageTasks +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeExportImageTasksRequest method. +// req, resp := client.DescribeExportImageTasksRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeExportImageTasks +func (c *EC2) DescribeExportImageTasksRequest(input *DescribeExportImageTasksInput) (req *request.Request, output *DescribeExportImageTasksOutput) { + op := &request.Operation{ + Name: opDescribeExportImageTasks, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribeExportImageTasksInput{} + } + + output = &DescribeExportImageTasksOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeExportImageTasks API operation for Amazon Elastic Compute Cloud. +// +// Describes the specified export image tasks or all your export image tasks. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeExportImageTasks for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeExportImageTasks +func (c *EC2) DescribeExportImageTasks(input *DescribeExportImageTasksInput) (*DescribeExportImageTasksOutput, error) { + req, out := c.DescribeExportImageTasksRequest(input) + return out, req.Send() +} + +// DescribeExportImageTasksWithContext is the same as DescribeExportImageTasks with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeExportImageTasks for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeExportImageTasksWithContext(ctx aws.Context, input *DescribeExportImageTasksInput, opts ...request.Option) (*DescribeExportImageTasksOutput, error) { + req, out := c.DescribeExportImageTasksRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeExportTasks = "DescribeExportTasks" // DescribeExportTasksRequest generates a "aws/request.Request" representing the @@ -12029,7 +12803,8 @@ func (c *EC2) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req * // DescribeExportTasks API operation for Amazon Elastic Compute Cloud. // -// Describes the specified export tasks or all your export tasks. +// Describes the specified export instance tasks or all your export instance +// tasks. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14241,7 +15016,7 @@ func (c *EC2) DescribeInstancesRequest(input *DescribeInstancesInput) (req *requ // DescribeInstances API operation for Amazon Elastic Compute Cloud. // -// Describes the specified instances or all of your instances. +// Describes the specified instances or all of AWS account's instances. // // If you specify one or more instance IDs, Amazon EC2 returns information for // those instances. If you do not specify instance IDs, Amazon EC2 returns information @@ -15118,7 +15893,7 @@ func (c *EC2) DescribeNetworkAclsRequest(input *DescribeNetworkAclsInput) (req * // // Describes one or more of your network ACLs. // -// For more information, see Network ACLs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -16063,15 +16838,15 @@ func (c *EC2) DescribeRegionsRequest(input *DescribeRegionsInput) (req *request. // DescribeRegions API operation for Amazon Elastic Compute Cloud. // -// Describes the Regions that are currently available to you. The API returns -// a list of all the Regions, including Regions that are disabled for your account. -// For information about enabling Regions for your account, see Enabling and -// Disabling Regions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#manage-account-payment-enable-disable-regions) -// in the AWS Billing and Cost Management User Guide. +// Describes the Regions that are enabled for your account, or all Regions. // // For a list of the Regions supported by Amazon EC2, see Regions and Endpoints // (https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). // +// For information about enabling and disabling Regions for your account, see +// Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) +// in the AWS General Reference. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -16606,7 +17381,7 @@ func (c *EC2) DescribeRouteTablesRequest(input *DescribeRouteTablesInput) (req * // with the main route table. This command does not return the subnet ID for // implicit associations. // -// For more information, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -18252,7 +19027,7 @@ func (c *EC2) DescribeSubnetsRequest(input *DescribeSubnetsInput) (req *request. // // Describes one or more of your subnets. // -// For more information, see Your VPC and Subnets (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html) +// For more information, see Your VPC and Subnets (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -18466,6 +19241,397 @@ func (c *EC2) DescribeTagsPagesWithContext(ctx aws.Context, input *DescribeTagsI return p.Err() } +const opDescribeTrafficMirrorFilters = "DescribeTrafficMirrorFilters" + +// DescribeTrafficMirrorFiltersRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrafficMirrorFilters operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTrafficMirrorFilters for more information on using the DescribeTrafficMirrorFilters +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTrafficMirrorFiltersRequest method. +// req, resp := client.DescribeTrafficMirrorFiltersRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorFilters +func (c *EC2) DescribeTrafficMirrorFiltersRequest(input *DescribeTrafficMirrorFiltersInput) (req *request.Request, output *DescribeTrafficMirrorFiltersOutput) { + op := &request.Operation{ + Name: opDescribeTrafficMirrorFilters, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTrafficMirrorFiltersInput{} + } + + output = &DescribeTrafficMirrorFiltersOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTrafficMirrorFilters API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more Traffic Mirror filters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTrafficMirrorFilters for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorFilters +func (c *EC2) DescribeTrafficMirrorFilters(input *DescribeTrafficMirrorFiltersInput) (*DescribeTrafficMirrorFiltersOutput, error) { + req, out := c.DescribeTrafficMirrorFiltersRequest(input) + return out, req.Send() +} + +// DescribeTrafficMirrorFiltersWithContext is the same as DescribeTrafficMirrorFilters with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTrafficMirrorFilters for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorFiltersWithContext(ctx aws.Context, input *DescribeTrafficMirrorFiltersInput, opts ...request.Option) (*DescribeTrafficMirrorFiltersOutput, error) { + req, out := c.DescribeTrafficMirrorFiltersRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTrafficMirrorFiltersPages iterates over the pages of a DescribeTrafficMirrorFilters operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrafficMirrorFilters method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrafficMirrorFilters operation. +// pageNum := 0 +// err := client.DescribeTrafficMirrorFiltersPages(params, +// func(page *ec2.DescribeTrafficMirrorFiltersOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTrafficMirrorFiltersPages(input *DescribeTrafficMirrorFiltersInput, fn func(*DescribeTrafficMirrorFiltersOutput, bool) bool) error { + return c.DescribeTrafficMirrorFiltersPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTrafficMirrorFiltersPagesWithContext same as DescribeTrafficMirrorFiltersPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorFiltersPagesWithContext(ctx aws.Context, input *DescribeTrafficMirrorFiltersInput, fn func(*DescribeTrafficMirrorFiltersOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrafficMirrorFiltersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrafficMirrorFiltersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*DescribeTrafficMirrorFiltersOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opDescribeTrafficMirrorSessions = "DescribeTrafficMirrorSessions" + +// DescribeTrafficMirrorSessionsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrafficMirrorSessions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTrafficMirrorSessions for more information on using the DescribeTrafficMirrorSessions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTrafficMirrorSessionsRequest method. +// req, resp := client.DescribeTrafficMirrorSessionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorSessions +func (c *EC2) DescribeTrafficMirrorSessionsRequest(input *DescribeTrafficMirrorSessionsInput) (req *request.Request, output *DescribeTrafficMirrorSessionsOutput) { + op := &request.Operation{ + Name: opDescribeTrafficMirrorSessions, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTrafficMirrorSessionsInput{} + } + + output = &DescribeTrafficMirrorSessionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTrafficMirrorSessions API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror +// sessions are described. Alternatively, you can filter the results. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTrafficMirrorSessions for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorSessions +func (c *EC2) DescribeTrafficMirrorSessions(input *DescribeTrafficMirrorSessionsInput) (*DescribeTrafficMirrorSessionsOutput, error) { + req, out := c.DescribeTrafficMirrorSessionsRequest(input) + return out, req.Send() +} + +// DescribeTrafficMirrorSessionsWithContext is the same as DescribeTrafficMirrorSessions with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTrafficMirrorSessions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorSessionsWithContext(ctx aws.Context, input *DescribeTrafficMirrorSessionsInput, opts ...request.Option) (*DescribeTrafficMirrorSessionsOutput, error) { + req, out := c.DescribeTrafficMirrorSessionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTrafficMirrorSessionsPages iterates over the pages of a DescribeTrafficMirrorSessions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrafficMirrorSessions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrafficMirrorSessions operation. +// pageNum := 0 +// err := client.DescribeTrafficMirrorSessionsPages(params, +// func(page *ec2.DescribeTrafficMirrorSessionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTrafficMirrorSessionsPages(input *DescribeTrafficMirrorSessionsInput, fn func(*DescribeTrafficMirrorSessionsOutput, bool) bool) error { + return c.DescribeTrafficMirrorSessionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTrafficMirrorSessionsPagesWithContext same as DescribeTrafficMirrorSessionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorSessionsPagesWithContext(ctx aws.Context, input *DescribeTrafficMirrorSessionsInput, fn func(*DescribeTrafficMirrorSessionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrafficMirrorSessionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrafficMirrorSessionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*DescribeTrafficMirrorSessionsOutput), !p.HasNextPage()) + } + return p.Err() +} + +const opDescribeTrafficMirrorTargets = "DescribeTrafficMirrorTargets" + +// DescribeTrafficMirrorTargetsRequest generates a "aws/request.Request" representing the +// client's request for the DescribeTrafficMirrorTargets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeTrafficMirrorTargets for more information on using the DescribeTrafficMirrorTargets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeTrafficMirrorTargetsRequest method. +// req, resp := client.DescribeTrafficMirrorTargetsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorTargets +func (c *EC2) DescribeTrafficMirrorTargetsRequest(input *DescribeTrafficMirrorTargetsInput) (req *request.Request, output *DescribeTrafficMirrorTargetsOutput) { + op := &request.Operation{ + Name: opDescribeTrafficMirrorTargets, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeTrafficMirrorTargetsInput{} + } + + output = &DescribeTrafficMirrorTargetsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeTrafficMirrorTargets API operation for Amazon Elastic Compute Cloud. +// +// Information about one or more Traffic Mirror targets. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeTrafficMirrorTargets for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeTrafficMirrorTargets +func (c *EC2) DescribeTrafficMirrorTargets(input *DescribeTrafficMirrorTargetsInput) (*DescribeTrafficMirrorTargetsOutput, error) { + req, out := c.DescribeTrafficMirrorTargetsRequest(input) + return out, req.Send() +} + +// DescribeTrafficMirrorTargetsWithContext is the same as DescribeTrafficMirrorTargets with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeTrafficMirrorTargets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorTargetsWithContext(ctx aws.Context, input *DescribeTrafficMirrorTargetsInput, opts ...request.Option) (*DescribeTrafficMirrorTargetsOutput, error) { + req, out := c.DescribeTrafficMirrorTargetsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeTrafficMirrorTargetsPages iterates over the pages of a DescribeTrafficMirrorTargets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeTrafficMirrorTargets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeTrafficMirrorTargets operation. +// pageNum := 0 +// err := client.DescribeTrafficMirrorTargetsPages(params, +// func(page *ec2.DescribeTrafficMirrorTargetsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeTrafficMirrorTargetsPages(input *DescribeTrafficMirrorTargetsInput, fn func(*DescribeTrafficMirrorTargetsOutput, bool) bool) error { + return c.DescribeTrafficMirrorTargetsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeTrafficMirrorTargetsPagesWithContext same as DescribeTrafficMirrorTargetsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeTrafficMirrorTargetsPagesWithContext(ctx aws.Context, input *DescribeTrafficMirrorTargetsInput, fn func(*DescribeTrafficMirrorTargetsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeTrafficMirrorTargetsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeTrafficMirrorTargetsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*DescribeTrafficMirrorTargetsOutput), !p.HasNextPage()) + } + return p.Err() +} + const opDescribeTransitGatewayAttachments = "DescribeTransitGatewayAttachments" // DescribeTransitGatewayAttachmentsRequest generates a "aws/request.Request" representing the @@ -21385,16 +22551,16 @@ func (c *EC2) DisableEbsEncryptionByDefaultRequest(input *DisableEbsEncryptionBy // DisableEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. // -// Disables default encryption for EBS volumes that are created in your account -// in the current region. +// Disables EBS encryption by default for your account in the current Region. // -// Call this API if you have enabled default encryption using EnableEbsEncryptionByDefault -// and want to disable default EBS encryption. Once default EBS encryption is -// disabled, you can still create an encrypted volume by setting encrypted to -// true in the API call that creates the volume. +// After you disable encryption by default, you can still create encrypted volumes +// by enabling encryption when you create each volume. // -// Disabling default EBS encryption will not change the encryption status of -// any of your existing volumes. +// Disabling encryption by default does not change the encryption status of +// your existing volumes. +// +// For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -22020,7 +23186,7 @@ func (c *EC2) DisassociateRouteTableRequest(input *DisassociateRouteTableInput) // // After you perform this action, the subnet no longer uses the routes in the // route table. Instead, it uses the routes in the VPC's main route table. For -// more information about route tables, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// more information about route tables, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -22325,32 +23491,23 @@ func (c *EC2) EnableEbsEncryptionByDefaultRequest(input *EnableEbsEncryptionByDe // EnableEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. // -// Enables default encryption for EBS volumes that are created in your account -// in the current region. +// Enables EBS encryption by default for your account in the current Region. // -// Once encryption is enabled with this action, EBS volumes that are created -// in your account will always be encrypted even if encryption is not specified -// at launch. This setting overrides the encrypted setting to true in all API -// calls that create EBS volumes in your account. A volume will be encrypted -// even if you specify encryption to be false in the API call that creates the -// volume. -// -// If you do not specify a customer master key (CMK) in the API call that creates -// the EBS volume, then the volume is encrypted to your AWS account's default -// CMK. +// After you enable encryption by default, the EBS volumes that you create are +// are always encrypted, either using the default CMK or the CMK that you specified +// when you created each volume. For more information, see Amazon EBS Encryption +// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // -// You can specify a default CMK of your choice using ModifyEbsDefaultKmsKeyId. +// You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId +// or ResetEbsDefaultKmsKeyId. // -// Enabling default encryption for EBS volumes has no effect on existing unencrypted -// volumes in your account. Encrypting the data in these requires manual action. -// You can either create an encrypted snapshot of an unencrypted volume, or -// encrypt a copy of an unencrypted snapshot. Any volume restored from an encrypted -// snapshot is also encrypted. For more information, see Amazon EBS Snapshots -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html). +// Enabling encryption by default has no effect on the encryption status of +// your existing volumes. // -// Once EBS encryption by default is enabled, you can no longer launch older-generation -// instance types that do not support encryption. For more information, see -// Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). +// After you enable encryption by default, you can no longer launch instances +// using instance types that do not support encryption. For more information, +// see Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -22919,6 +24076,82 @@ func (c *EC2) ExportClientVpnClientConfigurationWithContext(ctx aws.Context, inp return out, req.Send() } +const opExportImage = "ExportImage" + +// ExportImageRequest generates a "aws/request.Request" representing the +// client's request for the ExportImage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ExportImage for more information on using the ExportImage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ExportImageRequest method. +// req, resp := client.ExportImageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ExportImage +func (c *EC2) ExportImageRequest(input *ExportImageInput) (req *request.Request, output *ExportImageOutput) { + op := &request.Operation{ + Name: opExportImage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ExportImageInput{} + } + + output = &ExportImageOutput{} + req = c.newRequest(op, input, output) + return +} + +// ExportImage API operation for Amazon Elastic Compute Cloud. +// +// Exports an Amazon Machine Image (AMI) to a VM file. For more information, +// see Exporting a VM Directory from an Amazon Machine Image (AMI) (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) +// in the VM Import/Export User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ExportImage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ExportImage +func (c *EC2) ExportImage(input *ExportImageInput) (*ExportImageOutput, error) { + req, out := c.ExportImageRequest(input) + return out, req.Send() +} + +// ExportImageWithContext is the same as ExportImage with the addition of +// the ability to pass a context and additional request options. +// +// See ExportImage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ExportImageWithContext(ctx aws.Context, input *ExportImageInput, opts ...request.Option) (*ExportImageOutput, error) { + req, out := c.ExportImageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opExportTransitGatewayRoutes = "ExportTransitGatewayRoutes" // ExportTransitGatewayRoutesRequest generates a "aws/request.Request" representing the @@ -22995,6 +24228,84 @@ func (c *EC2) ExportTransitGatewayRoutesWithContext(ctx aws.Context, input *Expo return out, req.Send() } +const opGetCapacityReservationUsage = "GetCapacityReservationUsage" + +// GetCapacityReservationUsageRequest generates a "aws/request.Request" representing the +// client's request for the GetCapacityReservationUsage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetCapacityReservationUsage for more information on using the GetCapacityReservationUsage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetCapacityReservationUsageRequest method. +// req, resp := client.GetCapacityReservationUsageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetCapacityReservationUsage +func (c *EC2) GetCapacityReservationUsageRequest(input *GetCapacityReservationUsageInput) (req *request.Request, output *GetCapacityReservationUsageOutput) { + op := &request.Operation{ + Name: opGetCapacityReservationUsage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetCapacityReservationUsageInput{} + } + + output = &GetCapacityReservationUsageOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetCapacityReservationUsage API operation for Amazon Elastic Compute Cloud. +// +// Gets usage information about a Capacity Reservation. If the Capacity Reservation +// is shared, it shows usage information for the Capacity Reservation owner +// and each AWS account that is currently using the shared capacity. If the +// Capacity Reservation is not shared, it shows only the Capacity Reservation +// owner's usage. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetCapacityReservationUsage for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetCapacityReservationUsage +func (c *EC2) GetCapacityReservationUsage(input *GetCapacityReservationUsageInput) (*GetCapacityReservationUsageOutput, error) { + req, out := c.GetCapacityReservationUsageRequest(input) + return out, req.Send() +} + +// GetCapacityReservationUsageWithContext is the same as GetCapacityReservationUsage with the addition of +// the ability to pass a context and additional request options. +// +// See GetCapacityReservationUsage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetCapacityReservationUsageWithContext(ctx aws.Context, input *GetCapacityReservationUsageInput, opts ...request.Option) (*GetCapacityReservationUsageOutput, error) { + req, out := c.GetCapacityReservationUsageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetConsoleOutput = "GetConsoleOutput" // GetConsoleOutputRequest generates a "aws/request.Request" representing the @@ -23205,9 +24516,12 @@ func (c *EC2) GetEbsDefaultKmsKeyIdRequest(input *GetEbsDefaultKmsKeyIdInput) (r // GetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Describes the default customer master key (CMK) that your account uses to -// encrypt EBS volumes if you don’t specify a CMK in the API call. You can -// change this default using ModifyEbsDefaultKmsKeyId. +// Describes the default customer master key (CMK) for EBS encryption by default +// for your account in this Region. You can change the default CMK for encryption +// by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. +// +// For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -23281,8 +24595,11 @@ func (c *EC2) GetEbsEncryptionByDefaultRequest(input *GetEbsEncryptionByDefaultI // GetEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. // -// Describes whether default EBS encryption is enabled for your account in the -// current region. +// Describes whether EBS encryption by default is enabled for your account in +// the current Region. +// +// For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -24695,16 +26012,19 @@ func (c *EC2) ModifyEbsDefaultKmsKeyIdRequest(input *ModifyEbsDefaultKmsKeyIdInp // ModifyEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Changes the default customer master key (CMK) that your account uses to encrypt -// EBS volumes if you don’t specify a CMK in the API call. +// Changes the default customer master key (CMK) for EBS encryption by default +// for your account in this Region. +// +// AWS creates a unique AWS managed CMK in each Region for use with encryption +// by default. If you change the default CMK to a customer managed CMK, it is +// used instead of the AWS managed CMK. To reset the default CMK to the AWS +// managed CMK for EBS, use ResetEbsDefaultKmsKeyId. // -// Your account has an AWS-managed default CMK that is used for encrypting an -// EBS volume when no CMK is specified in the API call that creates the volume. -// By calling this API, you can specify a customer-managed CMK to use in place -// of the AWS-managed default CMK. +// If you delete or disable the customer managed CMK that you specified for +// use with encryption by default, your instances will fail to launch. // -// Note: Deleting or disabling the custom CMK that you have specified to act -// as your default CMK will result in instance-launch failures. +// For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -24780,8 +26100,35 @@ func (c *EC2) ModifyFleetRequest(input *ModifyFleetInput) (req *request.Request, // // Modifies the specified EC2 Fleet. // +// You can only modify an EC2 Fleet request of type maintain. +// // While the EC2 Fleet is being modified, it is in the modifying state. // +// To scale up your EC2 Fleet, increase its target capacity. The EC2 Fleet launches +// the additional Spot Instances according to the allocation strategy for the +// EC2 Fleet request. If the allocation strategy is lowestPrice, the EC2 Fleet +// launches instances using the Spot Instance pool with the lowest price. If +// the allocation strategy is diversified, the EC2 Fleet distributes the instances +// across the Spot Instance pools. If the allocation strategy is capacityOptimized, +// EC2 Fleet launches instances from Spot Instance pools with optimal capacity +// for the number of instances that are launching. +// +// To scale down your EC2 Fleet, decrease its target capacity. First, the EC2 +// Fleet cancels any open requests that exceed the new target capacity. You +// can request that the EC2 Fleet terminate Spot Instances until the size of +// the fleet no longer exceeds the new target capacity. If the allocation strategy +// is lowestPrice, the EC2 Fleet terminates the instances with the highest price +// per unit. If the allocation strategy is capacityOptimized, the EC2 Fleet +// terminates the instances in the Spot Instance pools that have the least available +// Spot Instance capacity. If the allocation strategy is diversified, the EC2 +// Fleet terminates instances across the Spot Instance pools. Alternatively, +// you can request that the EC2 Fleet keep the fleet at its current size, but +// not replace any Spot Instances that are interrupted or that you terminate +// manually. +// +// If you are finished with your EC2 Fleet for now, but will use it again later, +// you can set the target capacity to 0. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -25932,9 +27279,9 @@ func (c *EC2) ModifySnapshotAttributeRequest(input *ModifySnapshotAttributeInput // // Adds or removes permission settings for the specified snapshot. You may add // or remove specified AWS account IDs from a snapshot's list of create volume -// permissions, but you cannot do both in a single API call. If you need to -// both add and remove account IDs for a snapshot, you must use multiple API -// calls. +// permissions, but you cannot do both in a single operation. If you need to +// both add and remove account IDs for a snapshot, you must use multiple operations. +// You can make up to 500 modifications to a snapshot in a single operation. // // Encrypted snapshots and snapshots with AWS Marketplace product codes cannot // be made public. Snapshots encrypted with your default CMK cannot be shared @@ -26025,19 +27372,24 @@ func (c *EC2) ModifySpotFleetRequestRequest(input *ModifySpotFleetRequestInput) // To scale up your Spot Fleet, increase its target capacity. The Spot Fleet // launches the additional Spot Instances according to the allocation strategy // for the Spot Fleet request. If the allocation strategy is lowestPrice, the -// Spot Fleet launches instances using the Spot pool with the lowest price. -// If the allocation strategy is diversified, the Spot Fleet distributes the -// instances across the Spot pools. +// Spot Fleet launches instances using the Spot Instance pool with the lowest +// price. If the allocation strategy is diversified, the Spot Fleet distributes +// the instances across the Spot Instance pools. If the allocation strategy +// is capacityOptimized, Spot Fleet launches instances from Spot Instance pools +// with optimal capacity for the number of instances that are launching. // // To scale down your Spot Fleet, decrease its target capacity. First, the Spot // Fleet cancels any open requests that exceed the new target capacity. You // can request that the Spot Fleet terminate Spot Instances until the size of // the fleet no longer exceeds the new target capacity. If the allocation strategy // is lowestPrice, the Spot Fleet terminates the instances with the highest -// price per unit. If the allocation strategy is diversified, the Spot Fleet -// terminates instances across the Spot pools. Alternatively, you can request -// that the Spot Fleet keep the fleet at its current size, but not replace any -// Spot Instances that are interrupted or that you terminate manually. +// price per unit. If the allocation strategy is capacityOptimized, the Spot +// Fleet terminates the instances in the Spot Instance pools that have the least +// available Spot Instance capacity. If the allocation strategy is diversified, +// the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, +// you can request that the Spot Fleet keep the fleet at its current size, but +// not replace any Spot Instances that are interrupted or that you terminate +// manually. // // If you are finished with your Spot Fleet for now, but will use it again later, // you can set the target capacity to 0. @@ -26145,6 +27497,241 @@ func (c *EC2) ModifySubnetAttributeWithContext(ctx aws.Context, input *ModifySub return out, req.Send() } +const opModifyTrafficMirrorFilterNetworkServices = "ModifyTrafficMirrorFilterNetworkServices" + +// ModifyTrafficMirrorFilterNetworkServicesRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTrafficMirrorFilterNetworkServices operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyTrafficMirrorFilterNetworkServices for more information on using the ModifyTrafficMirrorFilterNetworkServices +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyTrafficMirrorFilterNetworkServicesRequest method. +// req, resp := client.ModifyTrafficMirrorFilterNetworkServicesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorFilterNetworkServices +func (c *EC2) ModifyTrafficMirrorFilterNetworkServicesRequest(input *ModifyTrafficMirrorFilterNetworkServicesInput) (req *request.Request, output *ModifyTrafficMirrorFilterNetworkServicesOutput) { + op := &request.Operation{ + Name: opModifyTrafficMirrorFilterNetworkServices, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyTrafficMirrorFilterNetworkServicesInput{} + } + + output = &ModifyTrafficMirrorFilterNetworkServicesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyTrafficMirrorFilterNetworkServices API operation for Amazon Elastic Compute Cloud. +// +// Allows or restricts mirroring network services. +// +// By default, Amazon DNS network services are not eligible for Traffic Mirror. +// Use AddNetworkServices to add network services to a Traffic Mirror filter. +// When a network service is added to the Traffic Mirror filter, all traffic +// related to that network service will be mirrored. When you no longer want +// to mirror network services, use RemoveNetworkServices to remove the network +// services from the Traffic Mirror filter. +// +// FFor information about filter rule properties, see Network Services (https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html#traffic-mirroring-network-services) +// in the Traffic Mirroring User Guide . +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyTrafficMirrorFilterNetworkServices for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorFilterNetworkServices +func (c *EC2) ModifyTrafficMirrorFilterNetworkServices(input *ModifyTrafficMirrorFilterNetworkServicesInput) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error) { + req, out := c.ModifyTrafficMirrorFilterNetworkServicesRequest(input) + return out, req.Send() +} + +// ModifyTrafficMirrorFilterNetworkServicesWithContext is the same as ModifyTrafficMirrorFilterNetworkServices with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyTrafficMirrorFilterNetworkServices for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyTrafficMirrorFilterNetworkServicesWithContext(ctx aws.Context, input *ModifyTrafficMirrorFilterNetworkServicesInput, opts ...request.Option) (*ModifyTrafficMirrorFilterNetworkServicesOutput, error) { + req, out := c.ModifyTrafficMirrorFilterNetworkServicesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyTrafficMirrorFilterRule = "ModifyTrafficMirrorFilterRule" + +// ModifyTrafficMirrorFilterRuleRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTrafficMirrorFilterRule operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyTrafficMirrorFilterRule for more information on using the ModifyTrafficMirrorFilterRule +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyTrafficMirrorFilterRuleRequest method. +// req, resp := client.ModifyTrafficMirrorFilterRuleRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorFilterRule +func (c *EC2) ModifyTrafficMirrorFilterRuleRequest(input *ModifyTrafficMirrorFilterRuleInput) (req *request.Request, output *ModifyTrafficMirrorFilterRuleOutput) { + op := &request.Operation{ + Name: opModifyTrafficMirrorFilterRule, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyTrafficMirrorFilterRuleInput{} + } + + output = &ModifyTrafficMirrorFilterRuleOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyTrafficMirrorFilterRule API operation for Amazon Elastic Compute Cloud. +// +// Modifies the specified Traffic Mirror rule. +// +// DestinationCidrBlock and SourceCidrBlock must both be an IPv4 range or an +// IPv6 range. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyTrafficMirrorFilterRule for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorFilterRule +func (c *EC2) ModifyTrafficMirrorFilterRule(input *ModifyTrafficMirrorFilterRuleInput) (*ModifyTrafficMirrorFilterRuleOutput, error) { + req, out := c.ModifyTrafficMirrorFilterRuleRequest(input) + return out, req.Send() +} + +// ModifyTrafficMirrorFilterRuleWithContext is the same as ModifyTrafficMirrorFilterRule with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyTrafficMirrorFilterRule for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyTrafficMirrorFilterRuleWithContext(ctx aws.Context, input *ModifyTrafficMirrorFilterRuleInput, opts ...request.Option) (*ModifyTrafficMirrorFilterRuleOutput, error) { + req, out := c.ModifyTrafficMirrorFilterRuleRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyTrafficMirrorSession = "ModifyTrafficMirrorSession" + +// ModifyTrafficMirrorSessionRequest generates a "aws/request.Request" representing the +// client's request for the ModifyTrafficMirrorSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyTrafficMirrorSession for more information on using the ModifyTrafficMirrorSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyTrafficMirrorSessionRequest method. +// req, resp := client.ModifyTrafficMirrorSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorSession +func (c *EC2) ModifyTrafficMirrorSessionRequest(input *ModifyTrafficMirrorSessionInput) (req *request.Request, output *ModifyTrafficMirrorSessionOutput) { + op := &request.Operation{ + Name: opModifyTrafficMirrorSession, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyTrafficMirrorSessionInput{} + } + + output = &ModifyTrafficMirrorSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyTrafficMirrorSession API operation for Amazon Elastic Compute Cloud. +// +// Modifies a Traffic Mirror session. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyTrafficMirrorSession for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyTrafficMirrorSession +func (c *EC2) ModifyTrafficMirrorSession(input *ModifyTrafficMirrorSessionInput) (*ModifyTrafficMirrorSessionOutput, error) { + req, out := c.ModifyTrafficMirrorSessionRequest(input) + return out, req.Send() +} + +// ModifyTrafficMirrorSessionWithContext is the same as ModifyTrafficMirrorSession with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyTrafficMirrorSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyTrafficMirrorSessionWithContext(ctx aws.Context, input *ModifyTrafficMirrorSessionInput, opts ...request.Option) (*ModifyTrafficMirrorSessionOutput, error) { + req, out := c.ModifyTrafficMirrorSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyTransitGatewayVpcAttachment = "ModifyTransitGatewayVpcAttachment" // ModifyTransitGatewayVpcAttachmentRequest generates a "aws/request.Request" representing the @@ -26282,9 +27869,9 @@ func (c *EC2) ModifyVolumeRequest(input *ModifyVolumeInput) (req *request.Reques // You can use CloudWatch Events to check the status of a modification to an // EBS volume. For information about CloudWatch Events, see the Amazon CloudWatch // Events User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). -// You can also track the status of a modification using the DescribeVolumesModifications -// API. For information about tracking status changes using either method, see -// Monitoring Volume Modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#monitoring_mods). +// You can also track the status of a modification using DescribeVolumesModifications. +// For information about tracking status changes using either method, see Monitoring +// Volume Modifications (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html#monitoring_mods). // // With previous-generation instance types, resizing an EBS volume may require // detaching and reattaching the volume or stopping and restarting the instance. @@ -26529,7 +28116,7 @@ func (c *EC2) ModifyVpcEndpointRequest(input *ModifyVpcEndpointInput) (req *requ // // Modifies attributes of a specified VPC endpoint. The attributes that you // can modify depend on the type of VPC endpoint (interface or gateway). For -// more information, see VPC Endpoints (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) +// more information, see VPC Endpoints (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -26757,7 +28344,7 @@ func (c *EC2) ModifyVpcEndpointServicePermissionsRequest(input *ModifyVpcEndpoin // ModifyVpcEndpointServicePermissions API operation for Amazon Elastic Compute Cloud. // -// Modifies the permissions for your VPC endpoint service (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/endpoint-service.html). +// Modifies the permissions for your VPC endpoint service (https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html). // You can add or remove permissions for service consumers (IAM users, IAM roles, // and AWS accounts) to connect to your endpoint service. // @@ -27018,7 +28605,7 @@ func (c *EC2) ModifyVpnConnectionRequest(input *ModifyVpnConnectionInput) (req * // ModifyVpnConnection API operation for Amazon Elastic Compute Cloud. // -// Modifies the target gateway of a AWS Site-to-Site VPN connection. The following +// Modifies the target gateway of an AWS Site-to-Site VPN connection. The following // migration options are available: // // * An existing virtual private gateway to a new virtual private gateway @@ -27087,6 +28674,158 @@ func (c *EC2) ModifyVpnConnectionWithContext(ctx aws.Context, input *ModifyVpnCo return out, req.Send() } +const opModifyVpnTunnelCertificate = "ModifyVpnTunnelCertificate" + +// ModifyVpnTunnelCertificateRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVpnTunnelCertificate operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVpnTunnelCertificate for more information on using the ModifyVpnTunnelCertificate +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyVpnTunnelCertificateRequest method. +// req, resp := client.ModifyVpnTunnelCertificateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelCertificate +func (c *EC2) ModifyVpnTunnelCertificateRequest(input *ModifyVpnTunnelCertificateInput) (req *request.Request, output *ModifyVpnTunnelCertificateOutput) { + op := &request.Operation{ + Name: opModifyVpnTunnelCertificate, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVpnTunnelCertificateInput{} + } + + output = &ModifyVpnTunnelCertificateOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVpnTunnelCertificate API operation for Amazon Elastic Compute Cloud. +// +// Modifies the VPN tunnel endpoint certificate. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVpnTunnelCertificate for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelCertificate +func (c *EC2) ModifyVpnTunnelCertificate(input *ModifyVpnTunnelCertificateInput) (*ModifyVpnTunnelCertificateOutput, error) { + req, out := c.ModifyVpnTunnelCertificateRequest(input) + return out, req.Send() +} + +// ModifyVpnTunnelCertificateWithContext is the same as ModifyVpnTunnelCertificate with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVpnTunnelCertificate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVpnTunnelCertificateWithContext(ctx aws.Context, input *ModifyVpnTunnelCertificateInput, opts ...request.Option) (*ModifyVpnTunnelCertificateOutput, error) { + req, out := c.ModifyVpnTunnelCertificateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opModifyVpnTunnelOptions = "ModifyVpnTunnelOptions" + +// ModifyVpnTunnelOptionsRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVpnTunnelOptions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVpnTunnelOptions for more information on using the ModifyVpnTunnelOptions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyVpnTunnelOptionsRequest method. +// req, resp := client.ModifyVpnTunnelOptionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelOptions +func (c *EC2) ModifyVpnTunnelOptionsRequest(input *ModifyVpnTunnelOptionsInput) (req *request.Request, output *ModifyVpnTunnelOptionsOutput) { + op := &request.Operation{ + Name: opModifyVpnTunnelOptions, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVpnTunnelOptionsInput{} + } + + output = &ModifyVpnTunnelOptionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVpnTunnelOptions API operation for Amazon Elastic Compute Cloud. +// +// Modifies the options for a VPN tunnel in an AWS Site-to-Site VPN connection. +// You can modify multiple options for a tunnel in a single request, but you +// can only modify one tunnel at a time. For more information, see Site-to-Site +// VPN Tunnel Options for Your Site-to-Site VPN Connection (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html) +// in the AWS Site-to-Site VPN User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVpnTunnelOptions for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnTunnelOptions +func (c *EC2) ModifyVpnTunnelOptions(input *ModifyVpnTunnelOptionsInput) (*ModifyVpnTunnelOptionsOutput, error) { + req, out := c.ModifyVpnTunnelOptionsRequest(input) + return out, req.Send() +} + +// ModifyVpnTunnelOptionsWithContext is the same as ModifyVpnTunnelOptions with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVpnTunnelOptions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVpnTunnelOptionsWithContext(ctx aws.Context, input *ModifyVpnTunnelOptionsInput, opts ...request.Option) (*ModifyVpnTunnelOptionsOutput, error) { + req, out := c.ModifyVpnTunnelOptionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opMonitorInstances = "MonitorInstances" // MonitorInstancesRequest generates a "aws/request.Request" representing the @@ -28301,7 +30040,7 @@ func (c *EC2) ReplaceNetworkAclAssociationRequest(input *ReplaceNetworkAclAssoci // // Changes which network ACL a subnet is associated with. By default when you // create a subnet, it's automatically associated with the default network ACL. -// For more information, see Network ACLs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) +// For more information, see Network ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) // in the Amazon Virtual Private Cloud User Guide. // // This is an idempotent operation. @@ -28380,8 +30119,8 @@ func (c *EC2) ReplaceNetworkAclEntryRequest(input *ReplaceNetworkAclEntryInput) // ReplaceNetworkAclEntry API operation for Amazon Elastic Compute Cloud. // // Replaces an entry (rule) in a network ACL. For more information, see Network -// ACLs (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html) -// in the Amazon Virtual Private Cloud User Guide. +// ACLs (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in +// the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -28461,7 +30200,7 @@ func (c *EC2) ReplaceRouteRequest(input *ReplaceRouteInput) (req *request.Reques // instance, NAT gateway, VPC peering connection, network interface, or egress-only // internet gateway. // -// For more information, see Route Tables (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// For more information, see Route Tables (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -28539,7 +30278,7 @@ func (c *EC2) ReplaceRouteTableAssociationRequest(input *ReplaceRouteTableAssoci // Changes the route table associated with a given subnet in a VPC. After the // operation completes, the subnet uses the routes in the new route table it's // associated with. For more information about route tables, see Route Tables -// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html) +// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) // in the Amazon Virtual Private Cloud User Guide. // // You can also use ReplaceRouteTableAssociation to change which table is the @@ -28782,10 +30521,10 @@ func (c *EC2) RequestSpotFleetRequest(input *RequestSpotFleetInput) (req *reques // You can submit a single request that includes multiple launch specifications // that vary by instance type, AMI, Availability Zone, or subnet. // -// By default, the Spot Fleet requests Spot Instances in the Spot pool where -// the price per unit is the lowest. Each launch specification can include its -// own instance weighting that reflects the value of the instance type to your -// application workload. +// By default, the Spot Fleet requests Spot Instances in the Spot Instance pool +// where the price per unit is the lowest. Each launch specification can include +// its own instance weighting that reflects the value of the instance type to +// your application workload. // // Alternatively, you can specify that the Spot Fleet distribute the target // capacity across the Spot pools included in its launch specifications. By @@ -28948,19 +30687,13 @@ func (c *EC2) ResetEbsDefaultKmsKeyIdRequest(input *ResetEbsDefaultKmsKeyIdInput // ResetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. // -// Resets the account's default customer master key (CMK) to the account's AWS-managed -// default CMK. This default CMK is used to encrypt EBS volumes when you have -// enabled EBS encryption by default without specifying a CMK in the API call. -// If you have not enabled encryption by default, then this CMK is used when -// you set the Encrypted parameter to true without specifying a custom CMK in -// the API call. +// Resets the default customer master key (CMK) for EBS encryption for your +// account in this Region to the AWS managed CMK for EBS. // -// Call this API if you have modified the default CMK that is used for encrypting -// your EBS volume using ModifyEbsDefaultKmsKeyId and you want to reset it to -// the AWS-managed default CMK. After resetting, you can continue to provide -// a CMK of your choice in the API call that creates the volume. However, if -// no CMK is specified, your account will encrypt the volume to the AWS-managed -// default CMK. +// After resetting the default CMK to the AWS managed CMK, you can continue +// to encrypt by a customer managed CMK by specifying it when you create the +// volume. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) +// in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -29993,6 +31726,98 @@ func (c *EC2) SearchTransitGatewayRoutesWithContext(ctx aws.Context, input *Sear return out, req.Send() } +const opSendDiagnosticInterrupt = "SendDiagnosticInterrupt" + +// SendDiagnosticInterruptRequest generates a "aws/request.Request" representing the +// client's request for the SendDiagnosticInterrupt operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See SendDiagnosticInterrupt for more information on using the SendDiagnosticInterrupt +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the SendDiagnosticInterruptRequest method. +// req, resp := client.SendDiagnosticInterruptRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SendDiagnosticInterrupt +func (c *EC2) SendDiagnosticInterruptRequest(input *SendDiagnosticInterruptInput) (req *request.Request, output *SendDiagnosticInterruptOutput) { + op := &request.Operation{ + Name: opSendDiagnosticInterrupt, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &SendDiagnosticInterruptInput{} + } + + output = &SendDiagnosticInterruptOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// SendDiagnosticInterrupt API operation for Amazon Elastic Compute Cloud. +// +// Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger +// a kernel panic (on Linux instances), or a blue screen/stop error (on Windows +// instances). For instances based on Intel and AMD processors, the interrupt +// is received as a non-maskable interrupt (NMI). +// +// In general, the operating system crashes and reboots when a kernel panic +// or stop error is triggered. The operating system can also be configured to +// perform diagnostic tasks, such as generating a memory dump file, loading +// a secondary kernel, or obtaining a call trace. +// +// Before sending a diagnostic interrupt to your instance, ensure that its operating +// system is configured to perform the required diagnostic tasks. +// +// For more information about configuring your operating system to generate +// a crash dump when a kernel panic or stop error occurs, see Send a Diagnostic +// Interrupt (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html) +// (Linux instances) or Send a Diagnostic Interrupt (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html) +// (Windows instances). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation SendDiagnosticInterrupt for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SendDiagnosticInterrupt +func (c *EC2) SendDiagnosticInterrupt(input *SendDiagnosticInterruptInput) (*SendDiagnosticInterruptOutput, error) { + req, out := c.SendDiagnosticInterruptRequest(input) + return out, req.Send() +} + +// SendDiagnosticInterruptWithContext is the same as SendDiagnosticInterrupt with the addition of +// the ability to pass a context and additional request options. +// +// See SendDiagnosticInterrupt for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) SendDiagnosticInterruptWithContext(ctx aws.Context, input *SendDiagnosticInterruptInput, opts ...request.Option) (*SendDiagnosticInterruptOutput, error) { + req, out := c.SendDiagnosticInterruptRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opStartInstances = "StartInstances" // StartInstancesRequest generates a "aws/request.Request" representing the @@ -31580,10 +33405,17 @@ type AllocateHostsInput struct { AvailabilityZone *string `locationName:"availabilityZone" type:"string" required:"true"` // Unique, case-sensitive identifier that you provide to ensure the idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html) - // in the Amazon Elastic Compute Cloud User Guide. + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` + // Indicates whether to enable or disable host recovery for the Dedicated Host. + // Host recovery is disabled by default. For more information, see Host Recovery + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // Default: off + HostRecovery *string `type:"string" enum:"HostRecovery"` + // Specifies the instance type for which to configure your Dedicated Hosts. // When you specify the instance type, that is the only instance type that you // can launch onto that host. @@ -31647,6 +33479,12 @@ func (s *AllocateHostsInput) SetClientToken(v string) *AllocateHostsInput { return s } +// SetHostRecovery sets the HostRecovery field's value. +func (s *AllocateHostsInput) SetHostRecovery(v string) *AllocateHostsInput { + s.HostRecovery = &v + return s +} + // SetInstanceType sets the InstanceType field's value. func (s *AllocateHostsInput) SetInstanceType(v string) *AllocateHostsInput { s.InstanceType = &v @@ -31991,6 +33829,12 @@ func (s *AssignPrivateIpAddressesInput) SetSecondaryPrivateIpAddressCount(v int6 type AssignPrivateIpAddressesOutput struct { _ struct{} `type:"structure"` + + // The private IP addresses assigned to the network interface. + AssignedPrivateIpAddresses []*AssignedPrivateIpAddress `locationName:"assignedPrivateIpAddressesSet" locationNameList:"item" type:"list"` + + // The ID of the network interface. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` } // String returns the string representation @@ -32003,6 +33847,42 @@ func (s AssignPrivateIpAddressesOutput) GoString() string { return s.String() } +// SetAssignedPrivateIpAddresses sets the AssignedPrivateIpAddresses field's value. +func (s *AssignPrivateIpAddressesOutput) SetAssignedPrivateIpAddresses(v []*AssignedPrivateIpAddress) *AssignPrivateIpAddressesOutput { + s.AssignedPrivateIpAddresses = v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *AssignPrivateIpAddressesOutput) SetNetworkInterfaceId(v string) *AssignPrivateIpAddressesOutput { + s.NetworkInterfaceId = &v + return s +} + +// Describes the private IP addresses assigned to a network interface. +type AssignedPrivateIpAddress struct { + _ struct{} `type:"structure"` + + // The private IP address assigned to the network interface. + PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` +} + +// String returns the string representation +func (s AssignedPrivateIpAddress) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssignedPrivateIpAddress) GoString() string { + return s.String() +} + +// SetPrivateIpAddress sets the PrivateIpAddress field's value. +func (s *AssignedPrivateIpAddress) SetPrivateIpAddress(v string) *AssignedPrivateIpAddress { + s.PrivateIpAddress = &v + return s +} + type AssociateAddressInput struct { _ struct{} `type:"structure"` @@ -34416,7 +36296,6 @@ func (s *CancelCapacityReservationOutput) SetReturn(v bool) *CancelCapacityReser return s } -// Contains the parameters for CancelConversionTask. type CancelConversionTaskInput struct { _ struct{} `type:"structure"` @@ -34490,7 +36369,6 @@ func (s CancelConversionTaskOutput) GoString() string { return s.String() } -// Contains the parameters for CancelExportTask. type CancelExportTaskInput struct { _ struct{} `type:"structure"` @@ -34543,7 +36421,6 @@ func (s CancelExportTaskOutput) GoString() string { return s.String() } -// Contains the parameters for CancelImportTask. type CancelImportTaskInput struct { _ struct{} `type:"structure"` @@ -34588,7 +36465,6 @@ func (s *CancelImportTaskInput) SetImportTaskId(v string) *CancelImportTaskInput return s } -// Contains the output for CancelImportTask. type CancelImportTaskOutput struct { _ struct{} `type:"structure"` @@ -35015,10 +36891,16 @@ type CapacityReservation struct { // The Availability Zone in which the capacity is reserved. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` + // The Availability Zone ID of the Capacity Reservation. + AvailabilityZoneId *string `locationName:"availabilityZoneId" type:"string"` + // The remaining capacity. Indicates the number of instances that can be launched // in the Capacity Reservation. AvailableInstanceCount *int64 `locationName:"availableInstanceCount" type:"integer"` + // The Amazon Resource Name (ARN) of the Capacity Reservation. + CapacityReservationArn *string `locationName:"capacityReservationArn" type:"string"` + // The ID of the Capacity Reservation. CapacityReservationId *string `locationName:"capacityReservationId" type:"string"` @@ -35073,17 +36955,20 @@ type CapacityReservation struct { // The type of instance for which the Capacity Reservation reserves capacity. InstanceType *string `locationName:"instanceType" type:"string"` + // The ID of the AWS account that owns the Capacity Reservation. + OwnerId *string `locationName:"ownerId" type:"string"` + // The current state of the Capacity Reservation. A Capacity Reservation can // be in one of the following states: // // * active - The Capacity Reservation is active and the capacity is available // for your use. // - // * cancelled - The Capacity Reservation expired automatically at the date + // * expired - The Capacity Reservation expired automatically at the date // and time specified in your request. The reserved capacity is no longer // available for your use. // - // * expired - The Capacity Reservation was manually cancelled. The reserved + // * cancelled - The Capacity Reservation was manually cancelled. The reserved // capacity is no longer available for your use. // // * pending - The Capacity Reservation request was successful but the capacity @@ -35107,7 +36992,8 @@ type CapacityReservation struct { // that is dedicated to a single AWS account. Tenancy *string `locationName:"tenancy" type:"string" enum:"CapacityReservationTenancy"` - // The number of instances for which the Capacity Reservation reserves capacity. + // The total number of instances for which the Capacity Reservation reserves + // capacity. TotalInstanceCount *int64 `locationName:"totalInstanceCount" type:"integer"` } @@ -35127,12 +37013,24 @@ func (s *CapacityReservation) SetAvailabilityZone(v string) *CapacityReservation return s } +// SetAvailabilityZoneId sets the AvailabilityZoneId field's value. +func (s *CapacityReservation) SetAvailabilityZoneId(v string) *CapacityReservation { + s.AvailabilityZoneId = &v + return s +} + // SetAvailableInstanceCount sets the AvailableInstanceCount field's value. func (s *CapacityReservation) SetAvailableInstanceCount(v int64) *CapacityReservation { s.AvailableInstanceCount = &v return s } +// SetCapacityReservationArn sets the CapacityReservationArn field's value. +func (s *CapacityReservation) SetCapacityReservationArn(v string) *CapacityReservation { + s.CapacityReservationArn = &v + return s +} + // SetCapacityReservationId sets the CapacityReservationId field's value. func (s *CapacityReservation) SetCapacityReservationId(v string) *CapacityReservation { s.CapacityReservationId = &v @@ -35187,6 +37085,12 @@ func (s *CapacityReservation) SetInstanceType(v string) *CapacityReservation { return s } +// SetOwnerId sets the OwnerId field's value. +func (s *CapacityReservation) SetOwnerId(v string) *CapacityReservation { + s.OwnerId = &v + return s +} + // SetState sets the State field's value. func (s *CapacityReservation) SetState(v string) *CapacityReservation { s.State = &v @@ -36049,7 +37953,11 @@ type ClientVpnEndpoint struct { // The ARN of the server certificate. ServerCertificateArn *string `locationName:"serverCertificateArn" type:"string"` - // Indicates whether VPN split tunneling is supported. + // Indicates whether split-tunnel is enabled in the AWS Client VPN endpoint. + // + // For information about split-tunnel VPN endpoints, see Split-Tunnel AWS Client + // VPN Endpoint (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html) + // in the AWS Client VPN Administrator Guide. SplitTunnel *bool `locationName:"splitTunnel" type:"boolean"` // The current state of the Client VPN endpoint. @@ -36826,17 +38734,16 @@ type CopyImageInput struct { // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted // flag must also be set. // - // The CMK identifier may be provided in any of the following formats: + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". For example: // - // * Key ID + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // - // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Alias name: alias/ExampleAlias + // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. This action @@ -36986,39 +38893,32 @@ type CopySnapshotInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // Specifies whether the destination snapshot should be encrypted. You can encrypt - // a copy of an unencrypted snapshot, but you cannot use it to create an unencrypted - // copy of an encrypted snapshot. Your default CMK for EBS is used unless you - // specify a non-default AWS Key Management Service (AWS KMS) CMK using KmsKeyId. - // For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) + // To encrypt a copy of an unencrypted snapshot if encryption by default is + // not enabled, enable encryption using this parameter. Otherwise, omit this + // parameter. Encrypted snapshots are encrypted, even if you omit this parameter + // and encryption by default is not enabled. You cannot set this parameter to + // false. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) // in the Amazon Elastic Compute Cloud User Guide. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use when creating the encrypted volume. This parameter is only - // required if you want to use a non-default CMK; if this parameter is not specified, - // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted - // flag must also be set. + // The identifier of the AWS Key Management Service (AWS KMS) customer master + // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, + // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted + // state must be true. // - // The CMK identifier may be provided in any of the following formats: + // You can specify the CMK using any of the following: // - // * Key ID + // * Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the alias - // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias. For example, alias/ExampleAlias. // - // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // * Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // - // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS parses KmsKeyId asynchronously, meaning that the action you call may - // appear to complete even though you provided an invalid identifier. The action - // will eventually fail. + // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, + // alias, or ARN that is not valid, the action can appear to complete, but eventually + // fails. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // When you copy an encrypted source snapshot using the Amazon EC2 Query API, @@ -37186,9 +39086,8 @@ type CpuOptionsRequest struct { // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` - // The number of threads per CPU core. To disable Intel Hyper-Threading Technology - // for the instance, specify a value of 1. Otherwise, specify the default value - // of 2. + // The number of threads per CPU core. To disable multithreading for the instance, + // specify a value of 1. Otherwise, specify the default value of 2. ThreadsPerCore *int64 `type:"integer"` } @@ -37218,9 +39117,10 @@ type CreateCapacityReservationInput struct { _ struct{} `type:"structure"` // The Availability Zone in which to create the Capacity Reservation. - // - // AvailabilityZone is a required field - AvailabilityZone *string `type:"string" required:"true"` + AvailabilityZone *string `type:"string"` + + // The ID of the Availability Zone in which to create the Capacity Reservation. + AvailabilityZoneId *string `type:"string"` // Unique, case-sensitive identifier that you provide to ensure the idempotency // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). @@ -37330,9 +39230,6 @@ func (s CreateCapacityReservationInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateCapacityReservationInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateCapacityReservationInput"} - if s.AvailabilityZone == nil { - invalidParams.Add(request.NewErrParamRequired("AvailabilityZone")) - } if s.InstanceCount == nil { invalidParams.Add(request.NewErrParamRequired("InstanceCount")) } @@ -37355,6 +39252,12 @@ func (s *CreateCapacityReservationInput) SetAvailabilityZone(v string) *CreateCa return s } +// SetAvailabilityZoneId sets the AvailabilityZoneId field's value. +func (s *CreateCapacityReservationInput) SetAvailabilityZoneId(v string) *CreateCapacityReservationInput { + s.AvailabilityZoneId = &v + return s +} + // SetClientToken sets the ClientToken field's value. func (s *CreateCapacityReservationInput) SetClientToken(v string) *CreateCapacityReservationInput { s.ClientToken = &v @@ -37492,8 +39395,7 @@ type CreateClientVpnEndpointInput struct { // Information about the DNS servers to be used for DNS resolution. A Client // VPN endpoint can have up to two DNS servers. If no DNS server is specified, - // the DNS address of the VPC that is to be associated with Client VPN endpoint - // is used as the DNS server. + // the DNS address configured on the device is used for the DNS server. DnsServers []*string `locationNameList:"item" type:"list"` // Checks whether you have the required permissions for the action, without @@ -37508,6 +39410,15 @@ type CreateClientVpnEndpointInput struct { // ServerCertificateArn is a required field ServerCertificateArn *string `type:"string" required:"true"` + // Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint. + // + // By default, split-tunnel on a VPN endpoint is disabled. + // + // For information about split-tunnel VPN endpoints, see Split-Tunnel AWS Client + // VPN Endpoint (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html) + // in the AWS Client VPN Administrator Guide. + SplitTunnel *bool `type:"boolean"` + // The tags to apply to the Client VPN endpoint during creation. TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` @@ -37597,6 +39508,12 @@ func (s *CreateClientVpnEndpointInput) SetServerCertificateArn(v string) *Create return s } +// SetSplitTunnel sets the SplitTunnel field's value. +func (s *CreateClientVpnEndpointInput) SetSplitTunnel(v bool) *CreateClientVpnEndpointInput { + s.SplitTunnel = &v + return s +} + // SetTagSpecifications sets the TagSpecifications field's value. func (s *CreateClientVpnEndpointInput) SetTagSpecifications(v []*TagSpecification) *CreateClientVpnEndpointInput { s.TagSpecifications = v @@ -37792,6 +39709,9 @@ type CreateCustomerGatewayInput struct { // BgpAsn is a required field BgpAsn *int64 `type:"integer" required:"true"` + // The Amazon Resource Name (ARN) for the customer gateway certificate. + CertificateArn *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -37800,9 +39720,7 @@ type CreateCustomerGatewayInput struct { // The Internet-routable IP address for the customer gateway's outside interface. // The address must be static. - // - // PublicIp is a required field - PublicIp *string `locationName:"IpAddress" type:"string" required:"true"` + PublicIp *string `locationName:"IpAddress" type:"string"` // The type of VPN connection that this customer gateway supports (ipsec.1). // @@ -37826,9 +39744,6 @@ func (s *CreateCustomerGatewayInput) Validate() error { if s.BgpAsn == nil { invalidParams.Add(request.NewErrParamRequired("BgpAsn")) } - if s.PublicIp == nil { - invalidParams.Add(request.NewErrParamRequired("PublicIp")) - } if s.Type == nil { invalidParams.Add(request.NewErrParamRequired("Type")) } @@ -37845,6 +39760,12 @@ func (s *CreateCustomerGatewayInput) SetBgpAsn(v int64) *CreateCustomerGatewayIn return s } +// SetCertificateArn sets the CertificateArn field's value. +func (s *CreateCustomerGatewayInput) SetCertificateArn(v string) *CreateCustomerGatewayInput { + s.CertificateArn = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *CreateCustomerGatewayInput) SetDryRun(v bool) *CreateCustomerGatewayInput { s.DryRun = &v @@ -38254,7 +40175,7 @@ type CreateFleetInput struct { // LaunchTemplateConfigs is a required field LaunchTemplateConfigs []*FleetLaunchTemplateConfigRequest `locationNameList:"item" type:"list" required:"true"` - // The allocation strategy of On-Demand Instances in an EC2 Fleet. + // Describes the configuration of On-Demand Instances in an EC2 Fleet. OnDemandOptions *OnDemandOptionsRequest `type:"structure"` // Indicates whether EC2 Fleet should replace unhealthy instances. @@ -38269,8 +40190,7 @@ type CreateFleetInput struct { // For information about tagging after launch, see Tagging Your Resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-resources). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` - // The TotalTargetCapacity, OnDemandTargetCapacity, SpotTargetCapacity, and - // DefaultCapacityType structure. + // The number of units to request. // // TargetCapacitySpecification is a required field TargetCapacitySpecification *TargetCapacitySpecificationRequest `type:"structure" required:"true"` @@ -38847,7 +40767,7 @@ func (s *CreateFpgaImageOutput) SetFpgaImageId(v string) *CreateFpgaImageOutput type CreateImageInput struct { _ struct{} `type:"structure"` - // Tthe block device mappings. This parameter cannot be used to modify the encryption + // The block device mappings. This parameter cannot be used to modify the encryption // status of existing volumes or snapshots. To create an AMI with encrypted // snapshots, use the CopyImage action. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` @@ -38967,7 +40887,6 @@ func (s *CreateImageOutput) SetImageId(v string) *CreateImageOutput { return s } -// Contains the parameters for CreateInstanceExportTask. type CreateInstanceExportTaskInput struct { _ struct{} `type:"structure"` @@ -39034,7 +40953,6 @@ func (s *CreateInstanceExportTaskInput) SetTargetEnvironment(v string) *CreateIn return s } -// Contains the output for CreateInstanceExportTask. type CreateInstanceExportTaskOutput struct { _ struct{} `type:"structure"` @@ -39226,6 +41144,9 @@ type CreateLaunchTemplateInput struct { // LaunchTemplateName is a required field LaunchTemplateName *string `min:"3" type:"string" required:"true"` + // The tags to apply to the launch template during creation. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // A description for the first version of the launch template. VersionDescription *string `type:"string"` } @@ -39288,6 +41209,12 @@ func (s *CreateLaunchTemplateInput) SetLaunchTemplateName(v string) *CreateLaunc return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateLaunchTemplateInput) SetTagSpecifications(v []*TagSpecification) *CreateLaunchTemplateInput { + s.TagSpecifications = v + return s +} + // SetVersionDescription sets the VersionDescription field's value. func (s *CreateLaunchTemplateInput) SetVersionDescription(v string) *CreateLaunchTemplateInput { s.VersionDescription = &v @@ -39347,7 +41274,9 @@ type CreateLaunchTemplateVersionInput struct { // The version number of the launch template version on which to base the new // version. The new version inherits the same launch parameters as the source - // version, except for parameters that you specify in LaunchTemplateData. + // version, except for parameters that you specify in LaunchTemplateData. Snapshots + // applied to the block device mapping are ignored when creating a new version + // unless they are explicitly included. SourceVersion *string `type:"string"` // A description for the version of the launch template. @@ -39810,8 +41739,6 @@ type CreateNetworkInterfaceInput struct { // Indicates the type of network interface. To create an Elastic Fabric Adapter // (EFA), specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) // in the Amazon Elastic Compute Cloud User Guide. - // - // If you are not creating an EFA, specify interface or omit this parameter. InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` // The number of IPv6 addresses to assign to a network interface. Amazon EC2 @@ -40655,6 +42582,105 @@ func (s *CreateSnapshotInput) SetVolumeId(v string) *CreateSnapshotInput { return s } +type CreateSnapshotsInput struct { + _ struct{} `type:"structure"` + + // Copies the tags from the specified volume to corresponding snapshot. + CopyTagsFromSource *string `type:"string" enum:"CopyTagsFromSource"` + + // A description propagated to every snapshot specified by the instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action without actually + // making the request. Provides an error response. If you have the required + // permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The instance to specify which volumes should be included in the snapshots. + // + // InstanceSpecification is a required field + InstanceSpecification *InstanceSpecification `type:"structure" required:"true"` + + // Tags to apply to every snapshot specified by the instance. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateSnapshotsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSnapshotsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSnapshotsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSnapshotsInput"} + if s.InstanceSpecification == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceSpecification")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCopyTagsFromSource sets the CopyTagsFromSource field's value. +func (s *CreateSnapshotsInput) SetCopyTagsFromSource(v string) *CreateSnapshotsInput { + s.CopyTagsFromSource = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateSnapshotsInput) SetDescription(v string) *CreateSnapshotsInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateSnapshotsInput) SetDryRun(v bool) *CreateSnapshotsInput { + s.DryRun = &v + return s +} + +// SetInstanceSpecification sets the InstanceSpecification field's value. +func (s *CreateSnapshotsInput) SetInstanceSpecification(v *InstanceSpecification) *CreateSnapshotsInput { + s.InstanceSpecification = v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateSnapshotsInput) SetTagSpecifications(v []*TagSpecification) *CreateSnapshotsInput { + s.TagSpecifications = v + return s +} + +type CreateSnapshotsOutput struct { + _ struct{} `type:"structure"` + + // List of snapshots. + Snapshots []*SnapshotInfo `locationName:"snapshotSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateSnapshotsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSnapshotsOutput) GoString() string { + return s.String() +} + +// SetSnapshots sets the Snapshots field's value. +func (s *CreateSnapshotsOutput) SetSnapshots(v []*SnapshotInfo) *CreateSnapshotsOutput { + s.Snapshots = v + return s +} + // Contains the parameters for CreateSpotDatafeedSubscription. type CreateSpotDatafeedSubscriptionInput struct { _ struct{} `type:"structure"` @@ -40940,6 +42966,589 @@ func (s CreateTagsOutput) GoString() string { return s.String() } +type CreateTrafficMirrorFilterInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // The description of the Traffic Mirror filter. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The tags to assign to a Traffic Mirror filter. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateTrafficMirrorFilterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorFilterInput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorFilterInput) SetClientToken(v string) *CreateTrafficMirrorFilterInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateTrafficMirrorFilterInput) SetDescription(v string) *CreateTrafficMirrorFilterInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTrafficMirrorFilterInput) SetDryRun(v bool) *CreateTrafficMirrorFilterInput { + s.DryRun = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTrafficMirrorFilterInput) SetTagSpecifications(v []*TagSpecification) *CreateTrafficMirrorFilterInput { + s.TagSpecifications = v + return s +} + +type CreateTrafficMirrorFilterOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the Traffic Mirror filter. + TrafficMirrorFilter *TrafficMirrorFilter `locationName:"trafficMirrorFilter" type:"structure"` +} + +// String returns the string representation +func (s CreateTrafficMirrorFilterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorFilterOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorFilterOutput) SetClientToken(v string) *CreateTrafficMirrorFilterOutput { + s.ClientToken = &v + return s +} + +// SetTrafficMirrorFilter sets the TrafficMirrorFilter field's value. +func (s *CreateTrafficMirrorFilterOutput) SetTrafficMirrorFilter(v *TrafficMirrorFilter) *CreateTrafficMirrorFilterOutput { + s.TrafficMirrorFilter = v + return s +} + +type CreateTrafficMirrorFilterRuleInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // The description of the Traffic Mirror rule. + Description *string `type:"string"` + + // The destination CIDR block to assign to the Traffic Mirror rule. + // + // DestinationCidrBlock is a required field + DestinationCidrBlock *string `type:"string" required:"true"` + + // The destination port range. + DestinationPortRange *TrafficMirrorPortRangeRequest `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The protocol, for example UDP, to assign to the Traffic Mirror rule. + // + // For information about the protocol value, see Protocol Numbers (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) + // on the Internet Assigned Numbers Authority (IANA) website. + Protocol *int64 `type:"integer"` + + // The action to take (accept | reject) on the filtered traffic. + // + // RuleAction is a required field + RuleAction *string `type:"string" required:"true" enum:"TrafficMirrorRuleAction"` + + // The number of the Traffic Mirror rule. This number must be unique for each + // Traffic Mirror rule in a given direction. The rules are processed in ascending + // order by rule number. + // + // RuleNumber is a required field + RuleNumber *int64 `type:"integer" required:"true"` + + // The source CIDR block to assign to the Traffic Mirror rule. + // + // SourceCidrBlock is a required field + SourceCidrBlock *string `type:"string" required:"true"` + + // The source port range. + SourcePortRange *TrafficMirrorPortRangeRequest `type:"structure"` + + // The type of traffic (ingress | egress). + // + // TrafficDirection is a required field + TrafficDirection *string `type:"string" required:"true" enum:"TrafficDirection"` + + // The ID of the filter that this rule is associated with. + // + // TrafficMirrorFilterId is a required field + TrafficMirrorFilterId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s CreateTrafficMirrorFilterRuleInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorFilterRuleInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTrafficMirrorFilterRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTrafficMirrorFilterRuleInput"} + if s.DestinationCidrBlock == nil { + invalidParams.Add(request.NewErrParamRequired("DestinationCidrBlock")) + } + if s.RuleAction == nil { + invalidParams.Add(request.NewErrParamRequired("RuleAction")) + } + if s.RuleNumber == nil { + invalidParams.Add(request.NewErrParamRequired("RuleNumber")) + } + if s.SourceCidrBlock == nil { + invalidParams.Add(request.NewErrParamRequired("SourceCidrBlock")) + } + if s.TrafficDirection == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficDirection")) + } + if s.TrafficMirrorFilterId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetClientToken(v string) *CreateTrafficMirrorFilterRuleInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetDescription(v string) *CreateTrafficMirrorFilterRuleInput { + s.Description = &v + return s +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetDestinationCidrBlock(v string) *CreateTrafficMirrorFilterRuleInput { + s.DestinationCidrBlock = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetDestinationPortRange(v *TrafficMirrorPortRangeRequest) *CreateTrafficMirrorFilterRuleInput { + s.DestinationPortRange = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetDryRun(v bool) *CreateTrafficMirrorFilterRuleInput { + s.DryRun = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetProtocol(v int64) *CreateTrafficMirrorFilterRuleInput { + s.Protocol = &v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetRuleAction(v string) *CreateTrafficMirrorFilterRuleInput { + s.RuleAction = &v + return s +} + +// SetRuleNumber sets the RuleNumber field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetRuleNumber(v int64) *CreateTrafficMirrorFilterRuleInput { + s.RuleNumber = &v + return s +} + +// SetSourceCidrBlock sets the SourceCidrBlock field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetSourceCidrBlock(v string) *CreateTrafficMirrorFilterRuleInput { + s.SourceCidrBlock = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetSourcePortRange(v *TrafficMirrorPortRangeRequest) *CreateTrafficMirrorFilterRuleInput { + s.SourcePortRange = v + return s +} + +// SetTrafficDirection sets the TrafficDirection field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetTrafficDirection(v string) *CreateTrafficMirrorFilterRuleInput { + s.TrafficDirection = &v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *CreateTrafficMirrorFilterRuleInput) SetTrafficMirrorFilterId(v string) *CreateTrafficMirrorFilterRuleInput { + s.TrafficMirrorFilterId = &v + return s +} + +type CreateTrafficMirrorFilterRuleOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // The Traffic Mirror rule. + TrafficMirrorFilterRule *TrafficMirrorFilterRule `locationName:"trafficMirrorFilterRule" type:"structure"` +} + +// String returns the string representation +func (s CreateTrafficMirrorFilterRuleOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorFilterRuleOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorFilterRuleOutput) SetClientToken(v string) *CreateTrafficMirrorFilterRuleOutput { + s.ClientToken = &v + return s +} + +// SetTrafficMirrorFilterRule sets the TrafficMirrorFilterRule field's value. +func (s *CreateTrafficMirrorFilterRuleOutput) SetTrafficMirrorFilterRule(v *TrafficMirrorFilterRule) *CreateTrafficMirrorFilterRuleOutput { + s.TrafficMirrorFilterRule = v + return s +} + +type CreateTrafficMirrorSessionInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // The description of the Traffic Mirror session. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the source network interface. + // + // NetworkInterfaceId is a required field + NetworkInterfaceId *string `type:"string" required:"true"` + + // The number of bytes in each packet to mirror. These are bytes after the VXLAN + // header. Do not specify this parameter when you want to mirror the entire + // packet. To mirror a subset of the packet, set this to the length (in bytes) + // that you want to mirror. For example, if you set this value to 1network0, + // then the first 100 bytes that meet the filter criteria are copied to the + // target. + // + // If you do not want to mirror the entire packet, use the PacketLength parameter + // to specify the number of bytes in each packet to mirror. + PacketLength *int64 `type:"integer"` + + // The session number determines the order in which sessions are evaluated when + // an interface is used by multiple sessions. The first session with a matching + // filter is the one that mirrors the packets. + // + // Valid values are 1-32766. + // + // SessionNumber is a required field + SessionNumber *int64 `type:"integer" required:"true"` + + // The tags to assign to a Traffic Mirror session. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + + // The ID of the Traffic Mirror filter. + // + // TrafficMirrorFilterId is a required field + TrafficMirrorFilterId *string `type:"string" required:"true"` + + // The ID of the Traffic Mirror target. + // + // TrafficMirrorTargetId is a required field + TrafficMirrorTargetId *string `type:"string" required:"true"` + + // The VXLAN ID for the Traffic Mirror session. For more information about the + // VXLAN protocol, see RFC 7348 (https://tools.ietf.org/html/rfc7348). If you + // do not specify a VirtualNetworkId, an account-wide unique id is chosen at + // random. + VirtualNetworkId *int64 `type:"integer"` +} + +// String returns the string representation +func (s CreateTrafficMirrorSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTrafficMirrorSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTrafficMirrorSessionInput"} + if s.NetworkInterfaceId == nil { + invalidParams.Add(request.NewErrParamRequired("NetworkInterfaceId")) + } + if s.SessionNumber == nil { + invalidParams.Add(request.NewErrParamRequired("SessionNumber")) + } + if s.TrafficMirrorFilterId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterId")) + } + if s.TrafficMirrorTargetId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorTargetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorSessionInput) SetClientToken(v string) *CreateTrafficMirrorSessionInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateTrafficMirrorSessionInput) SetDescription(v string) *CreateTrafficMirrorSessionInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTrafficMirrorSessionInput) SetDryRun(v bool) *CreateTrafficMirrorSessionInput { + s.DryRun = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *CreateTrafficMirrorSessionInput) SetNetworkInterfaceId(v string) *CreateTrafficMirrorSessionInput { + s.NetworkInterfaceId = &v + return s +} + +// SetPacketLength sets the PacketLength field's value. +func (s *CreateTrafficMirrorSessionInput) SetPacketLength(v int64) *CreateTrafficMirrorSessionInput { + s.PacketLength = &v + return s +} + +// SetSessionNumber sets the SessionNumber field's value. +func (s *CreateTrafficMirrorSessionInput) SetSessionNumber(v int64) *CreateTrafficMirrorSessionInput { + s.SessionNumber = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTrafficMirrorSessionInput) SetTagSpecifications(v []*TagSpecification) *CreateTrafficMirrorSessionInput { + s.TagSpecifications = v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *CreateTrafficMirrorSessionInput) SetTrafficMirrorFilterId(v string) *CreateTrafficMirrorSessionInput { + s.TrafficMirrorFilterId = &v + return s +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *CreateTrafficMirrorSessionInput) SetTrafficMirrorTargetId(v string) *CreateTrafficMirrorSessionInput { + s.TrafficMirrorTargetId = &v + return s +} + +// SetVirtualNetworkId sets the VirtualNetworkId field's value. +func (s *CreateTrafficMirrorSessionInput) SetVirtualNetworkId(v int64) *CreateTrafficMirrorSessionInput { + s.VirtualNetworkId = &v + return s +} + +type CreateTrafficMirrorSessionOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the Traffic Mirror session. + TrafficMirrorSession *TrafficMirrorSession `locationName:"trafficMirrorSession" type:"structure"` +} + +// String returns the string representation +func (s CreateTrafficMirrorSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorSessionOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorSessionOutput) SetClientToken(v string) *CreateTrafficMirrorSessionOutput { + s.ClientToken = &v + return s +} + +// SetTrafficMirrorSession sets the TrafficMirrorSession field's value. +func (s *CreateTrafficMirrorSessionOutput) SetTrafficMirrorSession(v *TrafficMirrorSession) *CreateTrafficMirrorSessionOutput { + s.TrafficMirrorSession = v + return s +} + +type CreateTrafficMirrorTargetInput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + + // The description of the Traffic Mirror target. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The network interface ID that is associated with the target. + NetworkInterfaceId *string `type:"string"` + + // The Amazon Resource Name (ARN) of the Network Load Balancer that is associated + // with the target. + NetworkLoadBalancerArn *string `type:"string"` + + // The tags to assign to the Traffic Mirror target. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateTrafficMirrorTargetInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorTargetInput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorTargetInput) SetClientToken(v string) *CreateTrafficMirrorTargetInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateTrafficMirrorTargetInput) SetDescription(v string) *CreateTrafficMirrorTargetInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateTrafficMirrorTargetInput) SetDryRun(v bool) *CreateTrafficMirrorTargetInput { + s.DryRun = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *CreateTrafficMirrorTargetInput) SetNetworkInterfaceId(v string) *CreateTrafficMirrorTargetInput { + s.NetworkInterfaceId = &v + return s +} + +// SetNetworkLoadBalancerArn sets the NetworkLoadBalancerArn field's value. +func (s *CreateTrafficMirrorTargetInput) SetNetworkLoadBalancerArn(v string) *CreateTrafficMirrorTargetInput { + s.NetworkLoadBalancerArn = &v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateTrafficMirrorTargetInput) SetTagSpecifications(v []*TagSpecification) *CreateTrafficMirrorTargetInput { + s.TagSpecifications = v + return s +} + +type CreateTrafficMirrorTargetOutput struct { + _ struct{} `type:"structure"` + + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `locationName:"clientToken" type:"string"` + + // Information about the Traffic Mirror target. + TrafficMirrorTarget *TrafficMirrorTarget `locationName:"trafficMirrorTarget" type:"structure"` +} + +// String returns the string representation +func (s CreateTrafficMirrorTargetOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateTrafficMirrorTargetOutput) GoString() string { + return s.String() +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateTrafficMirrorTargetOutput) SetClientToken(v string) *CreateTrafficMirrorTargetOutput { + s.ClientToken = &v + return s +} + +// SetTrafficMirrorTarget sets the TrafficMirrorTarget field's value. +func (s *CreateTrafficMirrorTargetOutput) SetTrafficMirrorTarget(v *TrafficMirrorTarget) *CreateTrafficMirrorTargetOutput { + s.TrafficMirrorTarget = v + return s +} + type CreateTransitGatewayInput struct { _ struct{} `type:"structure"` @@ -41374,18 +43983,14 @@ type CreateVolumeInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // Specifies the encryption state of the volume. The default effect of setting - // the Encrypted parameter to true through the console, API, or CLI depends - // on the volume's origin (new or from a snapshot), starting encryption state, - // ownership, and whether account-level encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html) - // is enabled. Each default case can be overridden by specifying a customer - // master key (CMK) with the KmsKeyId parameter in addition to setting Encrypted - // to true. For a complete list of possible encryption cases, see Amazon EBS - // Encryption (AWSEC2/latest/UserGuide/EBSEncryption.htm). - // - // Encrypted Amazon EBS volumes may only be attached to instances that support - // Amazon EBS encryption. For more information, see Supported Instance Types - // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). + // Specifies whether the volume should be encrypted. The effect of setting the + // encryption state to true depends on the volume origin (new or from a snapshot), + // starting encryption state, ownership, and whether encryption by default is + // enabled. For more information, see Encryption by Default (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) + // in the Amazon Elastic Compute Cloud User Guide. + // + // Encrypted Amazon EBS volumes must be attached to instances that support Amazon + // EBS encryption. For more information, see Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). Encrypted *bool `locationName:"encrypted" type:"boolean"` // The number of I/O operations per second (IOPS) to provision for the volume, @@ -41399,31 +44004,24 @@ type CreateVolumeInput struct { // This parameter is valid only for Provisioned IOPS SSD (io1) volumes. Iops *int64 `type:"integer"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use to encrypt the volume. This parameter is only required if - // you want to use a non-default CMK; if this parameter is not specified, the - // default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag - // must also be set. + // The identifier of the AWS Key Management Service (AWS KMS) customer master + // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, + // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted + // state must be true. // - // The CMK identifier may be provided in any of the following formats: + // You can specify the CMK using any of the following: // - // * Key ID + // * Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. // - // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the alias - // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Key alias. For example, alias/ExampleAlias. // - // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // * Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // - // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // AWS parses KmsKeyId asynchronously, meaning that the action you call may - // appear to complete even though you provided an invalid identifier. The action - // will eventually fail. + // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, + // alias, or ARN that is not valid, the action can appear to complete, but eventually + // fails. KmsKeyId *string `type:"string"` // The size of the volume, in GiBs. @@ -41450,10 +44048,7 @@ type CreateVolumeInput struct { // IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard // for Magnetic volumes. // - // Defaults: If no volume type is specified, the default is standard in us-east-1, - // eu-west-1, eu-central-1, us-west-2, us-west-1, sa-east-1, ap-northeast-1, - // ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, us-gov-west-1, - // and cn-north-1. In all other Regions, EBS defaults to gp2. + // Default: gp2 VolumeType *string `type:"string" enum:"VolumeType"` } @@ -42228,7 +44823,7 @@ type CreateVpnConnectionInput struct { // specify a virtual private gateway. TransitGatewayId *string `type:"string"` - // The type of VPN connection (ipsec.1 | ipsec.2). + // The type of VPN connection (ipsec.1). // // Type is a required field Type *string `type:"string" required:"true"` @@ -42561,6 +45156,9 @@ type CustomerGateway struct { // (ASN). BgpAsn *string `locationName:"bgpAsn" type:"string"` + // The Amazon Resource Name (ARN) for the customer gateway certificate. + CertificateArn *string `locationName:"certificateArn" type:"string"` + // The ID of the customer gateway. CustomerGatewayId *string `locationName:"customerGatewayId" type:"string"` @@ -42594,6 +45192,12 @@ func (s *CustomerGateway) SetBgpAsn(v string) *CustomerGateway { return s } +// SetCertificateArn sets the CertificateArn field's value. +func (s *CustomerGateway) SetCertificateArn(v string) *CustomerGateway { + s.CertificateArn = &v + return s +} + // SetCustomerGatewayId sets the CustomerGatewayId field's value. func (s *CustomerGateway) SetCustomerGatewayId(v string) *CustomerGateway { s.CustomerGatewayId = &v @@ -43211,6 +45815,8 @@ type DeleteFlowLogsInput struct { // One or more flow log IDs. // + // Constraint: Maximum of 1000 flow log IDs. + // // FlowLogIds is a required field FlowLogIds []*string `locationName:"FlowLogId" locationNameList:"item" type:"list" required:"true"` } @@ -44645,6 +47251,298 @@ func (s DeleteTagsOutput) GoString() string { return s.String() } +type DeleteTrafficMirrorFilterInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Traffic Mirror filter. + // + // TrafficMirrorFilterId is a required field + TrafficMirrorFilterId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorFilterInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorFilterInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTrafficMirrorFilterInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrafficMirrorFilterInput"} + if s.TrafficMirrorFilterId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTrafficMirrorFilterInput) SetDryRun(v bool) *DeleteTrafficMirrorFilterInput { + s.DryRun = &v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *DeleteTrafficMirrorFilterInput) SetTrafficMirrorFilterId(v string) *DeleteTrafficMirrorFilterInput { + s.TrafficMirrorFilterId = &v + return s +} + +type DeleteTrafficMirrorFilterOutput struct { + _ struct{} `type:"structure"` + + // The ID of the Traffic Mirror filter. + TrafficMirrorFilterId *string `locationName:"trafficMirrorFilterId" type:"string"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorFilterOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorFilterOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *DeleteTrafficMirrorFilterOutput) SetTrafficMirrorFilterId(v string) *DeleteTrafficMirrorFilterOutput { + s.TrafficMirrorFilterId = &v + return s +} + +type DeleteTrafficMirrorFilterRuleInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Traffic Mirror rule. + // + // TrafficMirrorFilterRuleId is a required field + TrafficMirrorFilterRuleId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorFilterRuleInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorFilterRuleInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTrafficMirrorFilterRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrafficMirrorFilterRuleInput"} + if s.TrafficMirrorFilterRuleId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterRuleId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTrafficMirrorFilterRuleInput) SetDryRun(v bool) *DeleteTrafficMirrorFilterRuleInput { + s.DryRun = &v + return s +} + +// SetTrafficMirrorFilterRuleId sets the TrafficMirrorFilterRuleId field's value. +func (s *DeleteTrafficMirrorFilterRuleInput) SetTrafficMirrorFilterRuleId(v string) *DeleteTrafficMirrorFilterRuleInput { + s.TrafficMirrorFilterRuleId = &v + return s +} + +type DeleteTrafficMirrorFilterRuleOutput struct { + _ struct{} `type:"structure"` + + // The ID of the deleted Traffic Mirror rule. + TrafficMirrorFilterRuleId *string `locationName:"trafficMirrorFilterRuleId" type:"string"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorFilterRuleOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorFilterRuleOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorFilterRuleId sets the TrafficMirrorFilterRuleId field's value. +func (s *DeleteTrafficMirrorFilterRuleOutput) SetTrafficMirrorFilterRuleId(v string) *DeleteTrafficMirrorFilterRuleOutput { + s.TrafficMirrorFilterRuleId = &v + return s +} + +type DeleteTrafficMirrorSessionInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Traffic Mirror session. + // + // TrafficMirrorSessionId is a required field + TrafficMirrorSessionId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTrafficMirrorSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrafficMirrorSessionInput"} + if s.TrafficMirrorSessionId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorSessionId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTrafficMirrorSessionInput) SetDryRun(v bool) *DeleteTrafficMirrorSessionInput { + s.DryRun = &v + return s +} + +// SetTrafficMirrorSessionId sets the TrafficMirrorSessionId field's value. +func (s *DeleteTrafficMirrorSessionInput) SetTrafficMirrorSessionId(v string) *DeleteTrafficMirrorSessionInput { + s.TrafficMirrorSessionId = &v + return s +} + +type DeleteTrafficMirrorSessionOutput struct { + _ struct{} `type:"structure"` + + // The ID of the deleted Traffic Mirror session. + TrafficMirrorSessionId *string `locationName:"trafficMirrorSessionId" type:"string"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorSessionOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorSessionId sets the TrafficMirrorSessionId field's value. +func (s *DeleteTrafficMirrorSessionOutput) SetTrafficMirrorSessionId(v string) *DeleteTrafficMirrorSessionOutput { + s.TrafficMirrorSessionId = &v + return s +} + +type DeleteTrafficMirrorTargetInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the Traffic Mirror target. + // + // TrafficMirrorTargetId is a required field + TrafficMirrorTargetId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorTargetInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorTargetInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTrafficMirrorTargetInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrafficMirrorTargetInput"} + if s.TrafficMirrorTargetId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorTargetId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DeleteTrafficMirrorTargetInput) SetDryRun(v bool) *DeleteTrafficMirrorTargetInput { + s.DryRun = &v + return s +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *DeleteTrafficMirrorTargetInput) SetTrafficMirrorTargetId(v string) *DeleteTrafficMirrorTargetInput { + s.TrafficMirrorTargetId = &v + return s +} + +type DeleteTrafficMirrorTargetOutput struct { + _ struct{} `type:"structure"` + + // The ID of the deleted Traffic Mirror target. + TrafficMirrorTargetId *string `locationName:"trafficMirrorTargetId" type:"string"` +} + +// String returns the string representation +func (s DeleteTrafficMirrorTargetOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteTrafficMirrorTargetOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *DeleteTrafficMirrorTargetOutput) SetTrafficMirrorTargetId(v string) *DeleteTrafficMirrorTargetOutput { + s.TrafficMirrorTargetId = &v + return s +} + type DeleteTransitGatewayInput struct { _ struct{} `type:"structure"` @@ -46128,10 +49026,10 @@ type DescribeByoipCidrsInput struct { // remaining results, make another call with the returned nextToken value. // // MaxResults is a required field - MaxResults *int64 `min:"5" type:"integer" required:"true"` + MaxResults *int64 `min:"1" type:"integer" required:"true"` // The token for the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46150,11 +49048,8 @@ func (s *DescribeByoipCidrsInput) Validate() error { if s.MaxResults == nil { invalidParams.Add(request.NewErrParamRequired("MaxResults")) } - if s.MaxResults != nil && *s.MaxResults < 5 { - invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) - } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } if invalidParams.Len() > 0 { @@ -46361,7 +49256,7 @@ type DescribeClassicLinkInstancesInput struct { // remaining results, make another call with the returned nextToken value. // // Constraint: If the value is greater than 1000, we return only 1000 items. - MaxResults *int64 `locationName:"maxResults" type:"integer"` + MaxResults *int64 `locationName:"maxResults" min:"5" type:"integer"` // The token for the next page of results. NextToken *string `locationName:"nextToken" type:"string"` @@ -46377,6 +49272,19 @@ func (s DescribeClassicLinkInstancesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeClassicLinkInstancesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeClassicLinkInstancesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeClassicLinkInstancesInput) SetDryRun(v bool) *DescribeClassicLinkInstancesInput { s.DryRun = &v @@ -46463,7 +49371,7 @@ type DescribeClientVpnAuthorizationRulesInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46485,9 +49393,6 @@ func (s *DescribeClientVpnAuthorizationRulesInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -46533,7 +49438,7 @@ type DescribeClientVpnAuthorizationRulesOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -46581,7 +49486,7 @@ type DescribeClientVpnConnectionsInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46603,9 +49508,6 @@ func (s *DescribeClientVpnConnectionsInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -46651,7 +49553,7 @@ type DescribeClientVpnConnectionsOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -46697,7 +49599,7 @@ type DescribeClientVpnEndpointsInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46716,9 +49618,6 @@ func (s *DescribeClientVpnEndpointsInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -46764,7 +49663,7 @@ type DescribeClientVpnEndpointsOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -46812,7 +49711,7 @@ type DescribeClientVpnRoutesInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46834,9 +49733,6 @@ func (s *DescribeClientVpnRoutesInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -46879,7 +49775,7 @@ type DescribeClientVpnRoutesOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` // Information about the Client VPN endpoint routes. Routes []*ClientVpnRoute `locationName:"routes" locationNameList:"item" type:"list"` @@ -46933,7 +49829,7 @@ type DescribeClientVpnTargetNetworksInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -46955,9 +49851,6 @@ func (s *DescribeClientVpnTargetNetworksInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -47009,7 +49902,7 @@ type DescribeClientVpnTargetNetworksOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -47034,7 +49927,6 @@ func (s *DescribeClientVpnTargetNetworksOutput) SetNextToken(v string) *Describe return s } -// Contains the parameters for DescribeConversionTasks. type DescribeConversionTasksInput struct { _ struct{} `type:"structure"` @@ -47070,7 +49962,6 @@ func (s *DescribeConversionTasksInput) SetDryRun(v bool) *DescribeConversionTask return s } -// Contains the output for DescribeConversionTasks. type DescribeConversionTasksOutput struct { _ struct{} `type:"structure"` @@ -47332,7 +50223,7 @@ type DescribeEgressOnlyInternetGatewaysInput struct { // The maximum number of results to return with a single call. To retrieve the // remaining results, make another call with the returned nextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // The token for the next page of results. NextToken *string `type:"string"` @@ -47348,6 +50239,19 @@ func (s DescribeEgressOnlyInternetGatewaysInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeEgressOnlyInternetGatewaysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeEgressOnlyInternetGatewaysInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeEgressOnlyInternetGatewaysInput) SetDryRun(v bool) *DescribeEgressOnlyInternetGatewaysInput { s.DryRun = &v @@ -47540,7 +50444,115 @@ func (s *DescribeElasticGpusOutput) SetNextToken(v string) *DescribeElasticGpusO return s } -// Contains the parameters for DescribeExportTasks. +type DescribeExportImageTasksInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The IDs of the export image tasks. + ExportImageTaskIds []*string `locationName:"ExportImageTaskId" locationNameList:"ExportImageTaskId" type:"list"` + + // Filter tasks using the task-state filter and one of the following values: + // active, completed, deleting, or deleted. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return in a single call. + MaxResults *int64 `min:"1" type:"integer"` + + // A token that indicates the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s DescribeExportImageTasksInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeExportImageTasksInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeExportImageTasksInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeExportImageTasksInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeExportImageTasksInput) SetDryRun(v bool) *DescribeExportImageTasksInput { + s.DryRun = &v + return s +} + +// SetExportImageTaskIds sets the ExportImageTaskIds field's value. +func (s *DescribeExportImageTasksInput) SetExportImageTaskIds(v []*string) *DescribeExportImageTasksInput { + s.ExportImageTaskIds = v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeExportImageTasksInput) SetFilters(v []*Filter) *DescribeExportImageTasksInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeExportImageTasksInput) SetMaxResults(v int64) *DescribeExportImageTasksInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeExportImageTasksInput) SetNextToken(v string) *DescribeExportImageTasksInput { + s.NextToken = &v + return s +} + +type DescribeExportImageTasksOutput struct { + _ struct{} `type:"structure"` + + // Information about the export image tasks. + ExportImageTasks []*ExportImageTask `locationName:"exportImageTaskSet" locationNameList:"item" type:"list"` + + // The token to use to get the next page of results. This value is null when + // there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s DescribeExportImageTasksOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeExportImageTasksOutput) GoString() string { + return s.String() +} + +// SetExportImageTasks sets the ExportImageTasks field's value. +func (s *DescribeExportImageTasksOutput) SetExportImageTasks(v []*ExportImageTask) *DescribeExportImageTasksOutput { + s.ExportImageTasks = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeExportImageTasksOutput) SetNextToken(v string) *DescribeExportImageTasksOutput { + s.NextToken = &v + return s +} + type DescribeExportTasksInput struct { _ struct{} `type:"structure"` @@ -47564,7 +50576,6 @@ func (s *DescribeExportTasksInput) SetExportTaskIds(v []*string) *DescribeExport return s } -// Contains the output for DescribeExportTasks. type DescribeExportTasksOutput struct { _ struct{} `type:"structure"` @@ -48123,6 +51134,8 @@ type DescribeFlowLogsInput struct { Filter []*Filter `locationNameList:"Filter" type:"list"` // One or more flow log IDs. + // + // Constraint: Maximum of 1000 flow log IDs. FlowLogIds []*string `locationName:"FlowLogId" locationNameList:"item" type:"list"` // The maximum number of results to return with a single call. To retrieve the @@ -48341,7 +51354,7 @@ type DescribeFpgaImagesInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to retrieve the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` // Filters the AFI by owner. Specify an AWS account ID, self (owner is the sender // of the request), or an AWS owner alias (valid values are amazon | aws-marketplace). @@ -48364,9 +51377,6 @@ func (s *DescribeFpgaImagesInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -48418,7 +51428,7 @@ type DescribeFpgaImagesOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -48708,11 +51718,13 @@ type DescribeHostsInput struct { // The maximum number of results to return for the request in a single page. // The remaining results can be seen by sending another request with the returned // nextToken value. This value can be between 5 and 500. If maxResults is given - // a larger value than 500, you receive an error. You cannot specify this parameter - // and the host IDs parameter in the same request. + // a larger value than 500, you receive an error. + // + // You cannot specify this parameter and the host IDs parameter in the same + // request. MaxResults *int64 `locationName:"maxResults" type:"integer"` - // The token to retrieve the next page of results. + // The token to use to retrieve the next page of results. NextToken *string `locationName:"nextToken" type:"string"` } @@ -48802,7 +51814,7 @@ type DescribeIamInstanceProfileAssociationsInput struct { MaxResults *int64 `min:"5" type:"integer"` // The token to request the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` } // String returns the string representation @@ -48821,9 +51833,6 @@ func (s *DescribeIamInstanceProfileAssociationsInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 5 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -48863,7 +51872,7 @@ type DescribeIamInstanceProfileAssociationsOutput struct { // The token to use to retrieve the next page of results. This value is null // when there are no more results to return. - NextToken *string `locationName:"nextToken" min:"1" type:"string"` + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -49189,7 +52198,7 @@ type DescribeImagesInput struct { // The filters. // - // * architecture - The image architecture (i386 | x86_64). + // * architecture - The image architecture (i386 | x86_64 | arm64). // // * block-device-mapping.delete-on-termination - A Boolean value that indicates // whether the Amazon EBS volume is deleted on instance termination. @@ -49344,7 +52353,6 @@ func (s *DescribeImagesOutput) SetImages(v []*Image) *DescribeImagesOutput { return s } -// Contains the parameters for DescribeImportImageTasks. type DescribeImportImageTasksInput struct { _ struct{} `type:"structure"` @@ -49355,14 +52363,13 @@ type DescribeImportImageTasksInput struct { DryRun *bool `type:"boolean"` // Filter tasks using the task-state filter and one of the following values: - // active, completed, deleting, deleted. + // active, completed, deleting, or deleted. Filters []*Filter `locationNameList:"Filter" type:"list"` - // A list of import image task IDs. + // The IDs of the import image tasks. ImportTaskIds []*string `locationName:"ImportTaskId" locationNameList:"ImportTaskId" type:"list"` - // The maximum number of results to return in a single call. To retrieve the - // remaining results, make another call with the returned NextToken value. + // The maximum number of results to return in a single call. MaxResults *int64 `type:"integer"` // A token that indicates the next page of results. @@ -49409,7 +52416,6 @@ func (s *DescribeImportImageTasksInput) SetNextToken(v string) *DescribeImportIm return s } -// Contains the output for DescribeImportImageTasks. type DescribeImportImageTasksOutput struct { _ struct{} `type:"structure"` @@ -49444,7 +52450,6 @@ func (s *DescribeImportImageTasksOutput) SetNextToken(v string) *DescribeImportI return s } -// Contains the parameters for DescribeImportSnapshotTasks. type DescribeImportSnapshotTasksInput struct { _ struct{} `type:"structure"` @@ -49508,7 +52513,6 @@ func (s *DescribeImportSnapshotTasksInput) SetNextToken(v string) *DescribeImpor return s } -// Contains the output for DescribeImportSnapshotTasks. type DescribeImportSnapshotTasksOutput struct { _ struct{} `type:"structure"` @@ -50049,7 +53053,7 @@ type DescribeInstancesInput struct { // * affinity - The affinity setting for an instance running on a Dedicated // Host (default | host). // - // * architecture - The instance architecture (i386 | x86_64). + // * architecture - The instance architecture (i386 | x86_64 | arm64). // // * availability-zone - The Availability Zone of the instance. // @@ -50894,7 +53898,7 @@ type DescribeMovingAddressesInput struct { // 1000; if MaxResults is given a value outside of this range, an error is returned. // // Default: If no value is provided, the default is 1000. - MaxResults *int64 `locationName:"maxResults" type:"integer"` + MaxResults *int64 `locationName:"maxResults" min:"5" type:"integer"` // The token for the next page of results. NextToken *string `locationName:"nextToken" type:"string"` @@ -50913,6 +53917,19 @@ func (s DescribeMovingAddressesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeMovingAddressesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeMovingAddressesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeMovingAddressesInput) SetDryRun(v bool) *DescribeMovingAddressesInput { s.DryRun = &v @@ -51003,7 +54020,7 @@ type DescribeNatGatewaysInput struct { // The maximum number of results to return with a single call. To retrieve the // remaining results, make another call with the returned nextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // One or more NAT gateway IDs. NatGatewayIds []*string `locationName:"NatGatewayId" locationNameList:"item" type:"list"` @@ -51022,6 +54039,19 @@ func (s DescribeNatGatewaysInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeNatGatewaysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeNatGatewaysInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetFilter sets the Filter field's value. func (s *DescribeNatGatewaysInput) SetFilter(v []*Filter) *DescribeNatGatewaysInput { s.Filter = v @@ -51510,7 +54540,7 @@ type DescribeNetworkInterfacesInput struct { // // * attachment.attachment-id - The ID of the interface attachment. // - // * attachment.attach.time - The time that the network interface was attached + // * attachment.attach-time - The time that the network interface was attached // to an instance. // // * attachment.delete-on-termination - Indicates whether the attachment @@ -51874,7 +54904,7 @@ type DescribePrincipalIdFormatInput struct { // The maximum number of results to return in a single call. To retrieve the // remaining results, make another call with the returned NextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"1" type:"integer"` // The token to request the next page of results. NextToken *string `type:"string"` @@ -51899,6 +54929,19 @@ func (s DescribePrincipalIdFormatInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribePrincipalIdFormatInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribePrincipalIdFormatInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribePrincipalIdFormatInput) SetDryRun(v bool) *DescribePrincipalIdFormatInput { s.DryRun = &v @@ -51964,7 +55007,7 @@ type DescribePublicIpv4PoolsInput struct { MaxResults *int64 `min:"1" type:"integer"` // The token for the next page of results. - NextToken *string `min:"1" type:"string"` + NextToken *string `type:"string"` // The IDs of the address pools. PoolIds []*string `locationName:"PoolId" locationNameList:"item" type:"list"` @@ -51986,9 +55029,6 @@ func (s *DescribePublicIpv4PoolsInput) Validate() error { if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } - if s.NextToken != nil && len(*s.NextToken) < 1 { - invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) - } if invalidParams.Len() > 0 { return invalidParams @@ -52050,6 +55090,10 @@ func (s *DescribePublicIpv4PoolsOutput) SetPublicIpv4Pools(v []*PublicIpv4Pool) type DescribeRegionsInput struct { _ struct{} `type:"structure"` + // Indicates whether to display all Regions, including Regions that are disabled + // for your account. + AllRegions *bool `type:"boolean"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -52060,10 +55104,14 @@ type DescribeRegionsInput struct { // // * endpoint - The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com). // + // * opt-in-status - The opt-in status of the Region (opt-in-not-required + // | opted-in | not-opted-in). + // // * region-name - The name of the Region (for example, us-east-1). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The names of the Regions. + // The names of the Regions. You can specify any Regions, whether they are enabled + // and disabled for your account. RegionNames []*string `locationName:"RegionName" locationNameList:"RegionName" type:"list"` } @@ -52077,6 +55125,12 @@ func (s DescribeRegionsInput) GoString() string { return s.String() } +// SetAllRegions sets the AllRegions field's value. +func (s *DescribeRegionsInput) SetAllRegions(v bool) *DescribeRegionsInput { + s.AllRegions = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *DescribeRegionsInput) SetDryRun(v bool) *DescribeRegionsInput { s.DryRun = &v @@ -52888,7 +55942,7 @@ type DescribeScheduledInstanceAvailabilityInput struct { // The maximum number of results to return in a single call. This value can // be between 5 and 300. The default value is 300. To retrieve the remaining // results, make another call with the returned NextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // The maximum available duration, in hours. This value must be greater than // MinSlotDurationInHours and less than 1,720. @@ -52925,6 +55979,9 @@ func (s *DescribeScheduledInstanceAvailabilityInput) Validate() error { if s.FirstSlotStartTimeRange == nil { invalidParams.Add(request.NewErrParamRequired("FirstSlotStartTimeRange")) } + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } if s.Recurrence == nil { invalidParams.Add(request.NewErrParamRequired("Recurrence")) } @@ -53750,7 +56807,7 @@ type DescribeSpotFleetInstancesInput struct { // The maximum number of results to return in a single call. Specify a value // between 1 and 1000. The default value is 1000. To retrieve the remaining // results, make another call with the returned NextToken value. - MaxResults *int64 `locationName:"maxResults" type:"integer"` + MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // The token for the next set of results. NextToken *string `locationName:"nextToken" type:"string"` @@ -53774,6 +56831,9 @@ func (s DescribeSpotFleetInstancesInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeSpotFleetInstancesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeSpotFleetInstancesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } if s.SpotFleetRequestId == nil { invalidParams.Add(request.NewErrParamRequired("SpotFleetRequestId")) } @@ -53868,7 +56928,7 @@ type DescribeSpotFleetRequestHistoryInput struct { // The maximum number of results to return in a single call. Specify a value // between 1 and 1000. The default value is 1000. To retrieve the remaining // results, make another call with the returned NextToken value. - MaxResults *int64 `locationName:"maxResults" type:"integer"` + MaxResults *int64 `locationName:"maxResults" min:"1" type:"integer"` // The token for the next set of results. NextToken *string `locationName:"nextToken" type:"string"` @@ -53897,6 +56957,9 @@ func (s DescribeSpotFleetRequestHistoryInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeSpotFleetRequestHistoryInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeSpotFleetRequestHistoryInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } if s.SpotFleetRequestId == nil { invalidParams.Add(request.NewErrParamRequired("SpotFleetRequestId")) } @@ -54829,6 +57892,367 @@ func (s *DescribeTagsOutput) SetTags(v []*TagDescription) *DescribeTagsOutput { return s } +type DescribeTrafficMirrorFiltersInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * description: The Traffic Mirror filter description. + // + // * traffic-mirror-filter-id: The ID of the Traffic Mirror filter. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Traffic Mirror filter. + TrafficMirrorFilterIds []*string `locationName:"TrafficMirrorFilterId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorFiltersInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorFiltersInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTrafficMirrorFiltersInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrafficMirrorFiltersInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTrafficMirrorFiltersInput) SetDryRun(v bool) *DescribeTrafficMirrorFiltersInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTrafficMirrorFiltersInput) SetFilters(v []*Filter) *DescribeTrafficMirrorFiltersInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTrafficMirrorFiltersInput) SetMaxResults(v int64) *DescribeTrafficMirrorFiltersInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorFiltersInput) SetNextToken(v string) *DescribeTrafficMirrorFiltersInput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorFilterIds sets the TrafficMirrorFilterIds field's value. +func (s *DescribeTrafficMirrorFiltersInput) SetTrafficMirrorFilterIds(v []*string) *DescribeTrafficMirrorFiltersInput { + s.TrafficMirrorFilterIds = v + return s +} + +type DescribeTrafficMirrorFiltersOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. The value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about one or more Traffic Mirror filters. + TrafficMirrorFilters []*TrafficMirrorFilter `locationName:"trafficMirrorFilterSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorFiltersOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorFiltersOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorFiltersOutput) SetNextToken(v string) *DescribeTrafficMirrorFiltersOutput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorFilters sets the TrafficMirrorFilters field's value. +func (s *DescribeTrafficMirrorFiltersOutput) SetTrafficMirrorFilters(v []*TrafficMirrorFilter) *DescribeTrafficMirrorFiltersOutput { + s.TrafficMirrorFilters = v + return s +} + +type DescribeTrafficMirrorSessionsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * description: The Traffic Mirror session description. + // + // * network-interface-id: The ID of the Traffic Mirror session network interface. + // + // * owner-id: The ID of the account that owns the Traffic Mirror session. + // + // * packet-length: The assigned number of packets to mirror. + // + // * session-number: The assigned session number. + // + // * traffic-mirror-filter-id: The ID of the Traffic Mirror filter. + // + // * traffic-mirror-session-id: The ID of the Traffic Mirror session. + // + // * traffic-mirror-target-id: The ID of the Traffic Mirror target. + // + // * virtual-network-id: The virtual network ID of the Traffic Mirror session. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Traffic Mirror session. + TrafficMirrorSessionIds []*string `locationName:"TrafficMirrorSessionId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorSessionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorSessionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTrafficMirrorSessionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrafficMirrorSessionsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTrafficMirrorSessionsInput) SetDryRun(v bool) *DescribeTrafficMirrorSessionsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTrafficMirrorSessionsInput) SetFilters(v []*Filter) *DescribeTrafficMirrorSessionsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTrafficMirrorSessionsInput) SetMaxResults(v int64) *DescribeTrafficMirrorSessionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorSessionsInput) SetNextToken(v string) *DescribeTrafficMirrorSessionsInput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorSessionIds sets the TrafficMirrorSessionIds field's value. +func (s *DescribeTrafficMirrorSessionsInput) SetTrafficMirrorSessionIds(v []*string) *DescribeTrafficMirrorSessionsInput { + s.TrafficMirrorSessionIds = v + return s +} + +type DescribeTrafficMirrorSessionsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. The value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Describes one or more Traffic Mirror sessions. By default, all Traffic Mirror + // sessions are described. Alternatively, you can filter the results. + TrafficMirrorSessions []*TrafficMirrorSession `locationName:"trafficMirrorSessionSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorSessionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorSessionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorSessionsOutput) SetNextToken(v string) *DescribeTrafficMirrorSessionsOutput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorSessions sets the TrafficMirrorSessions field's value. +func (s *DescribeTrafficMirrorSessionsOutput) SetTrafficMirrorSessions(v []*TrafficMirrorSession) *DescribeTrafficMirrorSessionsOutput { + s.TrafficMirrorSessions = v + return s +} + +type DescribeTrafficMirrorTargetsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. The possible values are: + // + // * description: The Traffic Mirror target description. + // + // * network-interface-id: The ID of the Traffic Mirror session network interface. + // + // * network-load-balancer-arn: The Amazon Resource Name (ARN) of the Network + // Load Balancer that is associated with the session. + // + // * owner-id: The ID of the account that owns the Traffic Mirror session. + // + // * traffic-mirror-target-id: The ID of the Traffic Mirror target. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The ID of the Traffic Mirror targets. + TrafficMirrorTargetIds []*string `locationName:"TrafficMirrorTargetId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorTargetsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorTargetsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeTrafficMirrorTargetsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeTrafficMirrorTargetsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeTrafficMirrorTargetsInput) SetDryRun(v bool) *DescribeTrafficMirrorTargetsInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeTrafficMirrorTargetsInput) SetFilters(v []*Filter) *DescribeTrafficMirrorTargetsInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeTrafficMirrorTargetsInput) SetMaxResults(v int64) *DescribeTrafficMirrorTargetsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorTargetsInput) SetNextToken(v string) *DescribeTrafficMirrorTargetsInput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorTargetIds sets the TrafficMirrorTargetIds field's value. +func (s *DescribeTrafficMirrorTargetsInput) SetTrafficMirrorTargetIds(v []*string) *DescribeTrafficMirrorTargetsInput { + s.TrafficMirrorTargetIds = v + return s +} + +type DescribeTrafficMirrorTargetsOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. The value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about one or more Traffic Mirror targets. + TrafficMirrorTargets []*TrafficMirrorTarget `locationName:"trafficMirrorTargetSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeTrafficMirrorTargetsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeTrafficMirrorTargetsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeTrafficMirrorTargetsOutput) SetNextToken(v string) *DescribeTrafficMirrorTargetsOutput { + s.NextToken = &v + return s +} + +// SetTrafficMirrorTargets sets the TrafficMirrorTargets field's value. +func (s *DescribeTrafficMirrorTargetsOutput) SetTrafficMirrorTargets(v []*TrafficMirrorTarget) *DescribeTrafficMirrorTargetsOutput { + s.TrafficMirrorTargets = v + return s +} + type DescribeTransitGatewayAttachmentsInput struct { _ struct{} `type:"structure"` @@ -57494,6 +60918,19 @@ type DetachNetworkInterfaceInput struct { DryRun *bool `locationName:"dryRun" type:"boolean"` // Specifies whether to force a detachment. + // + // * Use the Force parameter only as a last resort to detach a network interface + // from a failed instance. + // + // * If you use the Force parameter to detach a network interface, you might + // not be able to attach a different network interface to the same index + // on the instance without first stopping and starting the instance. + // + // * If you force the detachment of a network interface, the instance metadata + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) + // might not get updated. This means that the attributes associated with + // the detached network interface might still be visible. The instance metadata + // will get updated when you stop and start the instance. Force *bool `locationName:"force" type:"boolean"` } @@ -57876,7 +61313,7 @@ func (s *DisableEbsEncryptionByDefaultInput) SetDryRun(v bool) *DisableEbsEncryp type DisableEbsEncryptionByDefaultOutput struct { _ struct{} `type:"structure"` - // Account-level encryption status after performing the action. + // The updated status of encryption by default. EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` } @@ -58989,14 +62426,10 @@ type EbsBlockDevice struct { DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` // Indicates whether the encryption state of an EBS volume is changed while - // being restored from a backing snapshot. The default effect of setting the - // Encrypted parameter to true through the console, API, or CLI depends on the - // volume's origin (new or from a snapshot), starting encryption state, ownership, - // and whether account-level encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html) - // is enabled. Each default case can be overridden by specifying a customer - // master key (CMK) with the KmsKeyId parameter in addition to setting Encrypted - // to true. For a complete list of possible encryption cases, see Amazon EBS - // Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) + // being restored from a backing snapshot. The effect of setting the encryption + // state to true depends on the volume origin (new or from a snapshot), starting + // encryption state, ownership, and whether encryption by default is enabled. + // For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) // in the Amazon Elastic Compute Cloud User Guide. // // In no case can you remove encryption from an encrypted volume. @@ -59023,8 +62456,8 @@ type EbsBlockDevice struct { // it is not used in requests to create gp2, st1, sc1, or standard volumes. Iops *int64 `locationName:"iops" type:"integer"` - // Identifier (key ID, key alias, ID ARN, or alias ARN) for a user-managed CMK - // under which the EBS volume is encrypted. + // Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed + // CMK under which the EBS volume is encrypted. // // This parameter is only supported on BlockDeviceMapping objects called by // RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html), @@ -59047,9 +62480,10 @@ type EbsBlockDevice struct { // size. VolumeSize *int64 `locationName:"volumeSize" type:"integer"` - // The volume type. If you set the type to io1, you must also set the Iops property. + // The volume type. If you set the type to io1, you must also specify the IOPS + // that the volume supports. // - // Default: standard + // Default: gp2 VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` } @@ -59552,7 +62986,7 @@ func (s *EnableEbsEncryptionByDefaultInput) SetDryRun(v bool) *EnableEbsEncrypti type EnableEbsEncryptionByDefaultOutput struct { _ struct{} `type:"structure"` - // Account-level encryption status after performing the action. + // The updated status of encryption by default. EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` } @@ -60173,6 +63607,295 @@ func (s *ExportClientVpnClientConfigurationOutput) SetClientConfiguration(v stri return s } +type ExportImageInput struct { + _ struct{} `type:"structure"` + + // Token to enable idempotency for export image requests. + ClientToken *string `type:"string" idempotencyToken:"true"` + + // A description of the image being exported. The maximum length is 255 bytes. + Description *string `type:"string"` + + // The disk image format. + // + // DiskImageFormat is a required field + DiskImageFormat *string `type:"string" required:"true" enum:"DiskImageFormat"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the image. + // + // ImageId is a required field + ImageId *string `type:"string" required:"true"` + + // The name of the role that grants VM Import/Export permission to export images + // to your S3 bucket. If this parameter is not specified, the default role is + // named 'vmimport'. + RoleName *string `type:"string"` + + // Information about the destination S3 bucket. The bucket must exist and grant + // WRITE and READ_ACP permissions to the AWS account vm-import-export@amazon.com. + // + // S3ExportLocation is a required field + S3ExportLocation *ExportTaskS3LocationRequest `type:"structure" required:"true"` +} + +// String returns the string representation +func (s ExportImageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExportImageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportImageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportImageInput"} + if s.DiskImageFormat == nil { + invalidParams.Add(request.NewErrParamRequired("DiskImageFormat")) + } + if s.ImageId == nil { + invalidParams.Add(request.NewErrParamRequired("ImageId")) + } + if s.S3ExportLocation == nil { + invalidParams.Add(request.NewErrParamRequired("S3ExportLocation")) + } + if s.S3ExportLocation != nil { + if err := s.S3ExportLocation.Validate(); err != nil { + invalidParams.AddNested("S3ExportLocation", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientToken sets the ClientToken field's value. +func (s *ExportImageInput) SetClientToken(v string) *ExportImageInput { + s.ClientToken = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ExportImageInput) SetDescription(v string) *ExportImageInput { + s.Description = &v + return s +} + +// SetDiskImageFormat sets the DiskImageFormat field's value. +func (s *ExportImageInput) SetDiskImageFormat(v string) *ExportImageInput { + s.DiskImageFormat = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ExportImageInput) SetDryRun(v bool) *ExportImageInput { + s.DryRun = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *ExportImageInput) SetImageId(v string) *ExportImageInput { + s.ImageId = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *ExportImageInput) SetRoleName(v string) *ExportImageInput { + s.RoleName = &v + return s +} + +// SetS3ExportLocation sets the S3ExportLocation field's value. +func (s *ExportImageInput) SetS3ExportLocation(v *ExportTaskS3LocationRequest) *ExportImageInput { + s.S3ExportLocation = v + return s +} + +type ExportImageOutput struct { + _ struct{} `type:"structure"` + + // A description of the image being exported. + Description *string `locationName:"description" type:"string"` + + // The disk image format for the exported image. + DiskImageFormat *string `locationName:"diskImageFormat" type:"string" enum:"DiskImageFormat"` + + // The ID of the export image task. + ExportImageTaskId *string `locationName:"exportImageTaskId" type:"string"` + + // The ID of the image. + ImageId *string `locationName:"imageId" type:"string"` + + // The percent complete of the export image task. + Progress *string `locationName:"progress" type:"string"` + + // The name of the role that grants VM Import/Export permission to export images + // to your S3 bucket. + RoleName *string `locationName:"roleName" type:"string"` + + // Information about the destination S3 bucket. + S3ExportLocation *ExportTaskS3Location `locationName:"s3ExportLocation" type:"structure"` + + // The status of the export image task. The possible values are active, completed, + // deleting, and deleted. + Status *string `locationName:"status" type:"string"` + + // The status message for the export image task. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation +func (s ExportImageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExportImageOutput) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *ExportImageOutput) SetDescription(v string) *ExportImageOutput { + s.Description = &v + return s +} + +// SetDiskImageFormat sets the DiskImageFormat field's value. +func (s *ExportImageOutput) SetDiskImageFormat(v string) *ExportImageOutput { + s.DiskImageFormat = &v + return s +} + +// SetExportImageTaskId sets the ExportImageTaskId field's value. +func (s *ExportImageOutput) SetExportImageTaskId(v string) *ExportImageOutput { + s.ExportImageTaskId = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *ExportImageOutput) SetImageId(v string) *ExportImageOutput { + s.ImageId = &v + return s +} + +// SetProgress sets the Progress field's value. +func (s *ExportImageOutput) SetProgress(v string) *ExportImageOutput { + s.Progress = &v + return s +} + +// SetRoleName sets the RoleName field's value. +func (s *ExportImageOutput) SetRoleName(v string) *ExportImageOutput { + s.RoleName = &v + return s +} + +// SetS3ExportLocation sets the S3ExportLocation field's value. +func (s *ExportImageOutput) SetS3ExportLocation(v *ExportTaskS3Location) *ExportImageOutput { + s.S3ExportLocation = v + return s +} + +// SetStatus sets the Status field's value. +func (s *ExportImageOutput) SetStatus(v string) *ExportImageOutput { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *ExportImageOutput) SetStatusMessage(v string) *ExportImageOutput { + s.StatusMessage = &v + return s +} + +// Describes an export image task. +type ExportImageTask struct { + _ struct{} `type:"structure"` + + // A description of the image being exported. + Description *string `locationName:"description" type:"string"` + + // The ID of the export image task. + ExportImageTaskId *string `locationName:"exportImageTaskId" type:"string"` + + // The ID of the image. + ImageId *string `locationName:"imageId" type:"string"` + + // The percent complete of the export image task. + Progress *string `locationName:"progress" type:"string"` + + // Information about the destination S3 bucket. + S3ExportLocation *ExportTaskS3Location `locationName:"s3ExportLocation" type:"structure"` + + // The status of the export image task. The possible values are active, completed, + // deleting, and deleted. + Status *string `locationName:"status" type:"string"` + + // The status message for the export image task. + StatusMessage *string `locationName:"statusMessage" type:"string"` +} + +// String returns the string representation +func (s ExportImageTask) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExportImageTask) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *ExportImageTask) SetDescription(v string) *ExportImageTask { + s.Description = &v + return s +} + +// SetExportImageTaskId sets the ExportImageTaskId field's value. +func (s *ExportImageTask) SetExportImageTaskId(v string) *ExportImageTask { + s.ExportImageTaskId = &v + return s +} + +// SetImageId sets the ImageId field's value. +func (s *ExportImageTask) SetImageId(v string) *ExportImageTask { + s.ImageId = &v + return s +} + +// SetProgress sets the Progress field's value. +func (s *ExportImageTask) SetProgress(v string) *ExportImageTask { + s.Progress = &v + return s +} + +// SetS3ExportLocation sets the S3ExportLocation field's value. +func (s *ExportImageTask) SetS3ExportLocation(v *ExportTaskS3Location) *ExportImageTask { + s.S3ExportLocation = v + return s +} + +// SetStatus sets the Status field's value. +func (s *ExportImageTask) SetStatus(v string) *ExportImageTask { + s.Status = &v + return s +} + +// SetStatusMessage sets the StatusMessage field's value. +func (s *ExportImageTask) SetStatusMessage(v string) *ExportImageTask { + s.StatusMessage = &v + return s +} + // Describes an instance export task. type ExportTask struct { _ struct{} `type:"structure"` @@ -60242,6 +63965,87 @@ func (s *ExportTask) SetStatusMessage(v string) *ExportTask { return s } +// Describes the destination for an export image task. +type ExportTaskS3Location struct { + _ struct{} `type:"structure"` + + // The destination S3 bucket. + S3Bucket *string `locationName:"s3Bucket" type:"string"` + + // The prefix (logical hierarchy) in the bucket. + S3Prefix *string `locationName:"s3Prefix" type:"string"` +} + +// String returns the string representation +func (s ExportTaskS3Location) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExportTaskS3Location) GoString() string { + return s.String() +} + +// SetS3Bucket sets the S3Bucket field's value. +func (s *ExportTaskS3Location) SetS3Bucket(v string) *ExportTaskS3Location { + s.S3Bucket = &v + return s +} + +// SetS3Prefix sets the S3Prefix field's value. +func (s *ExportTaskS3Location) SetS3Prefix(v string) *ExportTaskS3Location { + s.S3Prefix = &v + return s +} + +// Describes the destination for an export image task. +type ExportTaskS3LocationRequest struct { + _ struct{} `type:"structure"` + + // The destination S3 bucket. + // + // S3Bucket is a required field + S3Bucket *string `type:"string" required:"true"` + + // The prefix (logical hierarchy) in the bucket. + S3Prefix *string `type:"string"` +} + +// String returns the string representation +func (s ExportTaskS3LocationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ExportTaskS3LocationRequest) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportTaskS3LocationRequest) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportTaskS3LocationRequest"} + if s.S3Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("S3Bucket")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetS3Bucket sets the S3Bucket field's value. +func (s *ExportTaskS3LocationRequest) SetS3Bucket(v string) *ExportTaskS3LocationRequest { + s.S3Bucket = &v + return s +} + +// SetS3Prefix sets the S3Prefix field's value. +func (s *ExportTaskS3LocationRequest) SetS3Prefix(v string) *ExportTaskS3LocationRequest { + s.S3Prefix = &v + return s +} + // Describes the format and location for an instance export task. type ExportToS3Task struct { _ struct{} `type:"structure"` @@ -60360,7 +64164,7 @@ type ExportTransitGatewayRoutesInput struct { // One or more filters. The possible values are: // - // * attachment.transit-gateway-attachment-id- The id of the transit gateway + // * attachment.transit-gateway-attachment-id - The id of the transit gateway // attachment. // // * attachment.resource-id - The resource id of the transit gateway attachment. @@ -60384,7 +64188,7 @@ type ExportTransitGatewayRoutesInput struct { // // * transit-gateway-route-destination-cidr-block - The CIDR range. // - // * type - The type of roue (active | blackhole). + // * type - The type of route (active | blackhole). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The name of the S3 bucket. @@ -61068,7 +64872,8 @@ type FleetLaunchTemplateSpecificationRequest struct { // The name of the launch template. LaunchTemplateName *string `min:"3" type:"string"` - // The version number of the launch template. + // The version number of the launch template. Note: This is a required parameter + // and will be updated soon. Version *string `type:"string"` } @@ -61490,6 +65295,178 @@ func (s *FpgaImageState) SetMessage(v string) *FpgaImageState { return s } +type GetCapacityReservationUsageInput struct { + _ struct{} `type:"structure"` + + // The ID of the Capacity Reservation. + // + // CapacityReservationId is a required field + CapacityReservationId *string `type:"string" required:"true"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The maximum number of results to return for the request in a single page. + // The remaining results can be seen by sending another request with the returned + // nextToken value. + // + // Valid range: Minimum value of 1. Maximum value of 1000. + MaxResults *int64 `min:"1" type:"integer"` + + // The token to retrieve the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s GetCapacityReservationUsageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCapacityReservationUsageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetCapacityReservationUsageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetCapacityReservationUsageInput"} + if s.CapacityReservationId == nil { + invalidParams.Add(request.NewErrParamRequired("CapacityReservationId")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCapacityReservationId sets the CapacityReservationId field's value. +func (s *GetCapacityReservationUsageInput) SetCapacityReservationId(v string) *GetCapacityReservationUsageInput { + s.CapacityReservationId = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *GetCapacityReservationUsageInput) SetDryRun(v bool) *GetCapacityReservationUsageInput { + s.DryRun = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *GetCapacityReservationUsageInput) SetMaxResults(v int64) *GetCapacityReservationUsageInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetCapacityReservationUsageInput) SetNextToken(v string) *GetCapacityReservationUsageInput { + s.NextToken = &v + return s +} + +type GetCapacityReservationUsageOutput struct { + _ struct{} `type:"structure"` + + // The remaining capacity. Indicates the number of instances that can be launched + // in the Capacity Reservation. + AvailableInstanceCount *int64 `locationName:"availableInstanceCount" type:"integer"` + + // The ID of the Capacity Reservation. + CapacityReservationId *string `locationName:"capacityReservationId" type:"string"` + + // The type of instance for which the Capacity Reservation reserves capacity. + InstanceType *string `locationName:"instanceType" type:"string"` + + // Information about the Capacity Reservation usage. + InstanceUsages []*InstanceUsage `locationName:"instanceUsageSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // The current state of the Capacity Reservation. A Capacity Reservation can + // be in one of the following states: + // + // * active - The Capacity Reservation is active and the capacity is available + // for your use. + // + // * expired - The Capacity Reservation expired automatically at the date + // and time specified in your request. The reserved capacity is no longer + // available for your use. + // + // * cancelled - The Capacity Reservation was manually cancelled. The reserved + // capacity is no longer available for your use. + // + // * pending - The Capacity Reservation request was successful but the capacity + // provisioning is still pending. + // + // * failed - The Capacity Reservation request has failed. A request might + // fail due to invalid request parameters, capacity constraints, or instance + // limit constraints. Failed requests are retained for 60 minutes. + State *string `locationName:"state" type:"string" enum:"CapacityReservationState"` + + // The number of instances for which the Capacity Reservation reserves capacity. + TotalInstanceCount *int64 `locationName:"totalInstanceCount" type:"integer"` +} + +// String returns the string representation +func (s GetCapacityReservationUsageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCapacityReservationUsageOutput) GoString() string { + return s.String() +} + +// SetAvailableInstanceCount sets the AvailableInstanceCount field's value. +func (s *GetCapacityReservationUsageOutput) SetAvailableInstanceCount(v int64) *GetCapacityReservationUsageOutput { + s.AvailableInstanceCount = &v + return s +} + +// SetCapacityReservationId sets the CapacityReservationId field's value. +func (s *GetCapacityReservationUsageOutput) SetCapacityReservationId(v string) *GetCapacityReservationUsageOutput { + s.CapacityReservationId = &v + return s +} + +// SetInstanceType sets the InstanceType field's value. +func (s *GetCapacityReservationUsageOutput) SetInstanceType(v string) *GetCapacityReservationUsageOutput { + s.InstanceType = &v + return s +} + +// SetInstanceUsages sets the InstanceUsages field's value. +func (s *GetCapacityReservationUsageOutput) SetInstanceUsages(v []*InstanceUsage) *GetCapacityReservationUsageOutput { + s.InstanceUsages = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *GetCapacityReservationUsageOutput) SetNextToken(v string) *GetCapacityReservationUsageOutput { + s.NextToken = &v + return s +} + +// SetState sets the State field's value. +func (s *GetCapacityReservationUsageOutput) SetState(v string) *GetCapacityReservationUsageOutput { + s.State = &v + return s +} + +// SetTotalInstanceCount sets the TotalInstanceCount field's value. +func (s *GetCapacityReservationUsageOutput) SetTotalInstanceCount(v int64) *GetCapacityReservationUsageOutput { + s.TotalInstanceCount = &v + return s +} + type GetConsoleOutputInput struct { _ struct{} `type:"structure"` @@ -61714,8 +65691,7 @@ func (s *GetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *GetEbsDefaultKmsKeyIdInp type GetEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The full ARN of the default CMK that your account uses to encrypt an EBS - // volume when no CMK is specified in the API call that creates the volume. + // The Amazon Resource Name (ARN) of the default CMK for encryption by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -61764,7 +65740,7 @@ func (s *GetEbsEncryptionByDefaultInput) SetDryRun(v bool) *GetEbsEncryptionByDe type GetEbsEncryptionByDefaultOutput struct { _ struct{} `type:"structure"` - // Indicates whether default encryption for EBS volumes is enabled or disabled. + // Indicates whether encryption by default is enabled. EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` } @@ -62778,9 +66754,8 @@ type Host struct { // The number of new instances that can be launched onto the Dedicated Host. AvailableCapacity *AvailableCapacity `locationName:"availableCapacity" type:"structure"` - // Unique, case-sensitive identifier that you provide to ensure idempotency - // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html) - // in the Amazon Elastic Compute Cloud User Guide. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` // The ID of the Dedicated Host. @@ -62789,6 +66764,10 @@ type Host struct { // The hardware specifications of the Dedicated Host. HostProperties *HostProperties `locationName:"hostProperties" type:"structure"` + // Indicates whether host recovery is enabled or disabled for the Dedicated + // Host. + HostRecovery *string `locationName:"hostRecovery" type:"string" enum:"HostRecovery"` + // The reservation ID of the Dedicated Host. This returns a null response if // the Dedicated Host doesn't have an associated reservation. HostReservationId *string `locationName:"hostReservationId" type:"string"` @@ -62858,6 +66837,12 @@ func (s *Host) SetHostProperties(v *HostProperties) *Host { return s } +// SetHostRecovery sets the HostRecovery field's value. +func (s *Host) SetHostRecovery(v string) *Host { + s.HostRecovery = &v + return s +} + // SetHostReservationId sets the HostReservationId field's value. func (s *Host) SetHostReservationId(v string) *Host { s.HostReservationId = &v @@ -63196,6 +67181,54 @@ func (s *HostReservation) SetUpfrontPrice(v string) *HostReservation { return s } +// The internet key exchange (IKE) version permitted for the VPN tunnel. +type IKEVersionsListValue struct { + _ struct{} `type:"structure"` + + // The IKE version. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s IKEVersionsListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IKEVersionsListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *IKEVersionsListValue) SetValue(v string) *IKEVersionsListValue { + s.Value = &v + return s +} + +// The IKE version that is permitted for the VPN tunnel. +type IKEVersionsRequestListValue struct { + _ struct{} `type:"structure"` + + // The IKE version. + Value *string `type:"string"` +} + +// String returns the string representation +func (s IKEVersionsRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IKEVersionsRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *IKEVersionsRequestListValue) SetValue(v string) *IKEVersionsRequestListValue { + s.Value = &v + return s +} + // Describes an IAM instance profile. type IamInstanceProfile struct { _ struct{} `type:"structure"` @@ -63444,7 +67477,7 @@ type Image struct { // The AWS account ID of the image owner. OwnerId *string `locationName:"imageOwnerId" type:"string"` - // The value is Windows for Windows AMIs; otherwise blank. + // This value is set to windows for Windows AMIs; otherwise, it is blank. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` // Any product codes associated with the AMI. @@ -63800,13 +67833,12 @@ func (s *ImportClientVpnClientCertificateRevocationListOutput) SetReturn(v bool) return s } -// Contains the parameters for ImportImage. type ImportImageInput struct { _ struct{} `type:"structure"` // The architecture of the virtual machine. // - // Valid values: i386 | x86_64 + // Valid values: i386 | x86_64 | arm64 Architecture *string `type:"string"` // The client-specific data. @@ -63870,21 +67902,15 @@ type ImportImageInput struct { // The license type to be used for the Amazon Machine Image (AMI) after importing. // - // Note: You may only use BYOL if you have existing licenses with rights to - // use these licenses in a third party cloud like AWS. For more information, - // see Prerequisites (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#prerequisites-image) - // in the VM Import/Export User Guide. - // - // Valid values include: + // By default, we detect the source-system operating system (OS) and apply the + // appropriate license. Specify AWS to replace the source-system license with + // an AWS license, if appropriate. Specify BYOL to retain the source-system + // license, if appropriate. // - // * Auto - Detects the source-system operating system (OS) and applies the - // appropriate license. - // - // * AWS - Replaces the source-system license with an AWS license, if appropriate. - // - // * BYOL - Retains the source-system license, if appropriate. - // - // Default value: Auto + // To use BYOL, you must have existing licenses with rights to use these licenses + // in a third party cloud, such as AWS. For more information, see Prerequisites + // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#prerequisites-image) + // in the VM Import/Export User Guide. LicenseType *string `type:"string"` // The operating system of the virtual machine. @@ -63978,7 +68004,6 @@ func (s *ImportImageInput) SetRoleName(v string) *ImportImageInput { return s } -// Contains the output for ImportImage. type ImportImageOutput struct { _ struct{} `type:"structure"` @@ -64117,7 +68142,7 @@ type ImportImageTask struct { // The architecture of the virtual machine. // - // Valid values: i386 | x86_64 + // Valid values: i386 | x86_64 | arm64 Architecture *string `locationName:"architecture" type:"string"` // A description of the import task. @@ -64248,7 +68273,6 @@ func (s *ImportImageTask) SetStatusMessage(v string) *ImportImageTask { return s } -// Contains the parameters for ImportInstance. type ImportInstanceInput struct { _ struct{} `type:"structure"` @@ -64453,7 +68477,6 @@ func (s *ImportInstanceLaunchSpecification) SetUserData(v *UserData) *ImportInst return s } -// Contains the output for ImportInstance. type ImportInstanceOutput struct { _ struct{} `type:"structure"` @@ -64705,7 +68728,6 @@ func (s *ImportKeyPairOutput) SetKeyName(v string) *ImportKeyPairOutput { return s } -// Contains the parameters for ImportSnapshot. type ImportSnapshotInput struct { _ struct{} `type:"structure"` @@ -64826,7 +68848,6 @@ func (s *ImportSnapshotInput) SetRoleName(v string) *ImportSnapshotInput { return s } -// Contains the output for ImportSnapshot. type ImportSnapshotOutput struct { _ struct{} `type:"structure"` @@ -64910,7 +68931,6 @@ func (s *ImportSnapshotTask) SetSnapshotTaskDetail(v *SnapshotTaskDetail) *Impor return s } -// Contains the parameters for ImportVolume. type ImportVolumeInput struct { _ struct{} `type:"structure"` @@ -65008,7 +69028,6 @@ func (s *ImportVolumeInput) SetVolume(v *VolumeDetail) *ImportVolumeInput { return s } -// Contains the output for ImportVolume. type ImportVolumeOutput struct { _ struct{} `type:"structure"` @@ -66211,7 +70230,7 @@ type InstanceNetworkInterfaceSpecification struct { // // If you are not creating an EFA, specify interface or omit this parameter. // - // Valide values: interface | efa + // Valid values: interface | efa InterfaceType *string `type:"string"` // A number of IPv6 addresses to assign to the network interface. Amazon EC2 @@ -66250,8 +70269,8 @@ type InstanceNetworkInterfaceSpecification struct { // request. SecondaryPrivateIpAddressCount *int64 `locationName:"secondaryPrivateIpAddressCount" type:"integer"` - // The ID of the subnet associated with the network string. Applies only if - // creating a network interface when launching an instance. + // The ID of the subnet associated with the network interface. Applies only + // if creating a network interface when launching an instance. SubnetId *string `locationName:"subnetId" type:"string"` } @@ -66395,6 +70414,39 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat return s } +// The instance details to specify which volumes should be snapshotted. +type InstanceSpecification struct { + _ struct{} `type:"structure"` + + // Excludes the root volume from being snapshotted. + ExcludeBootVolume *bool `type:"boolean"` + + // The instance to specify which volumes should be snapshotted. + InstanceId *string `type:"string"` +} + +// String returns the string representation +func (s InstanceSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceSpecification) GoString() string { + return s.String() +} + +// SetExcludeBootVolume sets the ExcludeBootVolume field's value. +func (s *InstanceSpecification) SetExcludeBootVolume(v bool) *InstanceSpecification { + s.ExcludeBootVolume = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *InstanceSpecification) SetInstanceId(v string) *InstanceSpecification { + s.InstanceId = &v + return s +} + // Describes the current state of an instance. type InstanceState struct { _ struct{} `type:"structure"` @@ -66717,6 +70769,39 @@ func (s *InstanceStatusSummary) SetStatus(v string) *InstanceStatusSummary { return s } +// Information about the Capacity Reservation usage. +type InstanceUsage struct { + _ struct{} `type:"structure"` + + // The ID of the AWS account that is making use of the Capacity Reservation. + AccountId *string `locationName:"accountId" type:"string"` + + // The number of instances the AWS account currently has in the Capacity Reservation. + UsedInstanceCount *int64 `locationName:"usedInstanceCount" type:"integer"` +} + +// String returns the string representation +func (s InstanceUsage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceUsage) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *InstanceUsage) SetAccountId(v string) *InstanceUsage { + s.AccountId = &v + return s +} + +// SetUsedInstanceCount sets the UsedInstanceCount field's value. +func (s *InstanceUsage) SetUsedInstanceCount(v int64) *InstanceUsage { + s.UsedInstanceCount = &v + return s +} + // Describes an internet gateway. type InternetGateway struct { _ struct{} `type:"structure"` @@ -67653,9 +71738,8 @@ type LaunchTemplateCpuOptionsRequest struct { // The number of CPU cores for the instance. CoreCount *int64 `type:"integer"` - // The number of threads per CPU core. To disable Intel Hyper-Threading Technology - // for the instance, specify a value of 1. Otherwise, specify the default value - // of 2. + // The number of threads per CPU core. To disable multithreading for the instance, + // specify a value of 1. Otherwise, specify the default value of 2. ThreadsPerCore *int64 `type:"integer"` } @@ -68253,7 +72337,13 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` - // The type of networking interface. + // The type of network interface. To create an Elastic Fabric Adapter (EFA), + // specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // If you are not creating an EFA, specify interface or omit this parameter. + // + // Valid values: interface | efa InterfaceType *string `type:"string"` // The number of IPv6 addresses to assign to a network interface. Amazon EC2 @@ -69310,7 +73400,7 @@ func (s *ModifyCapacityReservationInput) SetInstanceCount(v int64) *ModifyCapaci type ModifyCapacityReservationOutput struct { _ struct{} `type:"structure"` - // Information about the Capacity Reservation. + // Returns true if the request succeeds; otherwise, it returns an error. Return *bool `locationName:"return" type:"boolean"` } @@ -69368,6 +73458,13 @@ type ModifyClientVpnEndpointInput struct { // The ARN of the server certificate to be used. The server certificate must // be provisioned in AWS Certificate Manager (ACM). ServerCertificateArn *string `type:"string"` + + // Indicates whether the VPN is split-tunnel. + // + // For information about split-tunnel VPN endpoints, see Split-Tunnel AWS Client + // VPN Endpoint (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html) + // in the AWS Client VPN Administrator Guide. + SplitTunnel *bool `type:"boolean"` } // String returns the string representation @@ -69429,6 +73526,12 @@ func (s *ModifyClientVpnEndpointInput) SetServerCertificateArn(v string) *Modify return s } +// SetSplitTunnel sets the SplitTunnel field's value. +func (s *ModifyClientVpnEndpointInput) SetSplitTunnel(v bool) *ModifyClientVpnEndpointInput { + s.SplitTunnel = &v + return s +} + type ModifyClientVpnEndpointOutput struct { _ struct{} `type:"structure"` @@ -69461,25 +73564,24 @@ type ModifyEbsDefaultKmsKeyIdInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use to encrypt the volume. This parameter is only required if - // you want to use a non-default CMK; if this parameter is not specified, the - // default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag - // must also be set. + // The identifier of the AWS Key Management Service (AWS KMS) customer master + // key (CMK) to use for Amazon EBS encryption. If this parameter is not specified, + // your AWS managed CMK for EBS is used. If KmsKeyId is specified, the encrypted + // state must be true. // - // The CMK identifier may be provided in any of the following formats: + // You can specify the CMK using any of the following: // - // * Key ID + // * Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. // - // * Key alias + // * Key alias. For example, alias/ExampleAlias. // - // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the Region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // * Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // - // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the Region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // + // AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, + // alias, or ARN that is not valid, the action can appear to complete, but eventually + // fails. // // KmsKeyId is a required field KmsKeyId *string `type:"string" required:"true"` @@ -69523,8 +73625,7 @@ func (s *ModifyEbsDefaultKmsKeyIdInput) SetKmsKeyId(v string) *ModifyEbsDefaultK type ModifyEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The full ARN of the default CMK that your account uses to encrypt an EBS - // volume when no CMK is specified in the API call that creates the volume. + // The Amazon Resource Name (ARN) of the default CMK for encryption by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -69799,14 +73900,17 @@ type ModifyHostsInput struct { _ struct{} `type:"structure"` // Specify whether to enable or disable auto-placement. - // - // AutoPlacement is a required field - AutoPlacement *string `locationName:"autoPlacement" type:"string" required:"true" enum:"AutoPlacement"` + AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` // The IDs of the Dedicated Hosts to modify. // // HostIds is a required field HostIds []*string `locationName:"hostId" locationNameList:"item" type:"list" required:"true"` + + // Indicates whether to enable or disable host recovery for the Dedicated Host. + // For more information, see Host Recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-recovery.html) + // in the Amazon Elastic Compute Cloud User Guide. + HostRecovery *string `type:"string" enum:"HostRecovery"` } // String returns the string representation @@ -69822,9 +73926,6 @@ func (s ModifyHostsInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *ModifyHostsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ModifyHostsInput"} - if s.AutoPlacement == nil { - invalidParams.Add(request.NewErrParamRequired("AutoPlacement")) - } if s.HostIds == nil { invalidParams.Add(request.NewErrParamRequired("HostIds")) } @@ -69847,6 +73948,12 @@ func (s *ModifyHostsInput) SetHostIds(v []*string) *ModifyHostsInput { return s } +// SetHostRecovery sets the HostRecovery field's value. +func (s *ModifyHostsInput) SetHostRecovery(v string) *ModifyHostsInput { + s.HostRecovery = &v + return s +} + type ModifyHostsOutput struct { _ struct{} `type:"structure"` @@ -71231,6 +75338,9 @@ type ModifySpotFleetRequestInput struct { // the Spot Fleet. ExcessCapacityTerminationPolicy *string `locationName:"excessCapacityTerminationPolicy" type:"string" enum:"ExcessCapacityTerminationPolicy"` + // The number of On-Demand Instances in the fleet. + OnDemandTargetCapacity *int64 `type:"integer"` + // The ID of the Spot Fleet request. // // SpotFleetRequestId is a required field @@ -71269,6 +75379,12 @@ func (s *ModifySpotFleetRequestInput) SetExcessCapacityTerminationPolicy(v strin return s } +// SetOnDemandTargetCapacity sets the OnDemandTargetCapacity field's value. +func (s *ModifySpotFleetRequestInput) SetOnDemandTargetCapacity(v int64) *ModifySpotFleetRequestInput { + s.OnDemandTargetCapacity = &v + return s +} + // SetSpotFleetRequestId sets the SpotFleetRequestId field's value. func (s *ModifySpotFleetRequestInput) SetSpotFleetRequestId(v string) *ModifySpotFleetRequestInput { s.SpotFleetRequestId = &v @@ -71383,6 +75499,413 @@ func (s ModifySubnetAttributeOutput) GoString() string { return s.String() } +type ModifyTrafficMirrorFilterNetworkServicesInput struct { + _ struct{} `type:"structure"` + + // The network service, for example Amazon DNS, that you want to mirror. + AddNetworkServices []*string `locationName:"AddNetworkService" locationNameList:"item" type:"list"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The network service, for example Amazon DNS, that you no longer want to mirror. + RemoveNetworkServices []*string `locationName:"RemoveNetworkService" locationNameList:"item" type:"list"` + + // The ID of the Traffic Mirror filter. + // + // TrafficMirrorFilterId is a required field + TrafficMirrorFilterId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorFilterNetworkServicesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorFilterNetworkServicesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTrafficMirrorFilterNetworkServicesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTrafficMirrorFilterNetworkServicesInput"} + if s.TrafficMirrorFilterId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAddNetworkServices sets the AddNetworkServices field's value. +func (s *ModifyTrafficMirrorFilterNetworkServicesInput) SetAddNetworkServices(v []*string) *ModifyTrafficMirrorFilterNetworkServicesInput { + s.AddNetworkServices = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyTrafficMirrorFilterNetworkServicesInput) SetDryRun(v bool) *ModifyTrafficMirrorFilterNetworkServicesInput { + s.DryRun = &v + return s +} + +// SetRemoveNetworkServices sets the RemoveNetworkServices field's value. +func (s *ModifyTrafficMirrorFilterNetworkServicesInput) SetRemoveNetworkServices(v []*string) *ModifyTrafficMirrorFilterNetworkServicesInput { + s.RemoveNetworkServices = v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *ModifyTrafficMirrorFilterNetworkServicesInput) SetTrafficMirrorFilterId(v string) *ModifyTrafficMirrorFilterNetworkServicesInput { + s.TrafficMirrorFilterId = &v + return s +} + +type ModifyTrafficMirrorFilterNetworkServicesOutput struct { + _ struct{} `type:"structure"` + + // The Traffic Mirror filter that the network service is associated with. + TrafficMirrorFilter *TrafficMirrorFilter `locationName:"trafficMirrorFilter" type:"structure"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorFilterNetworkServicesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorFilterNetworkServicesOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorFilter sets the TrafficMirrorFilter field's value. +func (s *ModifyTrafficMirrorFilterNetworkServicesOutput) SetTrafficMirrorFilter(v *TrafficMirrorFilter) *ModifyTrafficMirrorFilterNetworkServicesOutput { + s.TrafficMirrorFilter = v + return s +} + +type ModifyTrafficMirrorFilterRuleInput struct { + _ struct{} `type:"structure"` + + // The description to assign to the Traffic Mirror rule. + Description *string `type:"string"` + + // The destination CIDR block to assign to the Traffic Mirror rule. + DestinationCidrBlock *string `type:"string"` + + // The destination ports that are associated with the Traffic Mirror rule. + DestinationPortRange *TrafficMirrorPortRangeRequest `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The protocol, for example TCP, to assign to the Traffic Mirror rule. + Protocol *int64 `type:"integer"` + + // The properties that you want to remove from the Traffic Mirror filter rule. + // + // When you remove a property from a Traffic Mirror filter rule, the property + // is set to the default. + RemoveFields []*string `locationName:"RemoveField" type:"list"` + + // The action to assign to the rule. + RuleAction *string `type:"string" enum:"TrafficMirrorRuleAction"` + + // The number of the Traffic Mirror rule. This number must be unique for each + // Traffic Mirror rule in a given direction. The rules are processed in ascending + // order by rule number. + RuleNumber *int64 `type:"integer"` + + // The source CIDR block to assign to the Traffic Mirror rule. + SourceCidrBlock *string `type:"string"` + + // The port range to assign to the Traffic Mirror rule. + SourcePortRange *TrafficMirrorPortRangeRequest `type:"structure"` + + // The type of traffic (ingress | egress) to assign to the rule. + TrafficDirection *string `type:"string" enum:"TrafficDirection"` + + // The ID of the Traffic Mirror rule. + // + // TrafficMirrorFilterRuleId is a required field + TrafficMirrorFilterRuleId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorFilterRuleInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorFilterRuleInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTrafficMirrorFilterRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTrafficMirrorFilterRuleInput"} + if s.TrafficMirrorFilterRuleId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorFilterRuleId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetDescription(v string) *ModifyTrafficMirrorFilterRuleInput { + s.Description = &v + return s +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetDestinationCidrBlock(v string) *ModifyTrafficMirrorFilterRuleInput { + s.DestinationCidrBlock = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetDestinationPortRange(v *TrafficMirrorPortRangeRequest) *ModifyTrafficMirrorFilterRuleInput { + s.DestinationPortRange = v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetDryRun(v bool) *ModifyTrafficMirrorFilterRuleInput { + s.DryRun = &v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetProtocol(v int64) *ModifyTrafficMirrorFilterRuleInput { + s.Protocol = &v + return s +} + +// SetRemoveFields sets the RemoveFields field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetRemoveFields(v []*string) *ModifyTrafficMirrorFilterRuleInput { + s.RemoveFields = v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetRuleAction(v string) *ModifyTrafficMirrorFilterRuleInput { + s.RuleAction = &v + return s +} + +// SetRuleNumber sets the RuleNumber field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetRuleNumber(v int64) *ModifyTrafficMirrorFilterRuleInput { + s.RuleNumber = &v + return s +} + +// SetSourceCidrBlock sets the SourceCidrBlock field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetSourceCidrBlock(v string) *ModifyTrafficMirrorFilterRuleInput { + s.SourceCidrBlock = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetSourcePortRange(v *TrafficMirrorPortRangeRequest) *ModifyTrafficMirrorFilterRuleInput { + s.SourcePortRange = v + return s +} + +// SetTrafficDirection sets the TrafficDirection field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetTrafficDirection(v string) *ModifyTrafficMirrorFilterRuleInput { + s.TrafficDirection = &v + return s +} + +// SetTrafficMirrorFilterRuleId sets the TrafficMirrorFilterRuleId field's value. +func (s *ModifyTrafficMirrorFilterRuleInput) SetTrafficMirrorFilterRuleId(v string) *ModifyTrafficMirrorFilterRuleInput { + s.TrafficMirrorFilterRuleId = &v + return s +} + +type ModifyTrafficMirrorFilterRuleOutput struct { + _ struct{} `type:"structure"` + + // Modifies a Traffic Mirror rule. + TrafficMirrorFilterRule *TrafficMirrorFilterRule `locationName:"trafficMirrorFilterRule" type:"structure"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorFilterRuleOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorFilterRuleOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorFilterRule sets the TrafficMirrorFilterRule field's value. +func (s *ModifyTrafficMirrorFilterRuleOutput) SetTrafficMirrorFilterRule(v *TrafficMirrorFilterRule) *ModifyTrafficMirrorFilterRuleOutput { + s.TrafficMirrorFilterRule = v + return s +} + +type ModifyTrafficMirrorSessionInput struct { + _ struct{} `type:"structure"` + + // The description to assign to the Traffic Mirror session. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The number of bytes in each packet to mirror. These are bytes after the VXLAN + // header. To mirror a subset, set this to the length (in bytes) to mirror. + // For example, if you set this value to 100, then the first 100 bytes that + // meet the filter criteria are copied to the target. Do not specify this parameter + // when you want to mirror the entire packet. + PacketLength *int64 `type:"integer"` + + // The properties that you want to remove from the Traffic Mirror session. + // + // When you remove a property from a Traffic Mirror session, the property is + // set to the default. + RemoveFields []*string `locationName:"RemoveField" type:"list"` + + // The session number determines the order in which sessions are evaluated when + // an interface is used by multiple sessions. The first session with a matching + // filter is the one that mirrors the packets. + // + // Valid values are 1-32766. + SessionNumber *int64 `type:"integer"` + + // The ID of the Traffic Mirror filter. + TrafficMirrorFilterId *string `type:"string"` + + // The ID of the Traffic Mirror session. + // + // TrafficMirrorSessionId is a required field + TrafficMirrorSessionId *string `type:"string" required:"true"` + + // The Traffic Mirror target. The target must be in the same VPC as the source, + // or have a VPC peering connection with the source. + TrafficMirrorTargetId *string `type:"string"` + + // The virtual network ID of the Traffic Mirror session. + VirtualNetworkId *int64 `type:"integer"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyTrafficMirrorSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyTrafficMirrorSessionInput"} + if s.TrafficMirrorSessionId == nil { + invalidParams.Add(request.NewErrParamRequired("TrafficMirrorSessionId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *ModifyTrafficMirrorSessionInput) SetDescription(v string) *ModifyTrafficMirrorSessionInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyTrafficMirrorSessionInput) SetDryRun(v bool) *ModifyTrafficMirrorSessionInput { + s.DryRun = &v + return s +} + +// SetPacketLength sets the PacketLength field's value. +func (s *ModifyTrafficMirrorSessionInput) SetPacketLength(v int64) *ModifyTrafficMirrorSessionInput { + s.PacketLength = &v + return s +} + +// SetRemoveFields sets the RemoveFields field's value. +func (s *ModifyTrafficMirrorSessionInput) SetRemoveFields(v []*string) *ModifyTrafficMirrorSessionInput { + s.RemoveFields = v + return s +} + +// SetSessionNumber sets the SessionNumber field's value. +func (s *ModifyTrafficMirrorSessionInput) SetSessionNumber(v int64) *ModifyTrafficMirrorSessionInput { + s.SessionNumber = &v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *ModifyTrafficMirrorSessionInput) SetTrafficMirrorFilterId(v string) *ModifyTrafficMirrorSessionInput { + s.TrafficMirrorFilterId = &v + return s +} + +// SetTrafficMirrorSessionId sets the TrafficMirrorSessionId field's value. +func (s *ModifyTrafficMirrorSessionInput) SetTrafficMirrorSessionId(v string) *ModifyTrafficMirrorSessionInput { + s.TrafficMirrorSessionId = &v + return s +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *ModifyTrafficMirrorSessionInput) SetTrafficMirrorTargetId(v string) *ModifyTrafficMirrorSessionInput { + s.TrafficMirrorTargetId = &v + return s +} + +// SetVirtualNetworkId sets the VirtualNetworkId field's value. +func (s *ModifyTrafficMirrorSessionInput) SetVirtualNetworkId(v int64) *ModifyTrafficMirrorSessionInput { + s.VirtualNetworkId = &v + return s +} + +type ModifyTrafficMirrorSessionOutput struct { + _ struct{} `type:"structure"` + + // Information about the Traffic Mirror session. + TrafficMirrorSession *TrafficMirrorSession `locationName:"trafficMirrorSession" type:"structure"` +} + +// String returns the string representation +func (s ModifyTrafficMirrorSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyTrafficMirrorSessionOutput) GoString() string { + return s.String() +} + +// SetTrafficMirrorSession sets the TrafficMirrorSession field's value. +func (s *ModifyTrafficMirrorSessionOutput) SetTrafficMirrorSession(v *TrafficMirrorSession) *ModifyTrafficMirrorSessionOutput { + s.TrafficMirrorSession = v + return s +} + type ModifyTransitGatewayVpcAttachmentInput struct { _ struct{} `type:"structure"` @@ -71897,8 +76420,7 @@ type ModifyVpcEndpointInput struct { DryRun *bool `type:"boolean"` // A policy to attach to the endpoint that controls access to the service. The - // policy must be in valid JSON format. If this parameter is not specified, - // we attach a default policy that allows full access to the service. + // policy must be in valid JSON format. PolicyDocument *string `type:"string"` // (Interface endpoint) Indicate whether a private hosted zone is associated @@ -72423,6 +76945,9 @@ func (s *ModifyVpcTenancyOutput) SetReturnValue(v bool) *ModifyVpcTenancyOutput type ModifyVpnConnectionInput struct { _ struct{} `type:"structure"` + // The ID of the customer gateway at your end of the VPN connection. + CustomerGatewayId *string `type:"string"` + // Checks whether you have the required permissions for the action, without // actually making the request, and provides an error response. If you have // the required permissions, the error response is DryRunOperation. Otherwise, @@ -72464,6 +76989,12 @@ func (s *ModifyVpnConnectionInput) Validate() error { return nil } +// SetCustomerGatewayId sets the CustomerGatewayId field's value. +func (s *ModifyVpnConnectionInput) SetCustomerGatewayId(v string) *ModifyVpnConnectionInput { + s.CustomerGatewayId = &v + return s +} + // SetDryRun sets the DryRun field's value. func (s *ModifyVpnConnectionInput) SetDryRun(v bool) *ModifyVpnConnectionInput { s.DryRun = &v @@ -72511,6 +77042,416 @@ func (s *ModifyVpnConnectionOutput) SetVpnConnection(v *VpnConnection) *ModifyVp return s } +type ModifyVpnTunnelCertificateInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the AWS Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ModifyVpnTunnelCertificateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnTunnelCertificateInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVpnTunnelCertificateInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVpnTunnelCertificateInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVpnTunnelCertificateInput) SetDryRun(v bool) *ModifyVpnTunnelCertificateInput { + s.DryRun = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *ModifyVpnTunnelCertificateInput) SetVpnConnectionId(v string) *ModifyVpnTunnelCertificateInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *ModifyVpnTunnelCertificateInput) SetVpnTunnelOutsideIpAddress(v string) *ModifyVpnTunnelCertificateInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type ModifyVpnTunnelCertificateOutput struct { + _ struct{} `type:"structure"` + + // Describes a VPN connection. + VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` +} + +// String returns the string representation +func (s ModifyVpnTunnelCertificateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnTunnelCertificateOutput) GoString() string { + return s.String() +} + +// SetVpnConnection sets the VpnConnection field's value. +func (s *ModifyVpnTunnelCertificateOutput) SetVpnConnection(v *VpnConnection) *ModifyVpnTunnelCertificateOutput { + s.VpnConnection = v + return s +} + +type ModifyVpnTunnelOptionsInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The tunnel options to modify. + // + // TunnelOptions is a required field + TunnelOptions *ModifyVpnTunnelOptionsSpecification `type:"structure" required:"true"` + + // The ID of the AWS Site-to-Site VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The external IP address of the VPN tunnel. + // + // VpnTunnelOutsideIpAddress is a required field + VpnTunnelOutsideIpAddress *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ModifyVpnTunnelOptionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnTunnelOptionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVpnTunnelOptionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVpnTunnelOptionsInput"} + if s.TunnelOptions == nil { + invalidParams.Add(request.NewErrParamRequired("TunnelOptions")) + } + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + if s.VpnTunnelOutsideIpAddress == nil { + invalidParams.Add(request.NewErrParamRequired("VpnTunnelOutsideIpAddress")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVpnTunnelOptionsInput) SetDryRun(v bool) *ModifyVpnTunnelOptionsInput { + s.DryRun = &v + return s +} + +// SetTunnelOptions sets the TunnelOptions field's value. +func (s *ModifyVpnTunnelOptionsInput) SetTunnelOptions(v *ModifyVpnTunnelOptionsSpecification) *ModifyVpnTunnelOptionsInput { + s.TunnelOptions = v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *ModifyVpnTunnelOptionsInput) SetVpnConnectionId(v string) *ModifyVpnTunnelOptionsInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnTunnelOutsideIpAddress sets the VpnTunnelOutsideIpAddress field's value. +func (s *ModifyVpnTunnelOptionsInput) SetVpnTunnelOutsideIpAddress(v string) *ModifyVpnTunnelOptionsInput { + s.VpnTunnelOutsideIpAddress = &v + return s +} + +type ModifyVpnTunnelOptionsOutput struct { + _ struct{} `type:"structure"` + + // Describes a VPN connection. + VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` +} + +// String returns the string representation +func (s ModifyVpnTunnelOptionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnTunnelOptionsOutput) GoString() string { + return s.String() +} + +// SetVpnConnection sets the VpnConnection field's value. +func (s *ModifyVpnTunnelOptionsOutput) SetVpnConnection(v *VpnConnection) *ModifyVpnTunnelOptionsOutput { + s.VpnConnection = v + return s +} + +// The AWS Site-to-Site VPN tunnel options to modify. +type ModifyVpnTunnelOptionsSpecification struct { + _ struct{} `type:"structure"` + + // The number of seconds after which a DPD timeout occurs. + // + // Constraints: A value between 0 and 30. + // + // Default: 30 + DPDTimeoutSeconds *int64 `type:"integer"` + + // The IKE versions that are permitted for the VPN tunnel. + // + // Valid values: ikev1 | ikev2 + IKEVersions []*IKEVersionsRequestListValue `locationName:"IKEVersion" locationNameList:"item" type:"list"` + + // One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel + // for phase 1 IKE negotiations. + // + // Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 22 | 23 | 24 + Phase1DHGroupNumbers []*Phase1DHGroupNumbersRequestListValue `locationName:"Phase1DHGroupNumber" locationNameList:"item" type:"list"` + + // One or more encryption algorithms that are permitted for the VPN tunnel for + // phase 1 IKE negotiations. + // + // Valid values: AES128 | AES256 + Phase1EncryptionAlgorithms []*Phase1EncryptionAlgorithmsRequestListValue `locationName:"Phase1EncryptionAlgorithm" locationNameList:"item" type:"list"` + + // One or more integrity algorithms that are permitted for the VPN tunnel for + // phase 1 IKE negotiations. + // + // Valid values: SHA1 | SHA2-256 + Phase1IntegrityAlgorithms []*Phase1IntegrityAlgorithmsRequestListValue `locationName:"Phase1IntegrityAlgorithm" locationNameList:"item" type:"list"` + + // The lifetime for phase 1 of the IKE negotiation, in seconds. + // + // Constraints: A value between 900 and 28,800. + // + // Default: 28800 + Phase1LifetimeSeconds *int64 `type:"integer"` + + // One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel + // for phase 2 IKE negotiations. + // + // Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 22 | 23 | 24 + Phase2DHGroupNumbers []*Phase2DHGroupNumbersRequestListValue `locationName:"Phase2DHGroupNumber" locationNameList:"item" type:"list"` + + // One or more encryption algorithms that are permitted for the VPN tunnel for + // phase 2 IKE negotiations. + // + // Valid values: AES128 | AES256 + Phase2EncryptionAlgorithms []*Phase2EncryptionAlgorithmsRequestListValue `locationName:"Phase2EncryptionAlgorithm" locationNameList:"item" type:"list"` + + // One or more integrity algorithms that are permitted for the VPN tunnel for + // phase 2 IKE negotiations. + // + // Valid values: SHA1 | SHA2-256 + Phase2IntegrityAlgorithms []*Phase2IntegrityAlgorithmsRequestListValue `locationName:"Phase2IntegrityAlgorithm" locationNameList:"item" type:"list"` + + // The lifetime for phase 2 of the IKE negotiation, in seconds. + // + // Constraints: A value between 900 and 3,600. The value must be less than the + // value for Phase1LifetimeSeconds. + // + // Default: 3600 + Phase2LifetimeSeconds *int64 `type:"integer"` + + // The pre-shared key (PSK) to establish initial authentication between the + // virtual private gateway and the customer gateway. + // + // Constraints: Allowed characters are alphanumeric characters, periods (.), + // and underscores (_). Must be between 8 and 64 characters in length and cannot + // start with zero (0). + PreSharedKey *string `type:"string"` + + // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) + // during which the rekey time is randomly selected. + // + // Constraints: A value between 0 and 100. + // + // Default: 100 + RekeyFuzzPercentage *int64 `type:"integer"` + + // The margin time, in seconds, before the phase 2 lifetime expires, during + // which the AWS side of the VPN connection performs an IKE rekey. The exact + // time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. + // + // Constraints: A value between 60 and half of Phase2LifetimeSeconds. + // + // Default: 540 + RekeyMarginTimeSeconds *int64 `type:"integer"` + + // The number of packets in an IKE replay window. + // + // Constraints: A value between 64 and 2048. + // + // Default: 1024 + ReplayWindowSize *int64 `type:"integer"` + + // The range of inside IP addresses for the tunnel. Any specified CIDR blocks + // must be unique across all VPN connections that use the same virtual private + // gateway. + // + // Constraints: A size /30 CIDR block from the 169.254.0.0/16 range. The following + // CIDR blocks are reserved and cannot be used: + // + // * 169.254.0.0/30 + // + // * 169.254.1.0/30 + // + // * 169.254.2.0/30 + // + // * 169.254.3.0/30 + // + // * 169.254.4.0/30 + // + // * 169.254.5.0/30 + // + // * 169.254.169.252/30 + TunnelInsideCidr *string `type:"string"` +} + +// String returns the string representation +func (s ModifyVpnTunnelOptionsSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnTunnelOptionsSpecification) GoString() string { + return s.String() +} + +// SetDPDTimeoutSeconds sets the DPDTimeoutSeconds field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *ModifyVpnTunnelOptionsSpecification { + s.DPDTimeoutSeconds = &v + return s +} + +// SetIKEVersions sets the IKEVersions field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.IKEVersions = v + return s +} + +// SetPhase1DHGroupNumbers sets the Phase1DHGroupNumbers field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase1DHGroupNumbers(v []*Phase1DHGroupNumbersRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase1DHGroupNumbers = v + return s +} + +// SetPhase1EncryptionAlgorithms sets the Phase1EncryptionAlgorithms field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase1EncryptionAlgorithms(v []*Phase1EncryptionAlgorithmsRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase1EncryptionAlgorithms = v + return s +} + +// SetPhase1IntegrityAlgorithms sets the Phase1IntegrityAlgorithms field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase1IntegrityAlgorithms(v []*Phase1IntegrityAlgorithmsRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase1IntegrityAlgorithms = v + return s +} + +// SetPhase1LifetimeSeconds sets the Phase1LifetimeSeconds field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase1LifetimeSeconds(v int64) *ModifyVpnTunnelOptionsSpecification { + s.Phase1LifetimeSeconds = &v + return s +} + +// SetPhase2DHGroupNumbers sets the Phase2DHGroupNumbers field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase2DHGroupNumbers(v []*Phase2DHGroupNumbersRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase2DHGroupNumbers = v + return s +} + +// SetPhase2EncryptionAlgorithms sets the Phase2EncryptionAlgorithms field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase2EncryptionAlgorithms(v []*Phase2EncryptionAlgorithmsRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase2EncryptionAlgorithms = v + return s +} + +// SetPhase2IntegrityAlgorithms sets the Phase2IntegrityAlgorithms field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase2IntegrityAlgorithms(v []*Phase2IntegrityAlgorithmsRequestListValue) *ModifyVpnTunnelOptionsSpecification { + s.Phase2IntegrityAlgorithms = v + return s +} + +// SetPhase2LifetimeSeconds sets the Phase2LifetimeSeconds field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPhase2LifetimeSeconds(v int64) *ModifyVpnTunnelOptionsSpecification { + s.Phase2LifetimeSeconds = &v + return s +} + +// SetPreSharedKey sets the PreSharedKey field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetPreSharedKey(v string) *ModifyVpnTunnelOptionsSpecification { + s.PreSharedKey = &v + return s +} + +// SetRekeyFuzzPercentage sets the RekeyFuzzPercentage field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetRekeyFuzzPercentage(v int64) *ModifyVpnTunnelOptionsSpecification { + s.RekeyFuzzPercentage = &v + return s +} + +// SetRekeyMarginTimeSeconds sets the RekeyMarginTimeSeconds field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetRekeyMarginTimeSeconds(v int64) *ModifyVpnTunnelOptionsSpecification { + s.RekeyMarginTimeSeconds = &v + return s +} + +// SetReplayWindowSize sets the ReplayWindowSize field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetReplayWindowSize(v int64) *ModifyVpnTunnelOptionsSpecification { + s.ReplayWindowSize = &v + return s +} + +// SetTunnelInsideCidr sets the TunnelInsideCidr field's value. +func (s *ModifyVpnTunnelOptionsSpecification) SetTunnelInsideCidr(v string) *ModifyVpnTunnelOptionsSpecification { + s.TunnelInsideCidr = &v + return s +} + type MonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -72770,7 +77711,7 @@ type NatGateway struct { NatGatewayId *string `locationName:"natGatewayId" type:"string"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). ProvisionedBandwidth *ProvisionedBandwidth `locationName:"provisionedBandwidth" type:"structure"` @@ -73717,7 +78658,7 @@ func (s *NewDhcpConfiguration) SetValues(v []*string) *NewDhcpConfiguration { return s } -// The allocation strategy of On-Demand Instances in an EC2 Fleet. +// Describes the configuration of On-Demand Instances in an EC2 Fleet. type OnDemandOptions struct { _ struct{} `type:"structure"` @@ -73729,6 +78670,10 @@ type OnDemandOptions struct { // Fleet defaults to lowest-price. AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"FleetOnDemandAllocationStrategy"` + // The maximum amount per hour for On-Demand Instances that you're willing to + // pay. + MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` + // The minimum target capacity for On-Demand Instances in the fleet. If the // minimum target capacity is not reached, the fleet launches no instances. MinTargetCapacity *int64 `locationName:"minTargetCapacity" type:"integer"` @@ -73758,6 +78703,12 @@ func (s *OnDemandOptions) SetAllocationStrategy(v string) *OnDemandOptions { return s } +// SetMaxTotalPrice sets the MaxTotalPrice field's value. +func (s *OnDemandOptions) SetMaxTotalPrice(v string) *OnDemandOptions { + s.MaxTotalPrice = &v + return s +} + // SetMinTargetCapacity sets the MinTargetCapacity field's value. func (s *OnDemandOptions) SetMinTargetCapacity(v int64) *OnDemandOptions { s.MinTargetCapacity = &v @@ -73776,7 +78727,7 @@ func (s *OnDemandOptions) SetSingleInstanceType(v bool) *OnDemandOptions { return s } -// The allocation strategy of On-Demand Instances in an EC2 Fleet. +// Describes the configuration of On-Demand Instances in an EC2 Fleet. type OnDemandOptionsRequest struct { _ struct{} `type:"structure"` @@ -73788,6 +78739,10 @@ type OnDemandOptionsRequest struct { // Fleet defaults to lowest-price. AllocationStrategy *string `type:"string" enum:"FleetOnDemandAllocationStrategy"` + // The maximum amount per hour for On-Demand Instances that you're willing to + // pay. + MaxTotalPrice *string `type:"string"` + // The minimum target capacity for On-Demand Instances in the fleet. If the // minimum target capacity is not reached, the fleet launches no instances. MinTargetCapacity *int64 `type:"integer"` @@ -73817,6 +78772,12 @@ func (s *OnDemandOptionsRequest) SetAllocationStrategy(v string) *OnDemandOption return s } +// SetMaxTotalPrice sets the MaxTotalPrice field's value. +func (s *OnDemandOptionsRequest) SetMaxTotalPrice(v string) *OnDemandOptionsRequest { + s.MaxTotalPrice = &v + return s +} + // SetMinTargetCapacity sets the MinTargetCapacity field's value. func (s *OnDemandOptionsRequest) SetMinTargetCapacity(v int64) *OnDemandOptionsRequest { s.MinTargetCapacity = &v @@ -73977,6 +78938,296 @@ func (s *PeeringConnectionOptionsRequest) SetAllowEgressFromLocalVpcToRemoteClas return s } +// The Diffie-Hellmann group number for phase 1 IKE negotiations. +type Phase1DHGroupNumbersListValue struct { + _ struct{} `type:"structure"` + + // The Diffie-Hellmann group number. + Value *int64 `locationName:"value" type:"integer"` +} + +// String returns the string representation +func (s Phase1DHGroupNumbersListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1DHGroupNumbersListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1DHGroupNumbersListValue) SetValue(v int64) *Phase1DHGroupNumbersListValue { + s.Value = &v + return s +} + +// Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE +// negotiations. +type Phase1DHGroupNumbersRequestListValue struct { + _ struct{} `type:"structure"` + + // The Diffie-Hellmann group number. + Value *int64 `type:"integer"` +} + +// String returns the string representation +func (s Phase1DHGroupNumbersRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1DHGroupNumbersRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1DHGroupNumbersRequestListValue) SetValue(v int64) *Phase1DHGroupNumbersRequestListValue { + s.Value = &v + return s +} + +// The encryption algorithm for phase 1 IKE negotiations. +type Phase1EncryptionAlgorithmsListValue struct { + _ struct{} `type:"structure"` + + // The value for the encryption algorithm. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s Phase1EncryptionAlgorithmsListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1EncryptionAlgorithmsListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1EncryptionAlgorithmsListValue) SetValue(v string) *Phase1EncryptionAlgorithmsListValue { + s.Value = &v + return s +} + +// Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations. +type Phase1EncryptionAlgorithmsRequestListValue struct { + _ struct{} `type:"structure"` + + // The value for the encryption algorithm. + Value *string `type:"string"` +} + +// String returns the string representation +func (s Phase1EncryptionAlgorithmsRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1EncryptionAlgorithmsRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1EncryptionAlgorithmsRequestListValue) SetValue(v string) *Phase1EncryptionAlgorithmsRequestListValue { + s.Value = &v + return s +} + +// The integrity algorithm for phase 1 IKE negotiations. +type Phase1IntegrityAlgorithmsListValue struct { + _ struct{} `type:"structure"` + + // The value for the integrity algorithm. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s Phase1IntegrityAlgorithmsListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1IntegrityAlgorithmsListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1IntegrityAlgorithmsListValue) SetValue(v string) *Phase1IntegrityAlgorithmsListValue { + s.Value = &v + return s +} + +// Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations. +type Phase1IntegrityAlgorithmsRequestListValue struct { + _ struct{} `type:"structure"` + + // The value for the integrity algorithm. + Value *string `type:"string"` +} + +// String returns the string representation +func (s Phase1IntegrityAlgorithmsRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase1IntegrityAlgorithmsRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase1IntegrityAlgorithmsRequestListValue) SetValue(v string) *Phase1IntegrityAlgorithmsRequestListValue { + s.Value = &v + return s +} + +// The Diffie-Hellmann group number for phase 2 IKE negotiations. +type Phase2DHGroupNumbersListValue struct { + _ struct{} `type:"structure"` + + // The Diffie-Hellmann group number. + Value *int64 `locationName:"value" type:"integer"` +} + +// String returns the string representation +func (s Phase2DHGroupNumbersListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2DHGroupNumbersListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2DHGroupNumbersListValue) SetValue(v int64) *Phase2DHGroupNumbersListValue { + s.Value = &v + return s +} + +// Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE +// negotiations. +type Phase2DHGroupNumbersRequestListValue struct { + _ struct{} `type:"structure"` + + // The Diffie-Hellmann group number. + Value *int64 `type:"integer"` +} + +// String returns the string representation +func (s Phase2DHGroupNumbersRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2DHGroupNumbersRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2DHGroupNumbersRequestListValue) SetValue(v int64) *Phase2DHGroupNumbersRequestListValue { + s.Value = &v + return s +} + +// The encryption algorithm for phase 2 IKE negotiations. +type Phase2EncryptionAlgorithmsListValue struct { + _ struct{} `type:"structure"` + + // The encryption algorithm. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s Phase2EncryptionAlgorithmsListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2EncryptionAlgorithmsListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2EncryptionAlgorithmsListValue) SetValue(v string) *Phase2EncryptionAlgorithmsListValue { + s.Value = &v + return s +} + +// Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations. +type Phase2EncryptionAlgorithmsRequestListValue struct { + _ struct{} `type:"structure"` + + // The encryption algorithm. + Value *string `type:"string"` +} + +// String returns the string representation +func (s Phase2EncryptionAlgorithmsRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2EncryptionAlgorithmsRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2EncryptionAlgorithmsRequestListValue) SetValue(v string) *Phase2EncryptionAlgorithmsRequestListValue { + s.Value = &v + return s +} + +// The integrity algorithm for phase 2 IKE negotiations. +type Phase2IntegrityAlgorithmsListValue struct { + _ struct{} `type:"structure"` + + // The integrity algorithm. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s Phase2IntegrityAlgorithmsListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2IntegrityAlgorithmsListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2IntegrityAlgorithmsListValue) SetValue(v string) *Phase2IntegrityAlgorithmsListValue { + s.Value = &v + return s +} + +// Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations. +type Phase2IntegrityAlgorithmsRequestListValue struct { + _ struct{} `type:"structure"` + + // The integrity algorithm. + Value *string `type:"string"` +} + +// String returns the string representation +func (s Phase2IntegrityAlgorithmsRequestListValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Phase2IntegrityAlgorithmsRequestListValue) GoString() string { + return s.String() +} + +// SetValue sets the Value field's value. +func (s *Phase2IntegrityAlgorithmsRequestListValue) SetValue(v string) *Phase2IntegrityAlgorithmsRequestListValue { + s.Value = &v + return s +} + // Describes the placement of an instance. type Placement struct { _ struct{} `type:"structure"` @@ -74613,33 +79864,33 @@ func (s *ProvisionByoipCidrOutput) SetByoipCidr(v *ByoipCidr) *ProvisionByoipCid } // Reserved. If you need to sustain traffic greater than the documented limits -// (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), +// (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). type ProvisionedBandwidth struct { _ struct{} `type:"structure"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). ProvisionTime *time.Time `locationName:"provisionTime" type:"timestamp"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). Provisioned *string `locationName:"provisioned" type:"string"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). RequestTime *time.Time `locationName:"requestTime" type:"timestamp"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). Requested *string `locationName:"requested" type:"string"` // Reserved. If you need to sustain traffic greater than the documented limits - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html), + // (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), // contact us through the Support Center (https://console.aws.amazon.com/support/home?). Status *string `locationName:"status" type:"string"` } @@ -74887,9 +80138,8 @@ func (s *Purchase) SetUpfrontPrice(v string) *Purchase { type PurchaseHostReservationInput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure idempotency of the - // request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html) - // in the Amazon Elastic Compute Cloud User Guide. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` // The currency in which the totalUpfrontPrice, LimitPrice, and totalHourlyPrice @@ -74974,9 +80224,8 @@ func (s *PurchaseHostReservationInput) SetOfferingId(v string) *PurchaseHostRese type PurchaseHostReservationOutput struct { _ struct{} `type:"structure"` - // Unique, case-sensitive identifier you provide to ensure idempotency of the - // request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html) - // in the Amazon Elastic Compute Cloud User Guide. + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` // The currency in which the totalUpfrontPrice and totalHourlyPrice amounts @@ -75388,6 +80637,10 @@ type Region struct { // The Region service endpoint. Endpoint *string `locationName:"regionEndpoint" type:"string"` + // The Region opt-in status. The possible values are opt-in-not-required, opted-in, + // and not-opted-in. + OptInStatus *string `locationName:"optInStatus" type:"string"` + // The name of the Region. RegionName *string `locationName:"regionName" type:"string"` } @@ -75408,6 +80661,12 @@ func (s *Region) SetEndpoint(v string) *Region { return s } +// SetOptInStatus sets the OptInStatus field's value. +func (s *Region) SetOptInStatus(v string) *Region { + s.OptInStatus = &v + return s +} + // SetRegionName sets the RegionName field's value. func (s *Region) SetRegionName(v string) *Region { s.RegionName = &v @@ -75448,7 +80707,10 @@ type RegisterImageInput struct { // PV AMI can make instances launched from the AMI unreachable. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // The full path to your AMI manifest in Amazon S3 storage. + // The full path to your AMI manifest in Amazon S3 storage. The specified bucket + // must have the aws-exec-read canned access control list (ACL) to ensure that + // it can be accessed by Amazon EC2. For more information, see Canned ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) + // in the Amazon S3 Service Developer Guide. ImageLocation *string `type:"string"` // The ID of the kernel. @@ -76876,7 +82138,7 @@ type RequestLaunchTemplateData struct { Monitoring *LaunchTemplatesMonitoringRequest `type:"structure"` // One or more network interfaces. If you specify a network interface, you must - // specify any security groups as part of the network interface. + // specify any security groups and subnets as part of the network interface. NetworkInterfaces []*LaunchTemplateInstanceNetworkInterfaceSpecificationRequest `locationName:"NetworkInterface" locationNameList:"InstanceNetworkInterfaceSpecification" type:"list"` // The placement for the instance. @@ -77459,7 +82721,9 @@ type RequestSpotLaunchSpecification struct { // you can specify the names or the IDs of the security groups. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"item" type:"list"` - // The ID of the subnet in which to launch the instance. + // The IDs of the subnets in which to launch the instance. To specify multiple + // subnets, separate them using commas; for example, "subnet-1234abcdeexample1, + // subnet-0987cdef6example2". SubnetId *string `locationName:"subnetId" type:"string"` // The Base64-encoded user data for the instance. User data is limited to 16 @@ -78453,8 +83717,7 @@ func (s *ResetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *ResetEbsDefaultKmsKeyI type ResetEbsDefaultKmsKeyIdOutput struct { _ struct{} `type:"structure"` - // The full ARN of the default CMK that your account uses to encrypt an EBS - // volume when no CMK is specified in the API call that creates the volume. + // The Amazon Resource Name (ARN) of the default CMK for EBS encryption by default. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` } @@ -79885,10 +85148,7 @@ type RunInstancesInput struct { // Reserved. AdditionalInfo *string `locationName:"additionalInfo" type:"string"` - // The block device mapping entries. You can't specify both a snapshot ID and - // an encryption value. This is because only blank volumes can be encrypted - // on creation. If a snapshot is the basis for a volume, it is not blank and - // its encryption status is used for the volume encryption status. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // Information about the Capacity Reservation targeting option. If you do not @@ -80051,7 +85311,8 @@ type RunInstancesInput struct { Monitoring *RunInstancesMonitoringEnabled `type:"structure"` // The network interfaces to associate with the instance. If you specify a network - // interface, you must specify any security groups as part of the network interface. + // interface, you must specify any security groups and subnets as part of the + // network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterface" locationNameList:"item" type:"list"` // The placement for the instance. @@ -80097,8 +85358,8 @@ type RunInstancesInput struct { // [EC2-VPC] The ID of the subnet to launch the instance into. // - // You cannot specify this option and the network interfaces option in the same - // request. + // If you specify a network interface, you must specify any subnets as part + // of the network interface. SubnetId *string `type:"string"` // The tags to apply to the resources during launch. You can only tag instances @@ -81120,7 +86381,7 @@ type ScheduledInstancesEbs struct { // The volume type. gp2 for General Purpose SSD, io1 for Provisioned IOPS SSD, // Throughput Optimized HDD for st1, Cold HDD for sc1, or standard for Magnetic. // - // Default: standard + // Default: gp2 VolumeType *string `type:"string"` } @@ -81643,11 +86904,9 @@ type SearchTransitGatewayRoutesInput struct { // routes in your route table and you specify supernet-of-match as 10.0.1.0/30, // then the result returns 10.0.1.0/29. // - // * state - The state of the attachment (available | deleted | deleting - // | failed | modifying | pendingAcceptance | pending | rollingBack | rejected - // | rejecting). + // * state - The state of the route (active | blackhole). // - // * type - The type of roue (active | blackhole). + // * type - The type of route (propagated | static). // // Filters is a required field Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list" required:"true"` @@ -81908,6 +87167,70 @@ func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGr return s } +type SendDiagnosticInterruptInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the instance. + // + // InstanceId is a required field + InstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s SendDiagnosticInterruptInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SendDiagnosticInterruptInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SendDiagnosticInterruptInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SendDiagnosticInterruptInput"} + if s.InstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *SendDiagnosticInterruptInput) SetDryRun(v bool) *SendDiagnosticInterruptInput { + s.DryRun = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *SendDiagnosticInterruptInput) SetInstanceId(v string) *SendDiagnosticInterruptInput { + s.InstanceId = &v + return s +} + +type SendDiagnosticInterruptOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s SendDiagnosticInterruptOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SendDiagnosticInterruptOutput) GoString() string { + return s.String() +} + // Describes a service configuration for a VPC endpoint service. type ServiceConfiguration struct { _ struct{} `type:"structure"` @@ -82262,7 +87585,7 @@ type Snapshot struct { // the original volume or snapshot copy. Because data encryption keys are inherited // by volumes created from snapshots, and vice versa, if snapshots share the // same data encryption key identifier, then they belong to the same volume/snapshot - // lineage. This parameter is only returned by the DescribeSnapshots API operation. + // lineage. This parameter is only returned by DescribeSnapshots. DataEncryptionKeyId *string `locationName:"dataEncryptionKeyId" type:"string"` // The description for the snapshot. @@ -82271,9 +87594,9 @@ type Snapshot struct { // Indicates whether the snapshot is encrypted. Encrypted *bool `locationName:"encrypted" type:"boolean"` - // The full ARN of the AWS Key Management Service (AWS KMS) customer master - // key (CMK) that was used to protect the volume encryption key for the parent - // volume. + // The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) + // customer master key (CMK) that was used to protect the volume encryption + // key for the parent volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // Value from an Amazon-maintained list (amazon | self | all | aws-marketplace @@ -82301,7 +87624,7 @@ type Snapshot struct { // operation fails (for example, if the proper AWS Key Management Service (AWS // KMS) permissions are not obtained) this field displays error state details // to help you diagnose why the error occurred. This parameter is only returned - // by the DescribeSnapshots API operation. + // by DescribeSnapshots. StateMessage *string `locationName:"statusMessage" type:"string"` // Any tags assigned to the snapshot. @@ -82569,6 +87892,113 @@ func (s *SnapshotDiskContainer) SetUserBucket(v *UserBucket) *SnapshotDiskContai return s } +// Information about a snapshot. +type SnapshotInfo struct { + _ struct{} `type:"structure"` + + // Description specified by the CreateSnapshotRequest that has been applied + // to all snapshots. + Description *string `locationName:"description" type:"string"` + + // Indicates whether the snapshot is encrypted. + Encrypted *bool `locationName:"encrypted" type:"boolean"` + + // Account id used when creating this snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // Progress this snapshot has made towards completing. + Progress *string `locationName:"progress" type:"string"` + + // Snapshot id that can be used to describe this snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` + + // Time this snapshot was started. This is the same for all snapshots initiated + // by the same request. + StartTime *time.Time `locationName:"startTime" type:"timestamp"` + + // Current state of the snapshot. + State *string `locationName:"state" type:"string" enum:"SnapshotState"` + + // Tags associated with this snapshot. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // Source volume from which this snapshot was created. + VolumeId *string `locationName:"volumeId" type:"string"` + + // Size of the volume from which this snapshot was created. + VolumeSize *int64 `locationName:"volumeSize" type:"integer"` +} + +// String returns the string representation +func (s SnapshotInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SnapshotInfo) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SnapshotInfo) SetDescription(v string) *SnapshotInfo { + s.Description = &v + return s +} + +// SetEncrypted sets the Encrypted field's value. +func (s *SnapshotInfo) SetEncrypted(v bool) *SnapshotInfo { + s.Encrypted = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *SnapshotInfo) SetOwnerId(v string) *SnapshotInfo { + s.OwnerId = &v + return s +} + +// SetProgress sets the Progress field's value. +func (s *SnapshotInfo) SetProgress(v string) *SnapshotInfo { + s.Progress = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *SnapshotInfo) SetSnapshotId(v string) *SnapshotInfo { + s.SnapshotId = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *SnapshotInfo) SetStartTime(v time.Time) *SnapshotInfo { + s.StartTime = &v + return s +} + +// SetState sets the State field's value. +func (s *SnapshotInfo) SetState(v string) *SnapshotInfo { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SnapshotInfo) SetTags(v []*Tag) *SnapshotInfo { + s.Tags = v + return s +} + +// SetVolumeId sets the VolumeId field's value. +func (s *SnapshotInfo) SetVolumeId(v string) *SnapshotInfo { + s.VolumeId = &v + return s +} + +// SetVolumeSize sets the VolumeSize field's value. +func (s *SnapshotInfo) SetVolumeSize(v int64) *SnapshotInfo { + s.VolumeSize = &v + return s +} + // Details about the import snapshot task. type SnapshotTaskDetail struct { _ struct{} `type:"structure"` @@ -82753,7 +88183,7 @@ type SpotFleetLaunchSpecification struct { // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block devices that are mapped to the Spot instances. You can't + // One or more block devices that are mapped to the Spot Instances. You can't // specify both a snapshot ID and an encryption value. This is because only // blank volumes can be encrypted on creation. If a snapshot is the basis for // a volume, it is not blank and its encryption status is used for the volume @@ -82811,8 +88241,9 @@ type SpotFleetLaunchSpecification struct { // by the value of WeightedCapacity. SpotPrice *string `locationName:"spotPrice" type:"string"` - // The ID of the subnet in which to launch the instances. To specify multiple - // subnets, separate them using commas; for example, "subnet-a61dafcf, subnet-65ea5f08". + // The IDs of the subnets in which to launch the instances. To specify multiple + // subnets, separate them using commas; for example, "subnet-1234abcdeexample1, + // subnet-0987cdef6example2". SubnetId *string `locationName:"subnetId" type:"string"` // The tags to apply during creation. @@ -83043,8 +88474,19 @@ func (s *SpotFleetRequestConfig) SetSpotFleetRequestState(v string) *SpotFleetRe type SpotFleetRequestConfigData struct { _ struct{} `type:"structure"` - // Indicates how to allocate the target capacity across the Spot pools specified - // by the Spot Fleet request. The default is lowestPrice. + // Indicates how to allocate the target Spot Instance capacity across the Spot + // Instance pools specified by the Spot Fleet request. + // + // If the allocation strategy is lowestPrice, Spot Fleet launches instances + // from the Spot Instance pools with the lowest price. This is the default allocation + // strategy. + // + // If the allocation strategy is diversified, Spot Fleet launches instances + // from all the Spot Instance pools that you specify. + // + // If the allocation strategy is capacityOptimized, Spot Fleet launches instances + // from Spot Instance pools with optimal capacity for the number of instances + // that are launching. AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"AllocationStrategy"` // A unique, case-sensitive identifier that you provide to ensure the idempotency @@ -83113,6 +88555,16 @@ type SpotFleetRequestConfigData struct { // target On-Demand capacity. OnDemandFulfilledCapacity *float64 `locationName:"onDemandFulfilledCapacity" type:"double"` + // The maximum amount per hour for On-Demand Instances that you're willing to + // pay. You can use the onDemandMaxTotalPrice parameter, the spotMaxTotalPrice + // parameter, or both parameters to ensure that your fleet cost does not exceed + // your budget. If you set a maximum price per hour for the On-Demand Instances + // and Spot Instances in your request, Spot Fleet will launch instances until + // it reaches the maximum amount you're willing to pay. When the maximum amount + // you're willing to pay is reached, the fleet stops launching instances even + // if it hasn’t met the target capacity. + OnDemandMaxTotalPrice *string `locationName:"onDemandMaxTotalPrice" type:"string"` + // The number of On-Demand units to request. You can choose to set the target // capacity in terms of instances or a performance characteristic that is important // to your application workload, such as vCPUs, memory, or I/O. If the request @@ -83123,6 +88575,16 @@ type SpotFleetRequestConfigData struct { // Indicates whether Spot Fleet should replace unhealthy instances. ReplaceUnhealthyInstances *bool `locationName:"replaceUnhealthyInstances" type:"boolean"` + // The maximum amount per hour for Spot Instances that you're willing to pay. + // You can use the spotdMaxTotalPrice parameter, the onDemandMaxTotalPrice parameter, + // or both parameters to ensure that your fleet cost does not exceed your budget. + // If you set a maximum price per hour for the On-Demand Instances and Spot + // Instances in your request, Spot Fleet will launch instances until it reaches + // the maximum amount you're willing to pay. When the maximum amount you're + // willing to pay is reached, the fleet stops launching instances even if it + // hasn’t met the target capacity. + SpotMaxTotalPrice *string `locationName:"spotMaxTotalPrice" type:"string"` + // The maximum price per unit hour that you are willing to pay for a Spot Instance. // The default is the On-Demand price. SpotPrice *string `locationName:"spotPrice" type:"string"` @@ -83274,6 +88736,12 @@ func (s *SpotFleetRequestConfigData) SetOnDemandFulfilledCapacity(v float64) *Sp return s } +// SetOnDemandMaxTotalPrice sets the OnDemandMaxTotalPrice field's value. +func (s *SpotFleetRequestConfigData) SetOnDemandMaxTotalPrice(v string) *SpotFleetRequestConfigData { + s.OnDemandMaxTotalPrice = &v + return s +} + // SetOnDemandTargetCapacity sets the OnDemandTargetCapacity field's value. func (s *SpotFleetRequestConfigData) SetOnDemandTargetCapacity(v int64) *SpotFleetRequestConfigData { s.OnDemandTargetCapacity = &v @@ -83286,6 +88754,12 @@ func (s *SpotFleetRequestConfigData) SetReplaceUnhealthyInstances(v bool) *SpotF return s } +// SetSpotMaxTotalPrice sets the SpotMaxTotalPrice field's value. +func (s *SpotFleetRequestConfigData) SetSpotMaxTotalPrice(v string) *SpotFleetRequestConfigData { + s.SpotMaxTotalPrice = &v + return s +} + // SetSpotPrice sets the SpotPrice field's value. func (s *SpotFleetRequestConfigData) SetSpotPrice(v string) *SpotFleetRequestConfigData { s.SpotPrice = &v @@ -83705,8 +89179,19 @@ func (s *SpotMarketOptions) SetValidUntil(v time.Time) *SpotMarketOptions { type SpotOptions struct { _ struct{} `type:"structure"` - // Indicates how to allocate the target capacity across the Spot pools specified - // by the Spot Fleet request. The default is lowest-price. + // Indicates how to allocate the target Spot Instance capacity across the Spot + // Instance pools specified by the EC2 Fleet. + // + // If the allocation strategy is lowestPrice, EC2 Fleet launches instances from + // the Spot Instance pools with the lowest price. This is the default allocation + // strategy. + // + // If the allocation strategy is diversified, EC2 Fleet launches instances from + // all the Spot Instance pools that you specify. + // + // If the allocation strategy is capacityOptimized, EC2 Fleet launches instances + // from Spot Instance pools with optimal capacity for the number of instances + // that are launching. AllocationStrategy *string `locationName:"allocationStrategy" type:"string" enum:"SpotAllocationStrategy"` // The behavior when a Spot Instance is interrupted. The default is terminate. @@ -83718,6 +89203,9 @@ type SpotOptions struct { // the number of Spot pools that you specify. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` + // The maximum amount per hour for Spot Instances that you're willing to pay. + MaxTotalPrice *string `locationName:"maxTotalPrice" type:"string"` + // The minimum target capacity for Spot Instances in the fleet. If the minimum // target capacity is not reached, the fleet launches no instances. MinTargetCapacity *int64 `locationName:"minTargetCapacity" type:"integer"` @@ -83759,6 +89247,12 @@ func (s *SpotOptions) SetInstancePoolsToUseCount(v int64) *SpotOptions { return s } +// SetMaxTotalPrice sets the MaxTotalPrice field's value. +func (s *SpotOptions) SetMaxTotalPrice(v string) *SpotOptions { + s.MaxTotalPrice = &v + return s +} + // SetMinTargetCapacity sets the MinTargetCapacity field's value. func (s *SpotOptions) SetMinTargetCapacity(v int64) *SpotOptions { s.MinTargetCapacity = &v @@ -83781,8 +89275,19 @@ func (s *SpotOptions) SetSingleInstanceType(v bool) *SpotOptions { type SpotOptionsRequest struct { _ struct{} `type:"structure"` - // Indicates how to allocate the target capacity across the Spot pools specified - // by the Spot Fleet request. The default is lowestPrice. + // Indicates how to allocate the target Spot Instance capacity across the Spot + // Instance pools specified by the EC2 Fleet. + // + // If the allocation strategy is lowestPrice, EC2 Fleet launches instances from + // the Spot Instance pools with the lowest price. This is the default allocation + // strategy. + // + // If the allocation strategy is diversified, EC2 Fleet launches instances from + // all the Spot Instance pools that you specify. + // + // If the allocation strategy is capacityOptimized, EC2 Fleet launches instances + // from Spot Instance pools with optimal capacity for the number of instances + // that are launching. AllocationStrategy *string `type:"string" enum:"SpotAllocationStrategy"` // The behavior when a Spot Instance is interrupted. The default is terminate. @@ -83794,6 +89299,9 @@ type SpotOptionsRequest struct { // across the number of Spot pools that you specify. InstancePoolsToUseCount *int64 `type:"integer"` + // The maximum amount per hour for Spot Instances that you're willing to pay. + MaxTotalPrice *string `type:"string"` + // The minimum target capacity for Spot Instances in the fleet. If the minimum // target capacity is not reached, the fleet launches no instances. MinTargetCapacity *int64 `type:"integer"` @@ -83835,6 +89343,12 @@ func (s *SpotOptionsRequest) SetInstancePoolsToUseCount(v int64) *SpotOptionsReq return s } +// SetMaxTotalPrice sets the MaxTotalPrice field's value. +func (s *SpotOptionsRequest) SetMaxTotalPrice(v string) *SpotOptionsRequest { + s.MaxTotalPrice = &v + return s +} + // SetMinTargetCapacity sets the MinTargetCapacity field's value. func (s *SpotOptionsRequest) SetMinTargetCapacity(v int64) *SpotOptionsRequest { s.MinTargetCapacity = &v @@ -84754,8 +90268,11 @@ type TagSpecification struct { _ struct{} `type:"structure"` // The type of resource to tag. Currently, the resource types that support tagging - // on creation are fleet, dedicated-host, instance, snapshot, and volume. To - // tag a resource after it has been created, see CreateTags. + // on creation are: capacity-reservation | client-vpn-endpoint | dedicated-host + // | fleet | instance | launch-template | snapshot | transit-gateway | transit-gateway-attachment + // | transit-gateway-route-table | volume. + // + // To tag a resource after it has been created, see CreateTags. ResourceType *string `locationName:"resourceType" type:"string" enum:"ResourceType"` // The tags to apply to the resource. @@ -84789,16 +90306,27 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification { // your application workload, such as vCPUs, memory, or I/O. If the request // type is maintain, you can specify a target capacity of 0 and add capacity // later. +// +// You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance +// MaxTotalPrice, or both to ensure your fleet cost does not exceed your budget. +// If you set a maximum price per hour for the On-Demand Instances and Spot +// Instances in your request, EC2 Fleet will launch instances until it reaches +// the maximum amount you're willing to pay. When the maximum amount you're +// willing to pay is reached, the fleet stops launching instances even if it +// hasn’t met the target capacity. The MaxTotalPrice parameters are located +// in and type TargetCapacitySpecification struct { _ struct{} `type:"structure"` // The default TotalTargetCapacity, which is either Spot or On-Demand. DefaultTargetCapacityType *string `locationName:"defaultTargetCapacityType" type:"string" enum:"DefaultTargetCapacityType"` - // The number of On-Demand units to request. + // The number of On-Demand units to request. If you specify a target capacity + // for Spot units, you cannot specify a target capacity for On-Demand units. OnDemandTargetCapacity *int64 `locationName:"onDemandTargetCapacity" type:"integer"` - // The maximum number of Spot units to launch. + // The maximum number of Spot units to launch. If you specify a target capacity + // for On-Demand units, you cannot specify a target capacity for Spot units. SpotTargetCapacity *int64 `locationName:"spotTargetCapacity" type:"integer"` // The number of units to request, filled using DefaultTargetCapacityType. @@ -84840,10 +90368,19 @@ func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCap } // The number of units to request. You can choose to set the target capacity -// in terms of instances or a performance characteristic that is important to -// your application workload, such as vCPUs, memory, or I/O. If the request -// type is maintain, you can specify a target capacity of 0 and add capacity -// later. +// as the number of instances. Or you can set the target capacity to a performance +// characteristic that is important to your application workload, such as vCPUs, +// memory, or I/O. If the request type is maintain, you can specify a target +// capacity of 0 and add capacity later. +// +// You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance +// MaxTotalPrice parameter, or both parameters to ensure that your fleet cost +// does not exceed your budget. If you set a maximum price per hour for the +// On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch +// instances until it reaches the maximum amount you're willing to pay. When +// the maximum amount you're willing to pay is reached, the fleet stops launching +// instances even if it hasn’t met the target capacity. The MaxTotalPrice +// parameters are located in and . type TargetCapacitySpecificationRequest struct { _ struct{} `type:"structure"` @@ -85388,6 +90925,452 @@ func (s *TerminateInstancesOutput) SetTerminatingInstances(v []*InstanceStateCha return s } +// Describes the Traffic Mirror filter. +type TrafficMirrorFilter struct { + _ struct{} `type:"structure"` + + // The description of the Traffic Mirror filter. + Description *string `locationName:"description" type:"string"` + + // Information about the egress rules that are associated with the Traffic Mirror + // filter. + EgressFilterRules []*TrafficMirrorFilterRule `locationName:"egressFilterRuleSet" locationNameList:"item" type:"list"` + + // Information about the ingress rules that are associated with the Traffic + // Mirror filter. + IngressFilterRules []*TrafficMirrorFilterRule `locationName:"ingressFilterRuleSet" locationNameList:"item" type:"list"` + + // The network service traffic that is associated with the Traffic Mirror filter. + NetworkServices []*string `locationName:"networkServiceSet" locationNameList:"item" type:"list"` + + // The tags assigned to the Traffic Mirror filter. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Traffic Mirror filter. + TrafficMirrorFilterId *string `locationName:"trafficMirrorFilterId" type:"string"` +} + +// String returns the string representation +func (s TrafficMirrorFilter) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorFilter) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *TrafficMirrorFilter) SetDescription(v string) *TrafficMirrorFilter { + s.Description = &v + return s +} + +// SetEgressFilterRules sets the EgressFilterRules field's value. +func (s *TrafficMirrorFilter) SetEgressFilterRules(v []*TrafficMirrorFilterRule) *TrafficMirrorFilter { + s.EgressFilterRules = v + return s +} + +// SetIngressFilterRules sets the IngressFilterRules field's value. +func (s *TrafficMirrorFilter) SetIngressFilterRules(v []*TrafficMirrorFilterRule) *TrafficMirrorFilter { + s.IngressFilterRules = v + return s +} + +// SetNetworkServices sets the NetworkServices field's value. +func (s *TrafficMirrorFilter) SetNetworkServices(v []*string) *TrafficMirrorFilter { + s.NetworkServices = v + return s +} + +// SetTags sets the Tags field's value. +func (s *TrafficMirrorFilter) SetTags(v []*Tag) *TrafficMirrorFilter { + s.Tags = v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *TrafficMirrorFilter) SetTrafficMirrorFilterId(v string) *TrafficMirrorFilter { + s.TrafficMirrorFilterId = &v + return s +} + +// Describes the Traffic Mirror rule. +type TrafficMirrorFilterRule struct { + _ struct{} `type:"structure"` + + // The description of the Traffic Mirror rule. + Description *string `locationName:"description" type:"string"` + + // The destination CIDR block assigned to the Traffic Mirror rule. + DestinationCidrBlock *string `locationName:"destinationCidrBlock" type:"string"` + + // The destination port range assigned to the Traffic Mirror rule. + DestinationPortRange *TrafficMirrorPortRange `locationName:"destinationPortRange" type:"structure"` + + // The protocol assigned to the Traffic Mirror rule. + Protocol *int64 `locationName:"protocol" type:"integer"` + + // The action assigned to the Traffic Mirror rule. + RuleAction *string `locationName:"ruleAction" type:"string" enum:"TrafficMirrorRuleAction"` + + // The rule number of the Traffic Mirror rule. + RuleNumber *int64 `locationName:"ruleNumber" type:"integer"` + + // The source CIDR block assigned to the Traffic Mirror rule. + SourceCidrBlock *string `locationName:"sourceCidrBlock" type:"string"` + + // The source port range assigned to the Traffic Mirror rule. + SourcePortRange *TrafficMirrorPortRange `locationName:"sourcePortRange" type:"structure"` + + // The traffic direction assigned to the Traffic Mirror rule. + TrafficDirection *string `locationName:"trafficDirection" type:"string" enum:"TrafficDirection"` + + // The ID of the Traffic Mirror filter that the rule is associated with. + TrafficMirrorFilterId *string `locationName:"trafficMirrorFilterId" type:"string"` + + // The ID of the Traffic Mirror rule. + TrafficMirrorFilterRuleId *string `locationName:"trafficMirrorFilterRuleId" type:"string"` +} + +// String returns the string representation +func (s TrafficMirrorFilterRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorFilterRule) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *TrafficMirrorFilterRule) SetDescription(v string) *TrafficMirrorFilterRule { + s.Description = &v + return s +} + +// SetDestinationCidrBlock sets the DestinationCidrBlock field's value. +func (s *TrafficMirrorFilterRule) SetDestinationCidrBlock(v string) *TrafficMirrorFilterRule { + s.DestinationCidrBlock = &v + return s +} + +// SetDestinationPortRange sets the DestinationPortRange field's value. +func (s *TrafficMirrorFilterRule) SetDestinationPortRange(v *TrafficMirrorPortRange) *TrafficMirrorFilterRule { + s.DestinationPortRange = v + return s +} + +// SetProtocol sets the Protocol field's value. +func (s *TrafficMirrorFilterRule) SetProtocol(v int64) *TrafficMirrorFilterRule { + s.Protocol = &v + return s +} + +// SetRuleAction sets the RuleAction field's value. +func (s *TrafficMirrorFilterRule) SetRuleAction(v string) *TrafficMirrorFilterRule { + s.RuleAction = &v + return s +} + +// SetRuleNumber sets the RuleNumber field's value. +func (s *TrafficMirrorFilterRule) SetRuleNumber(v int64) *TrafficMirrorFilterRule { + s.RuleNumber = &v + return s +} + +// SetSourceCidrBlock sets the SourceCidrBlock field's value. +func (s *TrafficMirrorFilterRule) SetSourceCidrBlock(v string) *TrafficMirrorFilterRule { + s.SourceCidrBlock = &v + return s +} + +// SetSourcePortRange sets the SourcePortRange field's value. +func (s *TrafficMirrorFilterRule) SetSourcePortRange(v *TrafficMirrorPortRange) *TrafficMirrorFilterRule { + s.SourcePortRange = v + return s +} + +// SetTrafficDirection sets the TrafficDirection field's value. +func (s *TrafficMirrorFilterRule) SetTrafficDirection(v string) *TrafficMirrorFilterRule { + s.TrafficDirection = &v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *TrafficMirrorFilterRule) SetTrafficMirrorFilterId(v string) *TrafficMirrorFilterRule { + s.TrafficMirrorFilterId = &v + return s +} + +// SetTrafficMirrorFilterRuleId sets the TrafficMirrorFilterRuleId field's value. +func (s *TrafficMirrorFilterRule) SetTrafficMirrorFilterRuleId(v string) *TrafficMirrorFilterRule { + s.TrafficMirrorFilterRuleId = &v + return s +} + +// Describes the Traffic Mirror port range. +type TrafficMirrorPortRange struct { + _ struct{} `type:"structure"` + + // The start of the Traffic Mirror port range. This applies to the TCP and UDP + // protocols. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The end of the Traffic Mirror port range. This applies to the TCP and UDP + // protocols. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation +func (s TrafficMirrorPortRange) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorPortRange) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *TrafficMirrorPortRange) SetFromPort(v int64) *TrafficMirrorPortRange { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *TrafficMirrorPortRange) SetToPort(v int64) *TrafficMirrorPortRange { + s.ToPort = &v + return s +} + +// Information about the Traffic Mirror filter rule port range. +type TrafficMirrorPortRangeRequest struct { + _ struct{} `type:"structure"` + + // The first port in the Traffic Mirror port range. This applies to the TCP + // and UDP protocols. + FromPort *int64 `type:"integer"` + + // The last port in the Traffic Mirror port range. This applies to the TCP and + // UDP protocols. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation +func (s TrafficMirrorPortRangeRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorPortRangeRequest) GoString() string { + return s.String() +} + +// SetFromPort sets the FromPort field's value. +func (s *TrafficMirrorPortRangeRequest) SetFromPort(v int64) *TrafficMirrorPortRangeRequest { + s.FromPort = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *TrafficMirrorPortRangeRequest) SetToPort(v int64) *TrafficMirrorPortRangeRequest { + s.ToPort = &v + return s +} + +// Describes a Traffic Mirror session. +type TrafficMirrorSession struct { + _ struct{} `type:"structure"` + + // The description of the Traffic Mirror session. + Description *string `locationName:"description" type:"string"` + + // The ID of the Traffic Mirror session's network interface. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The ID of the account that owns the Traffic Mirror session. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The number of bytes in each packet to mirror. These are the bytes after the + // VXLAN header. To mirror a subset, set this to the length (in bytes) to mirror. + // For example, if you set this value to 100, then the first 100 bytes that + // meet the filter criteria are copied to the target. Do not specify this parameter + // when you want to mirror the entire packet + PacketLength *int64 `locationName:"packetLength" type:"integer"` + + // The session number determines the order in which sessions are evaluated when + // an interface is used by multiple sessions. The first session with a matching + // filter is the one that mirrors the packets. + // + // Valid values are 1-32766. + SessionNumber *int64 `locationName:"sessionNumber" type:"integer"` + + // The tags assigned to the Traffic Mirror session. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Traffic Mirror filter. + TrafficMirrorFilterId *string `locationName:"trafficMirrorFilterId" type:"string"` + + // The ID for the Traffic Mirror session. + TrafficMirrorSessionId *string `locationName:"trafficMirrorSessionId" type:"string"` + + // The ID of the Traffic Mirror target. + TrafficMirrorTargetId *string `locationName:"trafficMirrorTargetId" type:"string"` + + // The virtual network ID associated with the Traffic Mirror session. + VirtualNetworkId *int64 `locationName:"virtualNetworkId" type:"integer"` +} + +// String returns the string representation +func (s TrafficMirrorSession) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorSession) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *TrafficMirrorSession) SetDescription(v string) *TrafficMirrorSession { + s.Description = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *TrafficMirrorSession) SetNetworkInterfaceId(v string) *TrafficMirrorSession { + s.NetworkInterfaceId = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *TrafficMirrorSession) SetOwnerId(v string) *TrafficMirrorSession { + s.OwnerId = &v + return s +} + +// SetPacketLength sets the PacketLength field's value. +func (s *TrafficMirrorSession) SetPacketLength(v int64) *TrafficMirrorSession { + s.PacketLength = &v + return s +} + +// SetSessionNumber sets the SessionNumber field's value. +func (s *TrafficMirrorSession) SetSessionNumber(v int64) *TrafficMirrorSession { + s.SessionNumber = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TrafficMirrorSession) SetTags(v []*Tag) *TrafficMirrorSession { + s.Tags = v + return s +} + +// SetTrafficMirrorFilterId sets the TrafficMirrorFilterId field's value. +func (s *TrafficMirrorSession) SetTrafficMirrorFilterId(v string) *TrafficMirrorSession { + s.TrafficMirrorFilterId = &v + return s +} + +// SetTrafficMirrorSessionId sets the TrafficMirrorSessionId field's value. +func (s *TrafficMirrorSession) SetTrafficMirrorSessionId(v string) *TrafficMirrorSession { + s.TrafficMirrorSessionId = &v + return s +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *TrafficMirrorSession) SetTrafficMirrorTargetId(v string) *TrafficMirrorSession { + s.TrafficMirrorTargetId = &v + return s +} + +// SetVirtualNetworkId sets the VirtualNetworkId field's value. +func (s *TrafficMirrorSession) SetVirtualNetworkId(v int64) *TrafficMirrorSession { + s.VirtualNetworkId = &v + return s +} + +// Describes a Traffic Mirror target. +type TrafficMirrorTarget struct { + _ struct{} `type:"structure"` + + // Information about the Traffic Mirror target. + Description *string `locationName:"description" type:"string"` + + // The network interface ID that is attached to the target. + NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` + + // The Amazon Resource Name (ARN) of the Network Load Balancer. + NetworkLoadBalancerArn *string `locationName:"networkLoadBalancerArn" type:"string"` + + // The ID of the account that owns the Traffic Mirror target. + OwnerId *string `locationName:"ownerId" type:"string"` + + // The tags assigned to the Traffic Mirror target. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The ID of the Traffic Mirror target. + TrafficMirrorTargetId *string `locationName:"trafficMirrorTargetId" type:"string"` + + // The type of Traffic Mirror target. + Type *string `locationName:"type" type:"string" enum:"TrafficMirrorTargetType"` +} + +// String returns the string representation +func (s TrafficMirrorTarget) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrafficMirrorTarget) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *TrafficMirrorTarget) SetDescription(v string) *TrafficMirrorTarget { + s.Description = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *TrafficMirrorTarget) SetNetworkInterfaceId(v string) *TrafficMirrorTarget { + s.NetworkInterfaceId = &v + return s +} + +// SetNetworkLoadBalancerArn sets the NetworkLoadBalancerArn field's value. +func (s *TrafficMirrorTarget) SetNetworkLoadBalancerArn(v string) *TrafficMirrorTarget { + s.NetworkLoadBalancerArn = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *TrafficMirrorTarget) SetOwnerId(v string) *TrafficMirrorTarget { + s.OwnerId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TrafficMirrorTarget) SetTags(v []*Tag) *TrafficMirrorTarget { + s.Tags = v + return s +} + +// SetTrafficMirrorTargetId sets the TrafficMirrorTargetId field's value. +func (s *TrafficMirrorTarget) SetTrafficMirrorTargetId(v string) *TrafficMirrorTarget { + s.TrafficMirrorTargetId = &v + return s +} + +// SetType sets the Type field's value. +func (s *TrafficMirrorTarget) SetType(v string) *TrafficMirrorTarget { + s.Type = &v + return s +} + // Describes a transit gateway. type TransitGateway struct { _ struct{} `type:"structure"` @@ -86336,6 +92319,170 @@ func (s *TransitGatewayVpcAttachmentOptions) SetIpv6Support(v string) *TransitGa return s } +// The VPN tunnel options. +type TunnelOption struct { + _ struct{} `type:"structure"` + + // The number of seconds after which a DPD timeout occurs. + DpdTimeoutSeconds *int64 `locationName:"dpdTimeoutSeconds" type:"integer"` + + // The IKE versions that are permitted for the VPN tunnel. + IkeVersions []*IKEVersionsListValue `locationName:"ikeVersionSet" locationNameList:"item" type:"list"` + + // The external IP address of the VPN tunnel. + OutsideIpAddress *string `locationName:"outsideIpAddress" type:"string"` + + // The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 + // IKE negotiations. + Phase1DHGroupNumbers []*Phase1DHGroupNumbersListValue `locationName:"phase1DHGroupNumberSet" locationNameList:"item" type:"list"` + + // The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations. + Phase1EncryptionAlgorithms []*Phase1EncryptionAlgorithmsListValue `locationName:"phase1EncryptionAlgorithmSet" locationNameList:"item" type:"list"` + + // The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations. + Phase1IntegrityAlgorithms []*Phase1IntegrityAlgorithmsListValue `locationName:"phase1IntegrityAlgorithmSet" locationNameList:"item" type:"list"` + + // The lifetime for phase 1 of the IKE negotiation, in seconds. + Phase1LifetimeSeconds *int64 `locationName:"phase1LifetimeSeconds" type:"integer"` + + // The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 + // IKE negotiations. + Phase2DHGroupNumbers []*Phase2DHGroupNumbersListValue `locationName:"phase2DHGroupNumberSet" locationNameList:"item" type:"list"` + + // The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations. + Phase2EncryptionAlgorithms []*Phase2EncryptionAlgorithmsListValue `locationName:"phase2EncryptionAlgorithmSet" locationNameList:"item" type:"list"` + + // The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations. + Phase2IntegrityAlgorithms []*Phase2IntegrityAlgorithmsListValue `locationName:"phase2IntegrityAlgorithmSet" locationNameList:"item" type:"list"` + + // The lifetime for phase 2 of the IKE negotiation, in seconds. + Phase2LifetimeSeconds *int64 `locationName:"phase2LifetimeSeconds" type:"integer"` + + // The pre-shared key (PSK) to establish initial authentication between the + // virtual private gateway and the customer gateway. + PreSharedKey *string `locationName:"preSharedKey" type:"string"` + + // The percentage of the rekey window determined by RekeyMarginTimeSeconds during + // which the rekey time is randomly selected. + RekeyFuzzPercentage *int64 `locationName:"rekeyFuzzPercentage" type:"integer"` + + // The margin time, in seconds, before the phase 2 lifetime expires, during + // which the AWS side of the VPN connection performs an IKE rekey. + RekeyMarginTimeSeconds *int64 `locationName:"rekeyMarginTimeSeconds" type:"integer"` + + // The number of packets in an IKE replay window. + ReplayWindowSize *int64 `locationName:"replayWindowSize" type:"integer"` + + // The range of inside IP addresses for the tunnel. + TunnelInsideCidr *string `locationName:"tunnelInsideCidr" type:"string"` +} + +// String returns the string representation +func (s TunnelOption) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TunnelOption) GoString() string { + return s.String() +} + +// SetDpdTimeoutSeconds sets the DpdTimeoutSeconds field's value. +func (s *TunnelOption) SetDpdTimeoutSeconds(v int64) *TunnelOption { + s.DpdTimeoutSeconds = &v + return s +} + +// SetIkeVersions sets the IkeVersions field's value. +func (s *TunnelOption) SetIkeVersions(v []*IKEVersionsListValue) *TunnelOption { + s.IkeVersions = v + return s +} + +// SetOutsideIpAddress sets the OutsideIpAddress field's value. +func (s *TunnelOption) SetOutsideIpAddress(v string) *TunnelOption { + s.OutsideIpAddress = &v + return s +} + +// SetPhase1DHGroupNumbers sets the Phase1DHGroupNumbers field's value. +func (s *TunnelOption) SetPhase1DHGroupNumbers(v []*Phase1DHGroupNumbersListValue) *TunnelOption { + s.Phase1DHGroupNumbers = v + return s +} + +// SetPhase1EncryptionAlgorithms sets the Phase1EncryptionAlgorithms field's value. +func (s *TunnelOption) SetPhase1EncryptionAlgorithms(v []*Phase1EncryptionAlgorithmsListValue) *TunnelOption { + s.Phase1EncryptionAlgorithms = v + return s +} + +// SetPhase1IntegrityAlgorithms sets the Phase1IntegrityAlgorithms field's value. +func (s *TunnelOption) SetPhase1IntegrityAlgorithms(v []*Phase1IntegrityAlgorithmsListValue) *TunnelOption { + s.Phase1IntegrityAlgorithms = v + return s +} + +// SetPhase1LifetimeSeconds sets the Phase1LifetimeSeconds field's value. +func (s *TunnelOption) SetPhase1LifetimeSeconds(v int64) *TunnelOption { + s.Phase1LifetimeSeconds = &v + return s +} + +// SetPhase2DHGroupNumbers sets the Phase2DHGroupNumbers field's value. +func (s *TunnelOption) SetPhase2DHGroupNumbers(v []*Phase2DHGroupNumbersListValue) *TunnelOption { + s.Phase2DHGroupNumbers = v + return s +} + +// SetPhase2EncryptionAlgorithms sets the Phase2EncryptionAlgorithms field's value. +func (s *TunnelOption) SetPhase2EncryptionAlgorithms(v []*Phase2EncryptionAlgorithmsListValue) *TunnelOption { + s.Phase2EncryptionAlgorithms = v + return s +} + +// SetPhase2IntegrityAlgorithms sets the Phase2IntegrityAlgorithms field's value. +func (s *TunnelOption) SetPhase2IntegrityAlgorithms(v []*Phase2IntegrityAlgorithmsListValue) *TunnelOption { + s.Phase2IntegrityAlgorithms = v + return s +} + +// SetPhase2LifetimeSeconds sets the Phase2LifetimeSeconds field's value. +func (s *TunnelOption) SetPhase2LifetimeSeconds(v int64) *TunnelOption { + s.Phase2LifetimeSeconds = &v + return s +} + +// SetPreSharedKey sets the PreSharedKey field's value. +func (s *TunnelOption) SetPreSharedKey(v string) *TunnelOption { + s.PreSharedKey = &v + return s +} + +// SetRekeyFuzzPercentage sets the RekeyFuzzPercentage field's value. +func (s *TunnelOption) SetRekeyFuzzPercentage(v int64) *TunnelOption { + s.RekeyFuzzPercentage = &v + return s +} + +// SetRekeyMarginTimeSeconds sets the RekeyMarginTimeSeconds field's value. +func (s *TunnelOption) SetRekeyMarginTimeSeconds(v int64) *TunnelOption { + s.RekeyMarginTimeSeconds = &v + return s +} + +// SetReplayWindowSize sets the ReplayWindowSize field's value. +func (s *TunnelOption) SetReplayWindowSize(v int64) *TunnelOption { + s.ReplayWindowSize = &v + return s +} + +// SetTunnelInsideCidr sets the TunnelInsideCidr field's value. +func (s *TunnelOption) SetTunnelInsideCidr(v string) *TunnelOption { + s.TunnelInsideCidr = &v + return s +} + type UnassignIpv6AddressesInput struct { _ struct{} `type:"structure"` @@ -87078,6 +93225,9 @@ type VgwTelemetry struct { // The number of accepted routes. AcceptedRouteCount *int64 `locationName:"acceptedRouteCount" type:"integer"` + // The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. + CertificateArn *string `locationName:"certificateArn" type:"string"` + // The date and time of the last change in status. LastStatusChange *time.Time `locationName:"lastStatusChange" type:"timestamp"` @@ -87108,6 +93258,12 @@ func (s *VgwTelemetry) SetAcceptedRouteCount(v int64) *VgwTelemetry { return s } +// SetCertificateArn sets the CertificateArn field's value. +func (s *VgwTelemetry) SetCertificateArn(v string) *VgwTelemetry { + s.CertificateArn = &v + return s +} + // SetLastStatusChange sets the LastStatusChange field's value. func (s *VgwTelemetry) SetLastStatusChange(v time.Time) *VgwTelemetry { s.LastStatusChange = &v @@ -87145,7 +93301,7 @@ type Volume struct { // The time stamp when volume creation was initiated. CreateTime *time.Time `locationName:"createTime" type:"timestamp"` - // Indicates whether the volume will be encrypted. + // Indicates whether the volume is encrypted. Encrypted *bool `locationName:"encrypted" type:"boolean"` // The number of I/O operations per second (IOPS) that the volume supports. @@ -87165,8 +93321,9 @@ type Volume struct { // it is not used in requests to create gp2, st1, sc1, or standard volumes. Iops *int64 `locationName:"iops" type:"integer"` - // The full ARN of the AWS Key Management Service (AWS KMS) customer master - // key (CMK) that was used to protect the volume encryption key for the volume. + // The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) + // customer master key (CMK) that was used to protect the volume encryption + // key for the volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // The size of the volume, in GiBs. @@ -88016,6 +94173,9 @@ type VpcEndpoint struct { // (Interface endpoint) One or more network interfaces for the endpoint. NetworkInterfaceIds []*string `locationName:"networkInterfaceIdSet" locationNameList:"item" type:"list"` + // The ID of the AWS account that owns the VPC endpoint. + OwnerId *string `locationName:"ownerId" type:"string"` + // The policy document associated with the endpoint, if applicable. PolicyDocument *string `locationName:"policyDocument" type:"string"` @@ -88085,6 +94245,12 @@ func (s *VpcEndpoint) SetNetworkInterfaceIds(v []*string) *VpcEndpoint { return s } +// SetOwnerId sets the OwnerId field's value. +func (s *VpcEndpoint) SetOwnerId(v string) *VpcEndpoint { + s.OwnerId = &v + return s +} + // SetPolicyDocument sets the PolicyDocument field's value. func (s *VpcEndpoint) SetPolicyDocument(v string) *VpcEndpoint { s.PolicyDocument = &v @@ -88158,6 +94324,12 @@ type VpcEndpointConnection struct { // The date and time the VPC endpoint was created. CreationTimestamp *time.Time `locationName:"creationTimestamp" type:"timestamp"` + // The DNS entries for the VPC endpoint. + DnsEntries []*DnsEntry `locationName:"dnsEntrySet" locationNameList:"item" type:"list"` + + // The Amazon Resource Names (ARNs) of the network load balancers for the service. + NetworkLoadBalancerArns []*string `locationName:"networkLoadBalancerArnSet" locationNameList:"item" type:"list"` + // The ID of the service to which the endpoint is connected. ServiceId *string `locationName:"serviceId" type:"string"` @@ -88187,6 +94359,18 @@ func (s *VpcEndpointConnection) SetCreationTimestamp(v time.Time) *VpcEndpointCo return s } +// SetDnsEntries sets the DnsEntries field's value. +func (s *VpcEndpointConnection) SetDnsEntries(v []*DnsEntry) *VpcEndpointConnection { + s.DnsEntries = v + return s +} + +// SetNetworkLoadBalancerArns sets the NetworkLoadBalancerArns field's value. +func (s *VpcEndpointConnection) SetNetworkLoadBalancerArns(v []*string) *VpcEndpointConnection { + s.NetworkLoadBalancerArns = v + return s +} + // SetServiceId sets the ServiceId field's value. func (s *VpcEndpointConnection) SetServiceId(v string) *VpcEndpointConnection { s.ServiceId = &v @@ -88615,6 +94799,9 @@ type VpnConnectionOptions struct { // Indicates whether the VPN connection uses static routes only. Static routes // must be used for devices that don't support BGP. StaticRoutesOnly *bool `locationName:"staticRoutesOnly" type:"boolean"` + + // Indicates the VPN tunnel options. + TunnelOptions []*TunnelOption `locationName:"tunnelOptionSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -88633,6 +94820,12 @@ func (s *VpnConnectionOptions) SetStaticRoutesOnly(v bool) *VpnConnectionOptions return s } +// SetTunnelOptions sets the TunnelOptions field's value. +func (s *VpnConnectionOptions) SetTunnelOptions(v []*TunnelOption) *VpnConnectionOptions { + s.TunnelOptions = v + return s +} + // Describes VPN connection options. type VpnConnectionOptionsSpecification struct { _ struct{} `type:"structure"` @@ -88645,7 +94838,7 @@ type VpnConnectionOptionsSpecification struct { StaticRoutesOnly *bool `locationName:"staticRoutesOnly" type:"boolean"` // The tunnel options for the VPN connection. - TunnelOptions []*VpnTunnelOptionsSpecification `locationNameList:"item" type:"list"` + TunnelOptions []*VpnTunnelOptionsSpecification `type:"list"` } // String returns the string representation @@ -88795,13 +94988,101 @@ func (s *VpnStaticRoute) SetState(v string) *VpnStaticRoute { type VpnTunnelOptionsSpecification struct { _ struct{} `type:"structure"` + // The number of seconds after which a DPD timeout occurs. + // + // Constraints: A value between 0 and 30. + // + // Default: 30 + DPDTimeoutSeconds *int64 `type:"integer"` + + // The IKE versions that are permitted for the VPN tunnel. + // + // Valid values: ikev1 | ikev2 + IKEVersions []*IKEVersionsRequestListValue `locationName:"IKEVersion" locationNameList:"item" type:"list"` + + // One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel + // for phase 1 IKE negotiations. + // + // Valid values: 2 | 14 | 15 | 16 | 17 | 18 | 22 | 23 | 24 + Phase1DHGroupNumbers []*Phase1DHGroupNumbersRequestListValue `locationName:"Phase1DHGroupNumber" locationNameList:"item" type:"list"` + + // One or more encryption algorithms that are permitted for the VPN tunnel for + // phase 1 IKE negotiations. + // + // Valid values: AES128 | AES256 + Phase1EncryptionAlgorithms []*Phase1EncryptionAlgorithmsRequestListValue `locationName:"Phase1EncryptionAlgorithm" locationNameList:"item" type:"list"` + + // One or more integrity algorithms that are permitted for the VPN tunnel for + // phase 1 IKE negotiations. + // + // Valid values: SHA1 | SHA2-256 + Phase1IntegrityAlgorithms []*Phase1IntegrityAlgorithmsRequestListValue `locationName:"Phase1IntegrityAlgorithm" locationNameList:"item" type:"list"` + + // The lifetime for phase 1 of the IKE negotiation, in seconds. + // + // Constraints: A value between 900 and 28,800. + // + // Default: 28800 + Phase1LifetimeSeconds *int64 `type:"integer"` + + // One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel + // for phase 2 IKE negotiations. + // + // Valid values: 2 | 5 | 14 | 15 | 16 | 17 | 18 | 22 | 23 | 24 + Phase2DHGroupNumbers []*Phase2DHGroupNumbersRequestListValue `locationName:"Phase2DHGroupNumber" locationNameList:"item" type:"list"` + + // One or more encryption algorithms that are permitted for the VPN tunnel for + // phase 2 IKE negotiations. + // + // Valid values: AES128 | AES256 + Phase2EncryptionAlgorithms []*Phase2EncryptionAlgorithmsRequestListValue `locationName:"Phase2EncryptionAlgorithm" locationNameList:"item" type:"list"` + + // One or more integrity algorithms that are permitted for the VPN tunnel for + // phase 2 IKE negotiations. + // + // Valid values: SHA1 | SHA2-256 + Phase2IntegrityAlgorithms []*Phase2IntegrityAlgorithmsRequestListValue `locationName:"Phase2IntegrityAlgorithm" locationNameList:"item" type:"list"` + + // The lifetime for phase 2 of the IKE negotiation, in seconds. + // + // Constraints: A value between 900 and 3,600. The value must be less than the + // value for Phase1LifetimeSeconds. + // + // Default: 3600 + Phase2LifetimeSeconds *int64 `type:"integer"` + // The pre-shared key (PSK) to establish initial authentication between the // virtual private gateway and customer gateway. // - // Constraints: Allowed characters are alphanumeric characters and ._. Must - // be between 8 and 64 characters in length and cannot start with zero (0). + // Constraints: Allowed characters are alphanumeric characters, periods (.), + // and underscores (_). Must be between 8 and 64 characters in length and cannot + // start with zero (0). PreSharedKey *string `type:"string"` + // The percentage of the rekey window (determined by RekeyMarginTimeSeconds) + // during which the rekey time is randomly selected. + // + // Constraints: A value between 0 and 100. + // + // Default: 100 + RekeyFuzzPercentage *int64 `type:"integer"` + + // The margin time, in seconds, before the phase 2 lifetime expires, during + // which the AWS side of the VPN connection performs an IKE rekey. The exact + // time of the rekey is randomly selected based on the value for RekeyFuzzPercentage. + // + // Constraints: A value between 60 and half of Phase2LifetimeSeconds. + // + // Default: 540 + RekeyMarginTimeSeconds *int64 `type:"integer"` + + // The number of packets in an IKE replay window. + // + // Constraints: A value between 64 and 2048. + // + // Default: 1024 + ReplayWindowSize *int64 `type:"integer"` + // The range of inside IP addresses for the tunnel. Any specified CIDR blocks // must be unique across all VPN connections that use the same virtual private // gateway. @@ -88835,12 +95116,90 @@ func (s VpnTunnelOptionsSpecification) GoString() string { return s.String() } +// SetDPDTimeoutSeconds sets the DPDTimeoutSeconds field's value. +func (s *VpnTunnelOptionsSpecification) SetDPDTimeoutSeconds(v int64) *VpnTunnelOptionsSpecification { + s.DPDTimeoutSeconds = &v + return s +} + +// SetIKEVersions sets the IKEVersions field's value. +func (s *VpnTunnelOptionsSpecification) SetIKEVersions(v []*IKEVersionsRequestListValue) *VpnTunnelOptionsSpecification { + s.IKEVersions = v + return s +} + +// SetPhase1DHGroupNumbers sets the Phase1DHGroupNumbers field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase1DHGroupNumbers(v []*Phase1DHGroupNumbersRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase1DHGroupNumbers = v + return s +} + +// SetPhase1EncryptionAlgorithms sets the Phase1EncryptionAlgorithms field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase1EncryptionAlgorithms(v []*Phase1EncryptionAlgorithmsRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase1EncryptionAlgorithms = v + return s +} + +// SetPhase1IntegrityAlgorithms sets the Phase1IntegrityAlgorithms field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase1IntegrityAlgorithms(v []*Phase1IntegrityAlgorithmsRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase1IntegrityAlgorithms = v + return s +} + +// SetPhase1LifetimeSeconds sets the Phase1LifetimeSeconds field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase1LifetimeSeconds(v int64) *VpnTunnelOptionsSpecification { + s.Phase1LifetimeSeconds = &v + return s +} + +// SetPhase2DHGroupNumbers sets the Phase2DHGroupNumbers field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase2DHGroupNumbers(v []*Phase2DHGroupNumbersRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase2DHGroupNumbers = v + return s +} + +// SetPhase2EncryptionAlgorithms sets the Phase2EncryptionAlgorithms field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase2EncryptionAlgorithms(v []*Phase2EncryptionAlgorithmsRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase2EncryptionAlgorithms = v + return s +} + +// SetPhase2IntegrityAlgorithms sets the Phase2IntegrityAlgorithms field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase2IntegrityAlgorithms(v []*Phase2IntegrityAlgorithmsRequestListValue) *VpnTunnelOptionsSpecification { + s.Phase2IntegrityAlgorithms = v + return s +} + +// SetPhase2LifetimeSeconds sets the Phase2LifetimeSeconds field's value. +func (s *VpnTunnelOptionsSpecification) SetPhase2LifetimeSeconds(v int64) *VpnTunnelOptionsSpecification { + s.Phase2LifetimeSeconds = &v + return s +} + // SetPreSharedKey sets the PreSharedKey field's value. func (s *VpnTunnelOptionsSpecification) SetPreSharedKey(v string) *VpnTunnelOptionsSpecification { s.PreSharedKey = &v return s } +// SetRekeyFuzzPercentage sets the RekeyFuzzPercentage field's value. +func (s *VpnTunnelOptionsSpecification) SetRekeyFuzzPercentage(v int64) *VpnTunnelOptionsSpecification { + s.RekeyFuzzPercentage = &v + return s +} + +// SetRekeyMarginTimeSeconds sets the RekeyMarginTimeSeconds field's value. +func (s *VpnTunnelOptionsSpecification) SetRekeyMarginTimeSeconds(v int64) *VpnTunnelOptionsSpecification { + s.RekeyMarginTimeSeconds = &v + return s +} + +// SetReplayWindowSize sets the ReplayWindowSize field's value. +func (s *VpnTunnelOptionsSpecification) SetReplayWindowSize(v int64) *VpnTunnelOptionsSpecification { + s.ReplayWindowSize = &v + return s +} + // SetTunnelInsideCidr sets the TunnelInsideCidr field's value. func (s *VpnTunnelOptionsSpecification) SetTunnelInsideCidr(v string) *VpnTunnelOptionsSpecification { s.TunnelInsideCidr = &v @@ -88965,6 +95324,9 @@ const ( // AllocationStateReleasedPermanentFailure is a AllocationState enum value AllocationStateReleasedPermanentFailure = "released-permanent-failure" + + // AllocationStatePending is a AllocationState enum value + AllocationStatePending = "pending" ) const ( @@ -88973,6 +95335,9 @@ const ( // AllocationStrategyDiversified is a AllocationStrategy enum value AllocationStrategyDiversified = "diversified" + + // AllocationStrategyCapacityOptimized is a AllocationStrategy enum value + AllocationStrategyCapacityOptimized = "capacityOptimized" ) const ( @@ -89324,6 +95689,11 @@ const ( ConversionTaskStateCompleted = "completed" ) +const ( + // CopyTagsFromSourceVolume is a CopyTagsFromSource enum value + CopyTagsFromSourceVolume = "volume" +) + const ( // CurrencyCodeValuesUsd is a CurrencyCodeValues enum value CurrencyCodeValuesUsd = "USD" @@ -89457,6 +95827,9 @@ const ( // EventTypeError is a EventType enum value EventTypeError = "error" + + // EventTypeInformation is a EventType enum value + EventTypeInformation = "information" ) const ( @@ -89611,6 +95984,14 @@ const ( GatewayTypeIpsec1 = "ipsec.1" ) +const ( + // HostRecoveryOn is a HostRecovery enum value + HostRecoveryOn = "on" + + // HostRecoveryOff is a HostRecovery enum value + HostRecoveryOff = "off" +) + const ( // HostTenancyDedicated is a HostTenancy enum value HostTenancyDedicated = "dedicated" @@ -89971,9 +96352,15 @@ const ( // InstanceTypeR54xlarge is a InstanceType enum value InstanceTypeR54xlarge = "r5.4xlarge" + // InstanceTypeR58xlarge is a InstanceType enum value + InstanceTypeR58xlarge = "r5.8xlarge" + // InstanceTypeR512xlarge is a InstanceType enum value InstanceTypeR512xlarge = "r5.12xlarge" + // InstanceTypeR516xlarge is a InstanceType enum value + InstanceTypeR516xlarge = "r5.16xlarge" + // InstanceTypeR524xlarge is a InstanceType enum value InstanceTypeR524xlarge = "r5.24xlarge" @@ -89992,9 +96379,15 @@ const ( // InstanceTypeR5a4xlarge is a InstanceType enum value InstanceTypeR5a4xlarge = "r5a.4xlarge" + // InstanceTypeR5a8xlarge is a InstanceType enum value + InstanceTypeR5a8xlarge = "r5a.8xlarge" + // InstanceTypeR5a12xlarge is a InstanceType enum value InstanceTypeR5a12xlarge = "r5a.12xlarge" + // InstanceTypeR5a16xlarge is a InstanceType enum value + InstanceTypeR5a16xlarge = "r5a.16xlarge" + // InstanceTypeR5a24xlarge is a InstanceType enum value InstanceTypeR5a24xlarge = "r5a.24xlarge" @@ -90010,9 +96403,15 @@ const ( // InstanceTypeR5d4xlarge is a InstanceType enum value InstanceTypeR5d4xlarge = "r5d.4xlarge" + // InstanceTypeR5d8xlarge is a InstanceType enum value + InstanceTypeR5d8xlarge = "r5d.8xlarge" + // InstanceTypeR5d12xlarge is a InstanceType enum value InstanceTypeR5d12xlarge = "r5d.12xlarge" + // InstanceTypeR5d16xlarge is a InstanceType enum value + InstanceTypeR5d16xlarge = "r5d.16xlarge" + // InstanceTypeR5d24xlarge is a InstanceType enum value InstanceTypeR5d24xlarge = "r5d.24xlarge" @@ -90100,6 +96499,30 @@ const ( // InstanceTypeI3Metal is a InstanceType enum value InstanceTypeI3Metal = "i3.metal" + // InstanceTypeI3enLarge is a InstanceType enum value + InstanceTypeI3enLarge = "i3en.large" + + // InstanceTypeI3enXlarge is a InstanceType enum value + InstanceTypeI3enXlarge = "i3en.xlarge" + + // InstanceTypeI3en2xlarge is a InstanceType enum value + InstanceTypeI3en2xlarge = "i3en.2xlarge" + + // InstanceTypeI3en3xlarge is a InstanceType enum value + InstanceTypeI3en3xlarge = "i3en.3xlarge" + + // InstanceTypeI3en6xlarge is a InstanceType enum value + InstanceTypeI3en6xlarge = "i3en.6xlarge" + + // InstanceTypeI3en12xlarge is a InstanceType enum value + InstanceTypeI3en12xlarge = "i3en.12xlarge" + + // InstanceTypeI3en24xlarge is a InstanceType enum value + InstanceTypeI3en24xlarge = "i3en.24xlarge" + + // InstanceTypeI3enMetal is a InstanceType enum value + InstanceTypeI3enMetal = "i3en.metal" + // InstanceTypeHi14xlarge is a InstanceType enum value InstanceTypeHi14xlarge = "hi1.4xlarge" @@ -90157,9 +96580,18 @@ const ( // InstanceTypeC59xlarge is a InstanceType enum value InstanceTypeC59xlarge = "c5.9xlarge" + // InstanceTypeC512xlarge is a InstanceType enum value + InstanceTypeC512xlarge = "c5.12xlarge" + // InstanceTypeC518xlarge is a InstanceType enum value InstanceTypeC518xlarge = "c5.18xlarge" + // InstanceTypeC524xlarge is a InstanceType enum value + InstanceTypeC524xlarge = "c5.24xlarge" + + // InstanceTypeC5Metal is a InstanceType enum value + InstanceTypeC5Metal = "c5.metal" + // InstanceTypeC5dLarge is a InstanceType enum value InstanceTypeC5dLarge = "c5d.large" @@ -90277,9 +96709,15 @@ const ( // InstanceTypeM54xlarge is a InstanceType enum value InstanceTypeM54xlarge = "m5.4xlarge" + // InstanceTypeM58xlarge is a InstanceType enum value + InstanceTypeM58xlarge = "m5.8xlarge" + // InstanceTypeM512xlarge is a InstanceType enum value InstanceTypeM512xlarge = "m5.12xlarge" + // InstanceTypeM516xlarge is a InstanceType enum value + InstanceTypeM516xlarge = "m5.16xlarge" + // InstanceTypeM524xlarge is a InstanceType enum value InstanceTypeM524xlarge = "m5.24xlarge" @@ -90298,9 +96736,15 @@ const ( // InstanceTypeM5a4xlarge is a InstanceType enum value InstanceTypeM5a4xlarge = "m5a.4xlarge" + // InstanceTypeM5a8xlarge is a InstanceType enum value + InstanceTypeM5a8xlarge = "m5a.8xlarge" + // InstanceTypeM5a12xlarge is a InstanceType enum value InstanceTypeM5a12xlarge = "m5a.12xlarge" + // InstanceTypeM5a16xlarge is a InstanceType enum value + InstanceTypeM5a16xlarge = "m5a.16xlarge" + // InstanceTypeM5a24xlarge is a InstanceType enum value InstanceTypeM5a24xlarge = "m5a.24xlarge" @@ -90316,9 +96760,15 @@ const ( // InstanceTypeM5d4xlarge is a InstanceType enum value InstanceTypeM5d4xlarge = "m5d.4xlarge" + // InstanceTypeM5d8xlarge is a InstanceType enum value + InstanceTypeM5d8xlarge = "m5d.8xlarge" + // InstanceTypeM5d12xlarge is a InstanceType enum value InstanceTypeM5d12xlarge = "m5d.12xlarge" + // InstanceTypeM5d16xlarge is a InstanceType enum value + InstanceTypeM5d16xlarge = "m5d.16xlarge" + // InstanceTypeM5d24xlarge is a InstanceType enum value InstanceTypeM5d24xlarge = "m5d.24xlarge" @@ -90860,6 +97310,15 @@ const ( // ResourceTypeSubnet is a ResourceType enum value ResourceTypeSubnet = "subnet" + // ResourceTypeTrafficMirrorFilter is a ResourceType enum value + ResourceTypeTrafficMirrorFilter = "traffic-mirror-filter" + + // ResourceTypeTrafficMirrorSession is a ResourceType enum value + ResourceTypeTrafficMirrorSession = "traffic-mirror-session" + + // ResourceTypeTrafficMirrorTarget is a ResourceType enum value + ResourceTypeTrafficMirrorTarget = "traffic-mirror-target" + // ResourceTypeTransitGateway is a ResourceType enum value ResourceTypeTransitGateway = "transit-gateway" @@ -90970,6 +97429,9 @@ const ( // SpotAllocationStrategyDiversified is a SpotAllocationStrategy enum value SpotAllocationStrategyDiversified = "diversified" + + // SpotAllocationStrategyCapacityOptimized is a SpotAllocationStrategy enum value + SpotAllocationStrategyCapacityOptimized = "capacity-optimized" ) const ( @@ -91128,6 +97590,60 @@ const ( TenancyHost = "host" ) +const ( + // TrafficDirectionIngress is a TrafficDirection enum value + TrafficDirectionIngress = "ingress" + + // TrafficDirectionEgress is a TrafficDirection enum value + TrafficDirectionEgress = "egress" +) + +const ( + // TrafficMirrorFilterRuleFieldDestinationPortRange is a TrafficMirrorFilterRuleField enum value + TrafficMirrorFilterRuleFieldDestinationPortRange = "destination-port-range" + + // TrafficMirrorFilterRuleFieldSourcePortRange is a TrafficMirrorFilterRuleField enum value + TrafficMirrorFilterRuleFieldSourcePortRange = "source-port-range" + + // TrafficMirrorFilterRuleFieldProtocol is a TrafficMirrorFilterRuleField enum value + TrafficMirrorFilterRuleFieldProtocol = "protocol" + + // TrafficMirrorFilterRuleFieldDescription is a TrafficMirrorFilterRuleField enum value + TrafficMirrorFilterRuleFieldDescription = "description" +) + +const ( + // TrafficMirrorNetworkServiceAmazonDns is a TrafficMirrorNetworkService enum value + TrafficMirrorNetworkServiceAmazonDns = "amazon-dns" +) + +const ( + // TrafficMirrorRuleActionAccept is a TrafficMirrorRuleAction enum value + TrafficMirrorRuleActionAccept = "accept" + + // TrafficMirrorRuleActionReject is a TrafficMirrorRuleAction enum value + TrafficMirrorRuleActionReject = "reject" +) + +const ( + // TrafficMirrorSessionFieldPacketLength is a TrafficMirrorSessionField enum value + TrafficMirrorSessionFieldPacketLength = "packet-length" + + // TrafficMirrorSessionFieldDescription is a TrafficMirrorSessionField enum value + TrafficMirrorSessionFieldDescription = "description" + + // TrafficMirrorSessionFieldVirtualNetworkId is a TrafficMirrorSessionField enum value + TrafficMirrorSessionFieldVirtualNetworkId = "virtual-network-id" +) + +const ( + // TrafficMirrorTargetTypeNetworkInterface is a TrafficMirrorTargetType enum value + TrafficMirrorTargetTypeNetworkInterface = "network-interface" + + // TrafficMirrorTargetTypeNetworkLoadBalancer is a TrafficMirrorTargetType enum value + TrafficMirrorTargetTypeNetworkLoadBalancer = "network-load-balancer" +) + const ( // TrafficTypeAccept is a TrafficType enum value TrafficTypeAccept = "ACCEPT" @@ -91159,6 +97675,9 @@ const ( // TransitGatewayAttachmentResourceTypeVpn is a TransitGatewayAttachmentResourceType enum value TransitGatewayAttachmentResourceTypeVpn = "vpn" + + // TransitGatewayAttachmentResourceTypeDirectConnectGateway is a TransitGatewayAttachmentResourceType enum value + TransitGatewayAttachmentResourceTypeDirectConnectGateway = "direct-connect-gateway" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go index 7b42719d6533..7c9fccd7c8f5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/customizations.go @@ -38,8 +38,8 @@ func customRetryRule(r *request.Request) time.Duration { count = len(retryTimes) - 1 } - minTime := int(retryTimes[count]) - return time.Duration(sdkrand.SeededRand.Intn(minTime) + minTime) + minTime := int64(retryTimes[count]) + return time.Duration(sdkrand.SeededRand.Int63n(minTime) + minTime) } func setCustomRetryer(c *client.Client) { diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go index c258e0e85c03..31c314e0e5f5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go @@ -7,18 +7,19 @@ // capacity in the AWS cloud. Using Amazon EC2 eliminates the need to invest // in hardware up front, so you can develop and deploy applications faster. // -// To learn more about Amazon EC2, Amazon EBS, and Amazon VPC, see the following -// resources: +// To learn more, see the following resources: // -// * Amazon EC2 product page (http://aws.amazon.com/ec2) +// * Amazon EC2: AmazonEC2 product page (http://aws.amazon.com/ec2), Amazon +// EC2 documentation (http://aws.amazon.com/documentation/ec2) // -// * Amazon EC2 documentation (http://aws.amazon.com/documentation/ec2) +// * Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon +// EBS documentation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) // -// * Amazon EBS product page (http://aws.amazon.com/ebs) +// * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon +// VPC documentation (http://aws.amazon.com/documentation/vpc) // -// * Amazon VPC product page (http://aws.amazon.com/vpc) -// -// * Amazon VPC documentation (http://aws.amazon.com/documentation/vpc) +// * AWS VPN: AWS VPN product page (http://aws.amazon.com/vpn), AWS VPN documentation +// (http://aws.amazon.com/documentation/vpn) // // See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go index 340213490061..686836132db2 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/api.go @@ -5040,6 +5040,199 @@ func (c *IAM) GenerateCredentialReportWithContext(ctx aws.Context, input *Genera return out, req.Send() } +const opGenerateOrganizationsAccessReport = "GenerateOrganizationsAccessReport" + +// GenerateOrganizationsAccessReportRequest generates a "aws/request.Request" representing the +// client's request for the GenerateOrganizationsAccessReport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateOrganizationsAccessReport for more information on using the GenerateOrganizationsAccessReport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GenerateOrganizationsAccessReportRequest method. +// req, resp := client.GenerateOrganizationsAccessReportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport +func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizationsAccessReportInput) (req *request.Request, output *GenerateOrganizationsAccessReportOutput) { + op := &request.Operation{ + Name: opGenerateOrganizationsAccessReport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GenerateOrganizationsAccessReportInput{} + } + + output = &GenerateOrganizationsAccessReportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management. +// +// Generates a report for service last accessed data for AWS Organizations. +// You can generate a report for any entities (organization root, organizational +// unit, or account) or policies in your organization. +// +// To call this operation, you must be signed in using your AWS Organizations +// master account credentials. You can use your long-term IAM user or root user +// credentials, or temporary credentials from assuming an IAM role. SCPs must +// be enabled for your organization root. You must have the required IAM and +// AWS Organizations permissions. For more information, see Refining Permissions +// Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// You can generate a service last accessed data report for entities by specifying +// only the entity's path. This data includes a list of services that are allowed +// by any service control policies (SCPs) that apply to the entity. +// +// You can generate a service last accessed data report for a policy by specifying +// an entity's path and an optional AWS Organizations policy ID. This data includes +// a list of services that are allowed by the specified SCP. +// +// For each service in both report types, the data includes the most recent +// account activity that the policy allows to account principals in the entity +// or the entity's children. For important information about the data, reporting +// period, permissions required, troubleshooting, and supported Regions see +// Reducing Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// The data includes all attempts to access AWS, not just the successful ones. +// This includes all attempts that were made using the AWS Management Console, +// the AWS API through any of the SDKs, or any of the command line tools. An +// unexpected entry in the service last accessed data does not mean that an +// account has been compromised, because the request might have been denied. +// Refer to your CloudTrail logs as the authoritative source for information +// about all API calls and whether they were successful or denied access. For +// more information, see Logging IAM Events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// in the IAM User Guide. +// +// This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport +// operation to check the status of the report generation. To check the status +// of this request, use the JobId parameter in the GetOrganizationsAccessReport +// operation and test the JobStatus response parameter. When the job is complete, +// you can retrieve the report. +// +// To generate a service last accessed data report for entities, specify an +// entity path without specifying the optional AWS Organizations policy ID. +// The type of entity that you specify determines the data returned in the report. +// +// * Root – When you specify the organizations root as the entity, the +// resulting report lists all of the services allowed by SCPs that are attached +// to your root. For each service, the report includes data for all accounts +// in your organization except the master account, because the master account +// is not limited by SCPs. +// +// * OU – When you specify an organizational unit (OU) as the entity, the +// resulting report lists all of the services allowed by SCPs that are attached +// to the OU and its parents. For each service, the report includes data +// for all accounts in the OU or its children. This data excludes the master +// account, because the master account is not limited by SCPs. +// +// * Master account – When you specify the master account, the resulting +// report lists all AWS services, because the master account is not limited +// by SCPs. For each service, the report includes data for only the master +// account. +// +// * Account – When you specify another account as the entity, the resulting +// report lists all of the services allowed by SCPs that are attached to +// the account and its parents. For each service, the report includes data +// for only the specified account. +// +// To generate a service last accessed data report for policies, specify an +// entity path and the optional AWS Organizations policy ID. The type of entity +// that you specify determines the data returned for each service. +// +// * Root – When you specify the root entity and a policy ID, the resulting +// report lists all of the services that are allowed by the specified SCP. +// For each service, the report includes data for all accounts in your organization +// to which the SCP applies. This data excludes the master account, because +// the master account is not limited by SCPs. If the SCP is not attached +// to any entities in the organization, then the report will return a list +// of services with no data. +// +// * OU – When you specify an OU entity and a policy ID, the resulting +// report lists all of the services that are allowed by the specified SCP. +// For each service, the report includes data for all accounts in the OU +// or its children to which the SCP applies. This means that other accounts +// outside the OU that are affected by the SCP might not be included in the +// data. This data excludes the master account, because the master account +// is not limited by SCPs. If the SCP is not attached to the OU or one of +// its children, the report will return a list of services with no data. +// +// * Master account – When you specify the master account, the resulting +// report lists all AWS services, because the master account is not limited +// by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. +// For each service, the report includes data for only the master account. +// +// * Account – When you specify another account entity and a policy ID, +// the resulting report lists all of the services that are allowed by the +// specified SCP. For each service, the report includes data for only the +// specified account. This means that other accounts in the organization +// that are affected by the SCP might not be included in the data. If the +// SCP is not attached to the account, the report will return a list of services +// with no data. +// +// Service last accessed data does not use other policy types when determining +// whether a principal could access a service. These other policy types include +// identity-based policies, resource-based policies, access control lists, IAM +// permissions boundaries, and STS assume role policies. It only applies SCP +// logic. For more about the evaluation of policy types, see Evaluating Policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// in the IAM User Guide. +// +// For more information about service last accessed data, see Reducing Policy +// Scope by Viewing User Activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Identity and Access Management's +// API operation GenerateOrganizationsAccessReport for usage and error information. +// +// Returned Error Codes: +// * ErrCodeReportGenerationLimitExceededException "ReportGenerationLimitExceeded" +// The request failed because the maximum number of concurrent requests for +// this account are already running. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport +func (c *IAM) GenerateOrganizationsAccessReport(input *GenerateOrganizationsAccessReportInput) (*GenerateOrganizationsAccessReportOutput, error) { + req, out := c.GenerateOrganizationsAccessReportRequest(input) + return out, req.Send() +} + +// GenerateOrganizationsAccessReportWithContext is the same as GenerateOrganizationsAccessReport with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateOrganizationsAccessReport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) GenerateOrganizationsAccessReportWithContext(ctx aws.Context, input *GenerateOrganizationsAccessReportInput, opts ...request.Option) (*GenerateOrganizationsAccessReportOutput, error) { + req, out := c.GenerateOrganizationsAccessReportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails" // GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the @@ -5084,12 +5277,11 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management. // -// Generates a request for a report that includes details about when an IAM -// resource (user, group, role, or policy) was last used in an attempt to access -// AWS services. Recent activity usually appears within four hours. IAM reports -// activity for the last 365 days, or less if your Region began supporting this -// feature within the last year. For more information, see Regions Where Data -// Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// Generates a report that includes details about when an IAM resource (user, +// group, role, or policy) was last used in an attempt to access AWS services. +// Recent activity usually appears within four hours. IAM reports activity for +// the last 365 days, or less if your Region began supporting this feature within +// the last year. For more information, see Regions Where Data Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). // // The service last accessed data includes all attempts to access an AWS API, // not just the successful ones. This includes all attempts that were made using @@ -5228,12 +5420,6 @@ func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req // // See the AWS API reference guide for AWS Identity and Access Management's // API operation GetAccessKeyLastUsed for usage and error information. -// -// Returned Error Codes: -// * ErrCodeNoSuchEntityException "NoSuchEntity" -// The request was rejected because it referenced a resource entity that does -// not exist. The error message describes the resource. -// // See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetAccessKeyLastUsed func (c *IAM) GetAccessKeyLastUsed(input *GetAccessKeyLastUsedInput) (*GetAccessKeyLastUsedOutput, error) { req, out := c.GetAccessKeyLastUsedRequest(input) @@ -6361,6 +6547,105 @@ func (c *IAM) GetOpenIDConnectProviderWithContext(ctx aws.Context, input *GetOpe return out, req.Send() } +const opGetOrganizationsAccessReport = "GetOrganizationsAccessReport" + +// GetOrganizationsAccessReportRequest generates a "aws/request.Request" representing the +// client's request for the GetOrganizationsAccessReport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetOrganizationsAccessReport for more information on using the GetOrganizationsAccessReport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetOrganizationsAccessReportRequest method. +// req, resp := client.GetOrganizationsAccessReportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport +func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessReportInput) (req *request.Request, output *GetOrganizationsAccessReportOutput) { + op := &request.Operation{ + Name: opGetOrganizationsAccessReport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetOrganizationsAccessReportInput{} + } + + output = &GetOrganizationsAccessReportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetOrganizationsAccessReport API operation for AWS Identity and Access Management. +// +// Retrieves the service last accessed data report for AWS Organizations that +// was previously generated using the GenerateOrganizationsAccessReport operation. +// This operation retrieves the status of your report job and the report contents. +// +// Depending on the parameters that you passed when you generated the report, +// the data returned could include different information. For details, see GenerateOrganizationsAccessReport. +// +// To call this operation, you must be signed in to the master account in your +// organization. SCPs must be enabled for your organization root. You must have +// permissions to perform this operation. For more information, see Refining +// Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// in the IAM User Guide. +// +// For each service that principals in an account (root users, IAM users, or +// IAM roles) could access using SCPs, the operation returns details about the +// most recent access attempt. If there was no attempt, the service is listed +// without details about the most recent attempt to access the service. If the +// operation fails, it returns the reason that it failed. +// +// By default, the list is sorted by service namespace. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Identity and Access Management's +// API operation GetOrganizationsAccessReport for usage and error information. +// +// Returned Error Codes: +// * ErrCodeNoSuchEntityException "NoSuchEntity" +// The request was rejected because it referenced a resource entity that does +// not exist. The error message describes the resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport +func (c *IAM) GetOrganizationsAccessReport(input *GetOrganizationsAccessReportInput) (*GetOrganizationsAccessReportOutput, error) { + req, out := c.GetOrganizationsAccessReportRequest(input) + return out, req.Send() +} + +// GetOrganizationsAccessReportWithContext is the same as GetOrganizationsAccessReport with the addition of +// the ability to pass a context and additional request options. +// +// See GetOrganizationsAccessReport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IAM) GetOrganizationsAccessReportWithContext(ctx aws.Context, input *GetOrganizationsAccessReportInput, opts ...request.Option) (*GetOrganizationsAccessReportOutput, error) { + req, out := c.GetOrganizationsAccessReportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetPolicy = "GetPolicy" // GetPolicyRequest generates a "aws/request.Request" representing the @@ -7080,10 +7365,11 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed // GetServiceLastAccessedDetails API operation for AWS Identity and Access Management. // -// After you generate a user, group, role, or policy report using the GenerateServiceLastAccessedDetails -// operation, you can use the JobId parameter in GetServiceLastAccessedDetails. -// This operation retrieves the status of your report job and a list of AWS -// services that the resource (user, group, role, or managed policy) can access. +// Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails +// operation. You can use the JobId parameter in GetServiceLastAccessedDetails +// to retrieve the status of your report job. When the report is complete, you +// can retrieve the generated report. The report includes a list of AWS services +// that the resource (user, group, role, or managed policy) can access. // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include @@ -15036,6 +15322,108 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload return out, req.Send() } +// An object that contains details about when a principal in the reported AWS +// Organizations entity last attempted to access an AWS service. A principal +// can be an IAM user, an IAM role, or the AWS account root user within the +// reported Organizations entity. +// +// This data type is a response element in the GetOrganizationsAccessReport +// operation. +type AccessDetail struct { + _ struct{} `type:"structure"` + + // The path of the Organizations entity (root, organizational unit, or account) + // from which an authenticated principal last attempted to access the service. + // AWS does not report unauthenticated requests. + // + // This field is null if no principals (IAM users, IAM roles, or root users) + // in the reported Organizations entity attempted to access the service within + // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + EntityPath *string `min:"19" type:"string"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when an authenticated principal most recently attempted to access the service. + // AWS does not report unauthenticated requests. + // + // This field is null if no principals in the reported Organizations entity + // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + LastAuthenticatedTime *time.Time `type:"timestamp"` + + // The Region where the last service access attempt occurred. + // + // This field is null if no principals in the reported Organizations entity + // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). + Region *string `type:"string"` + + // The name of the service in which access was attempted. + // + // ServiceName is a required field + ServiceName *string `type:"string" required:"true"` + + // The namespace of the service in which access was attempted. + // + // To learn the service namespace of a service, go to Actions, Resources, and + // Condition Keys for AWS Services (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html) + // in the IAM User Guide. Choose the name of the service to view details for + // that service. In the first paragraph, find the service prefix. For example, + // (service prefix: a4b). For more information about service namespaces, see + // AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the AWS General Reference. + // + // ServiceNamespace is a required field + ServiceNamespace *string `min:"1" type:"string" required:"true"` + + // The number of accounts with authenticated principals (root users, IAM users, + // and IAM roles) that attempted to access the service in the reporting period. + TotalAuthenticatedEntities *int64 `type:"integer"` +} + +// String returns the string representation +func (s AccessDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccessDetail) GoString() string { + return s.String() +} + +// SetEntityPath sets the EntityPath field's value. +func (s *AccessDetail) SetEntityPath(v string) *AccessDetail { + s.EntityPath = &v + return s +} + +// SetLastAuthenticatedTime sets the LastAuthenticatedTime field's value. +func (s *AccessDetail) SetLastAuthenticatedTime(v time.Time) *AccessDetail { + s.LastAuthenticatedTime = &v + return s +} + +// SetRegion sets the Region field's value. +func (s *AccessDetail) SetRegion(v string) *AccessDetail { + s.Region = &v + return s +} + +// SetServiceName sets the ServiceName field's value. +func (s *AccessDetail) SetServiceName(v string) *AccessDetail { + s.ServiceName = &v + return s +} + +// SetServiceNamespace sets the ServiceNamespace field's value. +func (s *AccessDetail) SetServiceNamespace(v string) *AccessDetail { + s.ServiceNamespace = &v + return s +} + +// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value. +func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail { + s.TotalAuthenticatedEntities = &v + return s +} + // Contains information about an AWS access key. // // This data type is used as a response element in the CreateAccessKey and ListAccessKeys @@ -15130,12 +15518,12 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM began tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // // LastUsedDate is a required field LastUsedDate *time.Time `type:"timestamp" required:"true"` - // The AWS region where this access key was most recently used. The value for + // The AWS Region where this access key was most recently used. The value for // this field is "N/A" in the following situations: // // * The user does not have an access key. @@ -15143,9 +15531,9 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM began tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // - // For more information about AWS regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) + // For more information about AWS Regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) // in the Amazon Web Services General Reference. // // Region is a required field @@ -15159,7 +15547,7 @@ type AccessKeyLastUsed struct { // * An access key exists but has not been used since IAM started tracking // this information. // - // * There is no sign-in data associated with the user + // * There is no sign-in data associated with the user. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` @@ -16532,7 +16920,7 @@ type CreatePolicyInput struct { // can contain any ASCII character from the ! (\u0021) through the DEL character // (\u007F), including most punctuation characters, digits, and upper and lowercased // letters. - Path *string `type:"string"` + Path *string `min:"1" type:"string"` // The JSON policy document that you want to use as the content for the new // policy. @@ -16580,6 +16968,9 @@ func (s CreatePolicyInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreatePolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} + if s.Path != nil && len(*s.Path) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Path", 1)) + } if s.PolicyDocument == nil { invalidParams.Add(request.NewErrParamRequired("PolicyDocument")) } @@ -16775,10 +17166,10 @@ type CreateRoleInput struct { // The trust relationship policy document that grants an entity permission to // assume the role. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation - // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting - // it to IAM. + // In IAM, you must provide a JSON policy that has been converted to a string. + // However, for AWS CloudFormation templates formatted in YAML, you can provide + // the policy in JSON or YAML format. AWS CloudFormation always converts a YAML + // policy to JSON format before submitting it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: @@ -16792,6 +17183,9 @@ type CreateRoleInput struct { // * The special characters tab (\u0009), line feed (\u000A), and carriage // return (\u000D) // + // Upon success, the response includes the same trust policy as a URL-encoded + // JSON string. + // // AssumeRolePolicyDocument is a required field AssumeRolePolicyDocument *string `min:"1" type:"string" required:"true"` @@ -19066,7 +19460,7 @@ type DeletionTaskFailureReasonType struct { // role has active sessions or if any resources that were used by the role have // not been deleted from the linked service, the role can't be deleted. This // parameter includes a list of the resources that are associated with the role - // and the region in which the resources are being used. + // and the Region in which the resources are being used. RoleUsageList []*RoleUsageType `type:"list"` } @@ -19587,8 +19981,9 @@ func (s *EntityInfo) SetType(v string) *EntityInfo { // Contains information about the reason that the operation failed. // -// This data type is used as a response element in the GetServiceLastAccessedDetails -// operation and the GetServiceLastAccessedDetailsWithEntities operation. +// This data type is used as a response element in the GetOrganizationsAccessReport, +// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities +// operations. type ErrorDetails struct { _ struct{} `type:"structure"` @@ -19656,7 +20051,7 @@ type EvaluationResult struct { // A list of the statements in the input policies that determine the result // for this scenario. Remember that even if multiple statements allow the operation // on the resource, if only one statement denies that operation, then the explicit - // deny overrides any allow. Inaddition, the deny statement is the only entry + // deny overrides any allow. In addition, the deny statement is the only entry // included in the result. MatchedStatements []*Statement `type:"list"` @@ -19669,7 +20064,7 @@ type EvaluationResult struct { // call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy. MissingContextValues []*string `type:"list"` - // A structure that details how AWS Organizations and its service control policies + // A structure that details how Organizations and its service control policies // affect the results of the simulation. Only applies if the simulated user's // account is part of an organization. OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"` @@ -19784,6 +20179,87 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR return s } +type GenerateOrganizationsAccessReportInput struct { + _ struct{} `type:"structure"` + + // The path of the AWS Organizations entity (root, OU, or account). You can + // build an entity path using the known structure of your organization. For + // example, assume that your account ID is 123456789012 and its parent OU ID + // is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and + // your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + // + // EntityPath is a required field + EntityPath *string `min:"19" type:"string" required:"true"` + + // The identifier of the AWS Organizations service control policy (SCP). This + // parameter is optional. + // + // This ID is used to generate information about when an account principal that + // is limited by the SCP attempted to access an AWS service. + OrganizationsPolicyId *string `type:"string"` +} + +// String returns the string representation +func (s GenerateOrganizationsAccessReportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateOrganizationsAccessReportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateOrganizationsAccessReportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateOrganizationsAccessReportInput"} + if s.EntityPath == nil { + invalidParams.Add(request.NewErrParamRequired("EntityPath")) + } + if s.EntityPath != nil && len(*s.EntityPath) < 19 { + invalidParams.Add(request.NewErrParamMinLen("EntityPath", 19)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEntityPath sets the EntityPath field's value. +func (s *GenerateOrganizationsAccessReportInput) SetEntityPath(v string) *GenerateOrganizationsAccessReportInput { + s.EntityPath = &v + return s +} + +// SetOrganizationsPolicyId sets the OrganizationsPolicyId field's value. +func (s *GenerateOrganizationsAccessReportInput) SetOrganizationsPolicyId(v string) *GenerateOrganizationsAccessReportInput { + s.OrganizationsPolicyId = &v + return s +} + +type GenerateOrganizationsAccessReportOutput struct { + _ struct{} `type:"structure"` + + // The job identifier that you can use in the GetOrganizationsAccessReport operation. + JobId *string `min:"36" type:"string"` +} + +// String returns the string representation +func (s GenerateOrganizationsAccessReportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GenerateOrganizationsAccessReportOutput) GoString() string { + return s.String() +} + +// SetJobId sets the JobId field's value. +func (s *GenerateOrganizationsAccessReportOutput) SetJobId(v string) *GenerateOrganizationsAccessReportOutput { + s.JobId = &v + return s +} + type GenerateServiceLastAccessedDetailsInput struct { _ struct{} `type:"structure"` @@ -20872,6 +21348,211 @@ func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProvi return s } +type GetOrganizationsAccessReportInput struct { + _ struct{} `type:"structure"` + + // The identifier of the request generated by the GenerateOrganizationsAccessReport + // operation. + // + // JobId is a required field + JobId *string `min:"36" type:"string" required:"true"` + + // Use this parameter only when paginating results and only after you receive + // a response indicating that the results are truncated. Set it to the value + // of the Marker element in the response that you received to indicate where + // the next call should start. + Marker *string `min:"1" type:"string"` + + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. + // + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. + MaxItems *int64 `min:"1" type:"integer"` + + // The key that is used to sort the results. If you choose the namespace key, + // the results are returned in alphabetical order. If you choose the time key, + // the results are sorted numerically by the date and time. + SortKey *string `type:"string" enum:"sortKeyType"` +} + +// String returns the string representation +func (s GetOrganizationsAccessReportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetOrganizationsAccessReportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetOrganizationsAccessReportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetOrganizationsAccessReportInput"} + if s.JobId == nil { + invalidParams.Add(request.NewErrParamRequired("JobId")) + } + if s.JobId != nil && len(*s.JobId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("JobId", 36)) + } + if s.Marker != nil && len(*s.Marker) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) + } + if s.MaxItems != nil && *s.MaxItems < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetJobId sets the JobId field's value. +func (s *GetOrganizationsAccessReportInput) SetJobId(v string) *GetOrganizationsAccessReportInput { + s.JobId = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *GetOrganizationsAccessReportInput) SetMarker(v string) *GetOrganizationsAccessReportInput { + s.Marker = &v + return s +} + +// SetMaxItems sets the MaxItems field's value. +func (s *GetOrganizationsAccessReportInput) SetMaxItems(v int64) *GetOrganizationsAccessReportInput { + s.MaxItems = &v + return s +} + +// SetSortKey sets the SortKey field's value. +func (s *GetOrganizationsAccessReportInput) SetSortKey(v string) *GetOrganizationsAccessReportInput { + s.SortKey = &v + return s +} + +type GetOrganizationsAccessReportOutput struct { + _ struct{} `type:"structure"` + + // An object that contains details about the most recent attempt to access the + // service. + AccessDetails []*AccessDetail `type:"list"` + + // Contains information about the reason that the operation failed. + // + // This data type is used as a response element in the GetOrganizationsAccessReport, + // GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities + // operations. + ErrorDetails *ErrorDetails `type:"structure"` + + // A flag that indicates whether there are more items to return. If your results + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. + IsTruncated *bool `type:"boolean"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when the generated report job was completed or failed. + // + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. + JobCompletionDate *time.Time `type:"timestamp"` + + // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), + // when the report job was created. + // + // JobCreationDate is a required field + JobCreationDate *time.Time `type:"timestamp" required:"true"` + + // The status of the job. + // + // JobStatus is a required field + JobStatus *string `type:"string" required:"true" enum:"jobStatusType"` + + // When IsTruncated is true, this element is present and contains the value + // to use for the Marker parameter in a subsequent pagination request. + Marker *string `min:"1" type:"string"` + + // The number of services that the applicable SCPs allow account principals + // to access. + NumberOfServicesAccessible *int64 `type:"integer"` + + // The number of services that account principals are allowed but did not attempt + // to access. + NumberOfServicesNotAccessed *int64 `type:"integer"` +} + +// String returns the string representation +func (s GetOrganizationsAccessReportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetOrganizationsAccessReportOutput) GoString() string { + return s.String() +} + +// SetAccessDetails sets the AccessDetails field's value. +func (s *GetOrganizationsAccessReportOutput) SetAccessDetails(v []*AccessDetail) *GetOrganizationsAccessReportOutput { + s.AccessDetails = v + return s +} + +// SetErrorDetails sets the ErrorDetails field's value. +func (s *GetOrganizationsAccessReportOutput) SetErrorDetails(v *ErrorDetails) *GetOrganizationsAccessReportOutput { + s.ErrorDetails = v + return s +} + +// SetIsTruncated sets the IsTruncated field's value. +func (s *GetOrganizationsAccessReportOutput) SetIsTruncated(v bool) *GetOrganizationsAccessReportOutput { + s.IsTruncated = &v + return s +} + +// SetJobCompletionDate sets the JobCompletionDate field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobCompletionDate(v time.Time) *GetOrganizationsAccessReportOutput { + s.JobCompletionDate = &v + return s +} + +// SetJobCreationDate sets the JobCreationDate field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobCreationDate(v time.Time) *GetOrganizationsAccessReportOutput { + s.JobCreationDate = &v + return s +} + +// SetJobStatus sets the JobStatus field's value. +func (s *GetOrganizationsAccessReportOutput) SetJobStatus(v string) *GetOrganizationsAccessReportOutput { + s.JobStatus = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *GetOrganizationsAccessReportOutput) SetMarker(v string) *GetOrganizationsAccessReportOutput { + s.Marker = &v + return s +} + +// SetNumberOfServicesAccessible sets the NumberOfServicesAccessible field's value. +func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesAccessible(v int64) *GetOrganizationsAccessReportOutput { + s.NumberOfServicesAccessible = &v + return s +} + +// SetNumberOfServicesNotAccessed sets the NumberOfServicesNotAccessed field's value. +func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesNotAccessed(v int64) *GetOrganizationsAccessReportOutput { + s.NumberOfServicesNotAccessed = &v + return s +} + type GetPolicyInput struct { _ struct{} `type:"structure"` @@ -21579,8 +22260,8 @@ type GetServiceLastAccessedDetailsOutput struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the generated report job was completed or failed. // - // This field is null if the job is still in progress, as indicated by a JobStatus - // value of IN_PROGRESS. + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. // // JobCompletionDate is a required field JobCompletionDate *time.Time `type:"timestamp" required:"true"` @@ -21786,6 +22467,9 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when the generated report job was completed or failed. // + // This field is null if the job is still in progress, as indicated by a job + // status value of IN_PROGRESS. + // // JobCompletionDate is a required field JobCompletionDate *time.Time `type:"timestamp" required:"true"` @@ -22682,7 +23366,7 @@ type ListAttachedGroupPoliciesInput struct { // can contain any ASCII character from the ! (\u0021) through the DEL character // (\u007F), including most punctuation characters, digits, and upper and lowercased // letters. - PathPrefix *string `type:"string"` + PathPrefix *string `min:"1" type:"string"` } // String returns the string representation @@ -22710,6 +23394,9 @@ func (s *ListAttachedGroupPoliciesInput) Validate() error { if s.MaxItems != nil && *s.MaxItems < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) } + if s.PathPrefix != nil && len(*s.PathPrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -22818,7 +23505,7 @@ type ListAttachedRolePoliciesInput struct { // can contain any ASCII character from the ! (\u0021) through the DEL character // (\u007F), including most punctuation characters, digits, and upper and lowercased // letters. - PathPrefix *string `type:"string"` + PathPrefix *string `min:"1" type:"string"` // The name (friendly name, not ARN) of the role to list attached policies for. // @@ -22849,6 +23536,9 @@ func (s *ListAttachedRolePoliciesInput) Validate() error { if s.MaxItems != nil && *s.MaxItems < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) } + if s.PathPrefix != nil && len(*s.PathPrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1)) + } if s.RoleName == nil { invalidParams.Add(request.NewErrParamRequired("RoleName")) } @@ -22963,7 +23653,7 @@ type ListAttachedUserPoliciesInput struct { // can contain any ASCII character from the ! (\u0021) through the DEL character // (\u007F), including most punctuation characters, digits, and upper and lowercased // letters. - PathPrefix *string `type:"string"` + PathPrefix *string `min:"1" type:"string"` // The name (friendly name, not ARN) of the user to list attached policies for. // @@ -22994,6 +23684,9 @@ func (s *ListAttachedUserPoliciesInput) Validate() error { if s.MaxItems != nil && *s.MaxItems < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) } + if s.PathPrefix != nil && len(*s.PathPrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1)) + } if s.UserName == nil { invalidParams.Add(request.NewErrParamRequired("UserName")) } @@ -24303,7 +24996,7 @@ type ListPoliciesInput struct { // can contain any ASCII character from the ! (\u0021) through the DEL character // (\u007F), including most punctuation characters, digits, and upper and lowercased // letters. - PathPrefix *string `type:"string"` + PathPrefix *string `min:"1" type:"string"` // The policy usage method to use for filtering the results. // @@ -24343,6 +25036,9 @@ func (s *ListPoliciesInput) Validate() error { if s.MaxItems != nil && *s.MaxItems < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1)) } + if s.PathPrefix != nil && len(*s.PathPrefix) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PathPrefix", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -26111,7 +26807,7 @@ type ManagedPolicyDetail struct { // // For more information about paths, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) // in the Using IAM guide. - Path *string `type:"string"` + Path *string `min:"1" type:"string"` // The number of entities (users and roles) for which the policy is used as // the permissions boundary. @@ -26253,11 +26949,12 @@ func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProvider return s } -// Contains information about AWS Organizations's effect on a policy simulation. +// Contains information about the effect that Organizations has on a policy +// simulation. type OrganizationsDecisionDetail struct { _ struct{} `type:"structure"` - // Specifies whether the simulated operation is allowed by the AWS Organizations + // Specifies whether the simulated operation is allowed by the Organizations // service control policies that impact the simulated user's account. AllowedByOrganizations *bool `type:"boolean"` } @@ -26432,7 +27129,7 @@ type Policy struct { // // For more information about paths, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) // in the Using IAM guide. - Path *string `type:"string"` + Path *string `min:"1" type:"string"` // The number of entities (users and roles) for which the policy is used to // set the permissions boundary. @@ -26896,7 +27593,9 @@ type PutGroupPolicyInput struct { // The name of the group to associate the policy with. // - // ®ex-name;. + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@-. // // GroupName is a required field GroupName *string `min:"1" type:"string" required:"true"` @@ -28183,7 +28882,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail { type RoleUsageType struct { _ struct{} `type:"structure"` - // The name of the region where the service-linked role is being used. + // The name of the Region where the service-linked role is being used. Region *string `min:"1" type:"string"` // The name of the resource that is using the service-linked role. @@ -28581,10 +29280,10 @@ type ServiceLastAccessed struct { // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` - // The total number of authenticated entities that have attempted to access - // the service. + // The total number of authenticated principals (root user, IAM users, or IAM + // roles) that have attempted to access the service. // - // This field is null if no IAM entities attempted to access the service within + // This field is null if no principals attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). TotalAuthenticatedEntities *int64 `type:"integer"` } @@ -29361,7 +30060,7 @@ type SimulatePrincipalPolicyInput struct { CallerArn *string `min:"1" type:"string"` // A list of context keys and corresponding values for the simulation to use. - // Whenever a context key is evaluated in one of the simulated IAM permission + // Whenever a context key is evaluated in one of the simulated IAM permissions // policies, the corresponding value is supplied. ContextEntries []*ContextEntry `type:"list"` @@ -31819,7 +32518,7 @@ type User struct { // * A password exists but has not been used since IAM started tracking this // information on October 20, 2014. // - // A null valuedoes not mean that the user never had a password. Also, if the + // A null value does not mean that the user never had a password. Also, if the // user does not currently have a password, but had one in the past, then this // field contains the date and time the most recent password was used. // @@ -32316,6 +33015,20 @@ const ( PolicyTypeManaged = "MANAGED" ) +const ( + // SortKeyTypeServiceNamespaceAscending is a sortKeyType enum value + SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING" + + // SortKeyTypeServiceNamespaceDescending is a sortKeyType enum value + SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING" + + // SortKeyTypeLastAuthenticatedTimeAscending is a sortKeyType enum value + SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING" + + // SortKeyTypeLastAuthenticatedTimeDescending is a sortKeyType enum value + SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING" +) + const ( // StatusTypeActive is a statusType enum value StatusTypeActive = "Active" diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go index 403317b87f44..30a85b3b44de 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/errors.go @@ -162,6 +162,13 @@ const ( // to the service-linked role for that service. ErrCodePolicyNotAttachableException = "PolicyNotAttachable" + // ErrCodeReportGenerationLimitExceededException for service response error code + // "ReportGenerationLimitExceeded". + // + // The request failed because the maximum number of concurrent requests for + // this account are already running. + ErrCodeReportGenerationLimitExceededException = "ReportGenerationLimitExceeded" + // ErrCodeServiceFailureException for service response error code // "ServiceFailure". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go index 9e2d5cca428f..7b3273a846ef 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/iam/iamiface/interface.go @@ -260,6 +260,10 @@ type IAMAPI interface { GenerateCredentialReportWithContext(aws.Context, *iam.GenerateCredentialReportInput, ...request.Option) (*iam.GenerateCredentialReportOutput, error) GenerateCredentialReportRequest(*iam.GenerateCredentialReportInput) (*request.Request, *iam.GenerateCredentialReportOutput) + GenerateOrganizationsAccessReport(*iam.GenerateOrganizationsAccessReportInput) (*iam.GenerateOrganizationsAccessReportOutput, error) + GenerateOrganizationsAccessReportWithContext(aws.Context, *iam.GenerateOrganizationsAccessReportInput, ...request.Option) (*iam.GenerateOrganizationsAccessReportOutput, error) + GenerateOrganizationsAccessReportRequest(*iam.GenerateOrganizationsAccessReportInput) (*request.Request, *iam.GenerateOrganizationsAccessReportOutput) + GenerateServiceLastAccessedDetails(*iam.GenerateServiceLastAccessedDetailsInput) (*iam.GenerateServiceLastAccessedDetailsOutput, error) GenerateServiceLastAccessedDetailsWithContext(aws.Context, *iam.GenerateServiceLastAccessedDetailsInput, ...request.Option) (*iam.GenerateServiceLastAccessedDetailsOutput, error) GenerateServiceLastAccessedDetailsRequest(*iam.GenerateServiceLastAccessedDetailsInput) (*request.Request, *iam.GenerateServiceLastAccessedDetailsOutput) @@ -318,6 +322,10 @@ type IAMAPI interface { GetOpenIDConnectProviderWithContext(aws.Context, *iam.GetOpenIDConnectProviderInput, ...request.Option) (*iam.GetOpenIDConnectProviderOutput, error) GetOpenIDConnectProviderRequest(*iam.GetOpenIDConnectProviderInput) (*request.Request, *iam.GetOpenIDConnectProviderOutput) + GetOrganizationsAccessReport(*iam.GetOrganizationsAccessReportInput) (*iam.GetOrganizationsAccessReportOutput, error) + GetOrganizationsAccessReportWithContext(aws.Context, *iam.GetOrganizationsAccessReportInput, ...request.Option) (*iam.GetOrganizationsAccessReportOutput, error) + GetOrganizationsAccessReportRequest(*iam.GetOrganizationsAccessReportInput) (*request.Request, *iam.GetOrganizationsAccessReportOutput) + GetPolicy(*iam.GetPolicyInput) (*iam.GetPolicyOutput, error) GetPolicyWithContext(aws.Context, *iam.GetPolicyInput, ...request.Option) (*iam.GetPolicyOutput, error) GetPolicyRequest(*iam.GetPolicyInput) (*request.Request, *iam.GetPolicyOutput) diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 06aabf1e61fe..139c27d14c1c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -545,6 +545,10 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // Deletes an analytics configuration for the bucket (specified by the analytics // configuration ID). // +// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration +// action. The bucket owner has this permission by default. The bucket owner +// can grant this permission to others. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3335,8 +3339,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. // -// Gets the Object Lock configuration for a bucket. The rule specified in the -// Object Lock configuration will be applied by default to every new object +// Gets the object lock configuration for a bucket. The rule specified in the +// object lock configuration will be applied by default to every new object // placed in the specified bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5754,8 +5758,7 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // PutBucketPolicy API operation for Amazon Simple Storage Service. // -// Replaces a policy on a bucket. If the bucket already has a policy, the one -// in this request completely replaces it. +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6439,8 +6442,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. // -// Places an Object Lock configuration on the specified bucket. The rule specified -// in the Object Lock configuration will be applied by default to every new +// Places an object lock configuration on the specified bucket. The rule specified +// in the object lock configuration will be applied by default to every new // object placed in the specified bucket. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -7010,13 +7013,16 @@ func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInp return out, req.Send() } -// Specifies the days since the initiation of an Incomplete Multipart Upload -// that Lifecycle will wait before permanently removing all parts of the upload. +// Specifies the days since the initiation of an incomplete multipart upload +// that Amazon S3 will wait before permanently removing all parts of the upload. +// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket +// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) +// in the Amazon Simple Storage Service Developer Guide. type AbortIncompleteMultipartUpload struct { _ struct{} `type:"structure"` - // Indicates the number of days that must pass since initiation for Lifecycle - // to abort an Incomplete Multipart Upload. + // Specifies the number of days after which Amazon S3 aborts an incomplete multipart + // upload. DaysAfterInitiation *int64 `type:"integer"` } @@ -7039,9 +7045,13 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI type AbortMultipartUploadInput struct { _ struct{} `type:"structure"` + // Name of the bucket to which the multipart upload was initiated. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Key of the object for which the multipart upload was initiated. + // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` @@ -7051,6 +7061,8 @@ type AbortMultipartUploadInput struct { // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` + // Upload ID that identifies the multipart upload. + // // UploadId is a required field UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` } @@ -7145,10 +7157,13 @@ func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipart return s } +// Configures the transfer acceleration state for an Amazon S3 bucket. For more +// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) +// in the Amazon Simple Storage Service Developer Guide. type AccelerateConfiguration struct { _ struct{} `type:"structure"` - // The accelerate configuration of the bucket. + // Specifies the transfer acceleration status of the bucket. Status *string `type:"string" enum:"BucketAccelerateStatus"` } @@ -7168,12 +7183,14 @@ func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration { return s } +// Contains the elements that set the ACL permissions for an object per grantee. type AccessControlPolicy struct { _ struct{} `type:"structure"` // A list of grants. Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"` + // Container for the bucket owner's display name and ID. Owner *Owner `type:"structure"` } @@ -7223,7 +7240,9 @@ func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy { type AccessControlTranslation struct { _ struct{} `type:"structure"` - // The override value for the owner of the replica object. + // Specifies the replica ownership. For default and valid values, see PUT bucket + // replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) + // in the Amazon Simple Storage Service API Reference. // // Owner is a required field Owner *string `type:"string" required:"true" enum:"OwnerOverride"` @@ -7258,10 +7277,14 @@ func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation return s } +// A conjunction (logical AND) of predicates, which is used in evaluating a +// metrics filter. The operator must have at least two predicates in any combination, +// and an object must match all of the predicates for the filter to apply. type AnalyticsAndOperator struct { _ struct{} `type:"structure"` - // The prefix to use when evaluating an AND predicate. + // The prefix to use when evaluating an AND predicate: The prefix that an object + // must have to be included in the metrics results. Prefix *string `type:"string"` // The list of tags to use when evaluating an AND predicate. @@ -7310,6 +7333,11 @@ func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator { return s } +// Specifies the configuration and any analyses for the analytics filter of +// an Amazon S3 bucket. +// +// For more information, see GET Bucket analytics (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETAnalyticsConfig.html) +// in the Amazon Simple Storage Service API Reference. type AnalyticsConfiguration struct { _ struct{} `type:"structure"` @@ -7318,13 +7346,13 @@ type AnalyticsConfiguration struct { // If no filter is provided, all objects will be considered in any analysis. Filter *AnalyticsFilter `type:"structure"` - // The identifier used to represent an analytics configuration. + // The ID that identifies the analytics configuration. // // Id is a required field Id *string `type:"string" required:"true"` - // If present, it indicates that data related to access patterns will be collected - // and made available to analyze the tradeoffs between different storage classes. + // Contains data related to access patterns to be collected and made available + // to analyze the tradeoffs between different storage classes. // // StorageClassAnalysis is a required field StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"` @@ -7384,6 +7412,7 @@ func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis return s } +// Where to publish the analytics results. type AnalyticsExportDestination struct { _ struct{} `type:"structure"` @@ -7492,7 +7521,7 @@ func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter { type AnalyticsS3BucketDestination struct { _ struct{} `type:"structure"` - // The Amazon resource name (ARN) of the bucket to which data is exported. + // The Amazon Resource Name (ARN) of the bucket to which data is exported. // // Bucket is a required field Bucket *string `type:"string" required:"true"` @@ -7501,13 +7530,12 @@ type AnalyticsS3BucketDestination struct { // the owner will not be validated prior to exporting data. BucketAccountId *string `type:"string"` - // The file format used when exporting data to Amazon S3. + // Specifies the file format used when exporting data to Amazon S3. // // Format is a required field Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"` - // The prefix to use when exporting data. The exported data begins with this - // prefix. + // The prefix to use when exporting data. The prefix is prepended to all results. Prefix *string `type:"string"` } @@ -7600,9 +7628,14 @@ func (s *Bucket) SetName(v string) *Bucket { return s } +// Specifies the lifecycle configuration for objects in an Amazon S3 bucket. +// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) +// in the Amazon Simple Storage Service Developer Guide. type BucketLifecycleConfiguration struct { _ struct{} `type:"structure"` + // A lifecycle rule for individual objects in an Amazon S3 bucket. + // // Rules is a required field Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` } @@ -7649,9 +7682,10 @@ func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifec type BucketLoggingStatus struct { _ struct{} `type:"structure"` - // Container for logging information. Presence of this element indicates that - // logging is enabled. Parameters TargetBucket and TargetPrefix are required - // in this case. + // Describes where logs are stored and the prefix that Amazon S3 assigns to + // all log object keys for a bucket. For more information, see PUT Bucket logging + // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) + // in the Amazon Simple Storage Service API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } @@ -7686,9 +7720,15 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin return s } +// Describes the cross-origin access configuration for objects in an Amazon +// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon +// Simple Storage Service Developer Guide. type CORSConfiguration struct { _ struct{} `type:"structure"` + // A set of allowed origins and methods. + // // CORSRules is a required field CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"` } @@ -7732,14 +7772,18 @@ func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration { return s } +// Specifies a cross-origin access rule for an Amazon S3 bucket. type CORSRule struct { _ struct{} `type:"structure"` - // Specifies which headers are allowed in a pre-flight OPTIONS request. + // Headers that are specified in the Access-Control-Request-Headers header. + // These headers are allowed in a preflight OPTIONS request. In response to + // any preflight OPTIONS request, Amazon S3 returns any requested headers that + // are allowed. AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"` - // Identifies HTTP methods that the domain/origin specified in the rule is allowed - // to execute. + // An HTTP method that you allow the origin to execute. Valid values are GET, + // PUT, HEAD, POST, and DELETE. // // AllowedMethods is a required field AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"` @@ -8290,6 +8334,7 @@ func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart { return s } +// Specifies a condition that must be met for a redirect to apply. type Condition struct { _ struct{} `type:"structure"` @@ -8444,10 +8489,10 @@ type CopyObjectInput struct { // Specifies whether you want to apply a Legal Hold to the copied object. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to the copied object. + // The object lock mode that you want to apply to the copied object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the copied object's object lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that she or he will be charged for the @@ -8471,6 +8516,11 @@ type CopyObjectInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -8735,6 +8785,12 @@ func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput { s.SSEKMSKeyId = &v @@ -8795,6 +8851,11 @@ type CopyObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -8853,6 +8914,12 @@ func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput { s.SSEKMSKeyId = &v @@ -8984,7 +9051,8 @@ type CreateBucketInput struct { // Allows grantee to write the ACL for the applicable bucket. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` - // Specifies whether you want S3 Object Lock to be enabled for the new bucket. + // Specifies whether you want Amazon S3 object lock to be enabled for the new + // bucket. ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` } @@ -9147,10 +9215,10 @@ type CreateMultipartUploadInput struct { // Specifies whether you want to apply a Legal Hold to the uploaded object. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // Specifies the Object Lock mode that you want to apply to the uploaded object. + // Specifies the object lock mode that you want to apply to the uploaded object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // Specifies the date and time when you want the Object Lock to expire. + // Specifies the date and time when you want the object lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that she or he will be charged for the @@ -9174,6 +9242,11 @@ type CreateMultipartUploadInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -9368,6 +9441,12 @@ func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMulti return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput { s.SSEKMSKeyId = &v @@ -9428,6 +9507,11 @@ type CreateMultipartUploadOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -9499,6 +9583,12 @@ func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMult return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput { s.SSEKMSKeyId = &v @@ -9517,7 +9607,7 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } -// The container element for specifying the default Object Lock retention settings +// The container element for specifying the default object lock retention settings // for new objects placed in the specified bucket. type DefaultRetention struct { _ struct{} `type:"structure"` @@ -9525,7 +9615,7 @@ type DefaultRetention struct { // The number of days that you want to specify for the default retention period. Days *int64 `type:"integer"` - // The default Object Lock retention mode you want to apply to new objects placed + // The default object lock retention mode you want to apply to new objects placed // in the specified bucket. Mode *string `type:"string" enum:"ObjectLockRetentionMode"` @@ -9625,7 +9715,7 @@ type DeleteBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The identifier used to represent an analytics configuration. + // The ID that identifies the analytics configuration. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -10425,7 +10515,7 @@ type DeleteObjectInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates whether S3 Object Lock should bypass Governance-mode restrictions + // Indicates whether Amazon S3 object lock should bypass governance-mode restrictions // to process this operation. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` @@ -10665,7 +10755,7 @@ type DeleteObjectsInput struct { Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` // Specifies whether you want to delete this object even if it has a Governance-type - // Object Lock in place. You must have sufficient permissions to perform this + // object lock in place. You must have sufficient permissions to perform this // operation. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` @@ -10902,33 +10992,33 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject { return s } -// A container for information about the replication destination. +// Specifies information about where to publish analysis or configuration results +// for an Amazon S3 bucket. type Destination struct { _ struct{} `type:"structure"` - // A container for information about access control for replicas. - // - // Use this element only in a cross-account scenario where source and destination - // bucket owners are not the same to change replica ownership to the AWS account - // that owns the destination bucket. If you don't add this element to the replication - // configuration, the replicas are owned by same AWS account that owns the source - // object. + // Specify this only in a cross-account scenario (where source and destination + // bucket owners are not the same), and you want to change replica ownership + // to the AWS account that owns the destination bucket. If this is not specified + // in the replication configuration, the replicas are owned by same AWS account + // that owns the source object. AccessControlTranslation *AccessControlTranslation `type:"structure"` - // The account ID of the destination bucket. Currently, Amazon S3 verifies this - // value only if Access Control Translation is enabled. - // - // In a cross-account scenario, if you change replica ownership to the AWS account - // that owns the destination bucket by adding the AccessControlTranslation element, - // this is the account ID of the owner of the destination bucket. + // Destination bucket owner account ID. In a cross-account scenario, if you + // direct Amazon S3 to change replica ownership to the AWS account that owns + // the destination bucket by specifying the AccessControlTranslation property, + // this is the account ID of the destination bucket owner. For more information, + // see Cross-Region Replication Additional Configuration: Change Replica Owner + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in + // the Amazon Simple Storage Service Developer Guide. Account *string `type:"string"` // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to // store replicas of the object identified by the rule. // - // If there are multiple rules in your replication configuration, all rules - // must specify the same bucket as the destination. A replication configuration - // can replicate objects to only one destination bucket. + // A replication configuration can replicate objects to only one destination + // bucket. If there are multiple rules in your replication configuration, all + // rules must specify the same destination bucket. // // Bucket is a required field Bucket *string `type:"string" required:"true"` @@ -10937,8 +11027,13 @@ type Destination struct { // is specified, you must specify this element. EncryptionConfiguration *EncryptionConfiguration `type:"structure"` - // The class of storage used to store the object. By default Amazon S3 uses - // storage class of the source object when creating a replica. + // The storage class to use when replicating objects, such as standard or reduced + // redundancy. By default, Amazon S3 uses the storage class of the source object + // to create the object replica. + // + // For valid values, see the StorageClass element of the PUT Bucket replication + // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) + // action in the Amazon Simple Storage Service API Reference. StorageClass *string `type:"string" enum:"StorageClass"` } @@ -11068,13 +11163,13 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { return s } -// A container for information about the encryption-based configuration for -// replicas. +// Specifies encryption-related information for an Amazon S3 bucket that is +// a destination for replicated objects. type EncryptionConfiguration struct { _ struct{} `type:"structure"` - // The ID of the AWS KMS key for the AWS Region where the destination bucket - // resides. Amazon S3 uses this key to encrypt the replica object. + // Specifies the AWS KMS Key ID (Key ARN or Alias ARN) for the destination bucket. + // Amazon S3 uses this key to encrypt replica objects. ReplicaKmsKeyID *string `type:"string"` } @@ -11207,18 +11302,19 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { return s } -// A container for a key value pair that defines the criteria for the filter -// rule. +// Specifies the Amazon S3 object key name to filter on and whether to filter +// on the suffix or prefix of the key name. type FilterRule struct { _ struct{} `type:"structure"` // The object key name prefix or suffix identifying one or more objects to which - // the filtering rule applies. The maximum prefix length is 1,024 characters. - // Overlapping prefixes and suffixes are not supported. For more information, - // see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // the filtering rule applies. The maximum length is 1,024 characters. Overlapping + // prefixes and suffixes are not supported. For more information, see Configuring + // Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // in the Amazon Simple Storage Service Developer Guide. Name *string `type:"string" enum:"FilterRuleName"` + // The value that the filter searches for in object key names. Value *string `type:"string"` } @@ -11400,7 +11496,7 @@ type GetBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The identifier used to represent an analytics configuration. + // The ID that identifies the analytics configuration. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -11597,8 +11693,7 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) { type GetBucketEncryptionOutput struct { _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` - // Container for server-side encryption configuration rules. Currently S3 supports - // one rule only. + // Specifies the default server-side-encryption configuration. ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` } @@ -11956,9 +12051,10 @@ func (s *GetBucketLoggingInput) getBucket() (v string) { type GetBucketLoggingOutput struct { _ struct{} `type:"structure"` - // Container for logging information. Presence of this element indicates that - // logging is enabled. Parameters TargetBucket and TargetPrefix are required - // in this case. + // Describes where logs are stored and the prefix that Amazon S3 assigns to + // all log object keys for a bucket. For more information, see PUT Bucket logging + // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) + // in the Amazon Simple Storage Service API Reference. LoggingEnabled *LoggingEnabled `type:"structure"` } @@ -12592,6 +12688,8 @@ type GetBucketWebsiteOutput struct { IndexDocument *IndexDocument `type:"structure"` + // Specifies the redirect behavior of all requests to a website endpoint of + // an Amazon S3 bucket. RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` @@ -13103,7 +13201,7 @@ func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObje type GetObjectLockConfigurationInput struct { _ struct{} `type:"structure"` - // The bucket whose Object Lock configuration you want to retrieve. + // The bucket whose object lock configuration you want to retrieve. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -13151,7 +13249,7 @@ func (s *GetObjectLockConfigurationInput) getBucket() (v string) { type GetObjectLockConfigurationOutput struct { _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` - // The specified bucket's Object Lock configuration. + // The specified bucket's object lock configuration. ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"` } @@ -13235,10 +13333,10 @@ type GetObjectOutput struct { // returned if you have permission to view an object's legal hold status. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The object lock mode currently in place for this object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when this object's Object Lock will expire. + // The date and time when this object's object lock will expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. @@ -14328,10 +14426,10 @@ type HeadObjectOutput struct { // The Legal Hold status for the specified object. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The object lock mode currently in place for this object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when this object's Object Lock will expire. + // The date and time when this object's object lock expires. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. @@ -14680,6 +14778,9 @@ func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization { return s } +// Specifies the inventory configuration for an Amazon S3 bucket. For more information, +// see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) +// in the Amazon Simple Storage Service API Reference. type InventoryConfiguration struct { _ struct{} `type:"structure"` @@ -14697,12 +14798,16 @@ type InventoryConfiguration struct { // Id is a required field Id *string `type:"string" required:"true"` - // Specifies which object version(s) to included in the inventory results. + // Object versions to include in the inventory list. If set to All, the list + // includes all the object versions, which adds the version-related fields VersionId, + // IsLatest, and DeleteMarker to the list. If set to Current, the list does + // not contain these version-related fields. // // IncludedObjectVersions is a required field IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"` - // Specifies whether the inventory is enabled or disabled. + // Specifies whether the inventory is enabled or disabled. If set to True, an + // inventory list is generated. If set to False, no inventory list is generated. // // IsEnabled is a required field IsEnabled *bool `type:"boolean" required:"true"` @@ -15145,11 +15250,15 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter { type LambdaFunctionConfiguration struct { _ struct{} `type:"structure"` + // The Amazon S3 bucket event for which to invoke the AWS Lambda function. For + // more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Events is a required field Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` - // A container for object key name filtering rules. For information about key - // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // Specifies object key name filtering rules. For information about key name + // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // in the Amazon Simple Storage Service Developer Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -15157,8 +15266,8 @@ type LambdaFunctionConfiguration struct { // If you don't provide one, Amazon S3 will assign an ID. Id *string `type:"string"` - // The Amazon Resource Name (ARN) of the Lambda cloud function that Amazon S3 - // can invoke when it detects events of the specified type. + // The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 + // invokes when the specified event type occurs. // // LambdaFunctionArn is a required field LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"` @@ -15309,8 +15418,11 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp type LifecycleRule struct { _ struct{} `type:"structure"` - // Specifies the days since the initiation of an Incomplete Multipart Upload - // that Lifecycle will wait before permanently removing all parts of the upload. + // Specifies the days since the initiation of an incomplete multipart upload + // that Amazon S3 will wait before permanently removing all parts of the upload. + // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket + // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon Simple Storage Service Developer Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` Expiration *LifecycleExpiration `type:"structure"` @@ -17267,9 +17379,10 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } -// Container for logging information. Presence of this element indicates that -// logging is enabled. Parameters TargetBucket and TargetPrefix are required -// in this case. +// Describes where logs are stored and the prefix that Amazon S3 assigns to +// all log object keys for a bucket. For more information, see PUT Bucket logging +// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) +// in the Amazon Simple Storage Service API Reference. type LoggingEnabled struct { _ struct{} `type:"structure"` @@ -17285,8 +17398,9 @@ type LoggingEnabled struct { TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` - // This element lets you specify a prefix for the keys that the log files will - // be stored under. + // A prefix for all log object keys. If you store log files from multiple Amazon + // S3 buckets in a single bucket, you can use a prefix to distinguish which + // log files came from which bucket. // // TargetPrefix is a required field TargetPrefix *string `type:"string" required:"true"` @@ -17429,6 +17543,13 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator { return s } +// Specifies a metrics configuration for the CloudWatch request metrics (specified +// by the metrics configuration ID) from an Amazon S3 bucket. If you're updating +// an existing metrics configuration, note that this is a full replacement of +// the existing metrics configuration. If you don't include the elements you +// want to keep, they are erased. For more information, see PUT Bucket metrics +// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) +// in the Amazon Simple Storage Service API Reference. type MetricsConfiguration struct { _ struct{} `type:"structure"` @@ -17646,11 +17767,11 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers } // Container for the transition rule that describes when noncurrent objects -// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or -// DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning +// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, +// or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning // is suspended), you can set this action to request that Amazon S3 transition // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, -// GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's +// GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's // lifetime. type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` @@ -17693,10 +17814,16 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi type NotificationConfiguration struct { _ struct{} `type:"structure"` + // Describes the AWS Lambda functions to invoke and the events for which to + // invoke them. LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"` + // The Amazon Simple Queue Service queues to publish messages to and the events + // for which to publish messages. QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"` + // The topic to which notifications are sent and the events for which notifications + // are generated. TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"` } @@ -17806,8 +17933,8 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf return s } -// A container for object key name filtering rules. For information about key -// name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) +// Specifies object key name filtering rules. For information about key name +// filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // in the Amazon Simple Storage Service Developer Guide. type NotificationConfigurationFilter struct { _ struct{} `type:"structure"` @@ -17945,14 +18072,14 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier { return s } -// The container element for Object Lock configuration parameters. +// The container element for object lock configuration parameters. type ObjectLockConfiguration struct { _ struct{} `type:"structure"` - // Indicates whether this bucket has an Object Lock configuration enabled. + // Indicates whether this bucket has an object lock configuration enabled. ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"` - // The Object Lock rule in place for the specified object. + // The object lock rule in place for the specified object. Rule *ObjectLockRule `type:"structure"` } @@ -18009,7 +18136,7 @@ type ObjectLockRetention struct { // Indicates the Retention mode for the specified object. Mode *string `type:"string" enum:"ObjectLockRetentionMode"` - // The date on which this Object Lock Retention will expire. + // The date on which this object lock retention expires. RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"` } @@ -18035,7 +18162,7 @@ func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetenti return s } -// The container element for an Object Lock rule. +// The container element for an object lock rule. type ObjectLockRule struct { _ struct{} `type:"structure"` @@ -18418,6 +18545,7 @@ func (s *ProgressEvent) UnmarshalEvent( return nil } +// Specifies the Block Public Access configuration for an Amazon S3 bucket. type PublicAccessBlockConfiguration struct { _ struct{} `type:"structure"` @@ -18575,6 +18703,7 @@ type PutBucketAclInput struct { // The canned ACL to apply to the bucket. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` + // Contains the elements that set the ACL permissions for an object per grantee. AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Bucket is a required field @@ -18710,7 +18839,7 @@ type PutBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The identifier used to represent an analytics configuration. + // The ID that identifies the analytics configuration. // // Id is a required field Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` @@ -18798,6 +18927,11 @@ type PutBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Describes the cross-origin access configuration for objects in an Amazon + // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon + // Simple Storage Service Developer Guide. + // // CORSConfiguration is a required field CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -18872,14 +19006,16 @@ func (s PutBucketCorsOutput) GoString() string { type PutBucketEncryptionInput struct { _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` - // The name of the bucket for which the server-side encryption configuration - // is set. + // Specifies default encryption for a bucket using server-side encryption with + // Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). For information + // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) + // in the Amazon Simple Storage Service Developer Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Container for server-side encryption configuration rules. Currently S3 supports - // one rule only. + // Specifies the default server-side-encryption configuration. // // ServerSideEncryptionConfiguration is a required field ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` @@ -19053,6 +19189,9 @@ type PutBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. + // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) + // in the Amazon Simple Storage Service Developer Guide. LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -19613,6 +19752,7 @@ type PutBucketReplicationInput struct { // ReplicationConfiguration is a required field ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` + // A token that allows Amazon S3 object lock to be enabled for an existing bucket. Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` } @@ -19853,6 +19993,10 @@ type PutBucketVersioningInput struct { // and the value that is displayed on your authentication device. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` + // Describes the versioning state of an Amazon S3 bucket. For more information, + // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) + // in the Amazon Simple Storage Service API Reference. + // // VersioningConfiguration is a required field VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -19931,6 +20075,8 @@ type PutBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + // Specifies website configuration parameters for an Amazon S3 bucket. + // // WebsiteConfiguration is a required field WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` } @@ -20008,6 +20154,7 @@ type PutObjectAclInput struct { // The canned ACL to apply to the object. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` + // Contains the elements that set the ACL permissions for an object per grantee. AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Bucket is a required field @@ -20209,7 +20356,8 @@ type PutObjectInput struct { ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` // The base64-encoded 128-bit MD5 digest of the part data. This parameter is - // auto-populated when using the command from the CLI + // auto-populated when using the command from the CLI. This parameted is required + // if object lock parameters are specified. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the object data. @@ -20241,10 +20389,10 @@ type PutObjectInput struct { // The Legal Hold status that you want to apply to the specified object. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to this object. + // The object lock mode that you want to apply to this object. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want this object's Object Lock to expire. + // The date and time when you want this object's object lock to expire. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that she or he will be charged for the @@ -20268,6 +20416,11 @@ type PutObjectInput struct { // key was transmitted without error. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // Specifies the AWS KMS Encryption Context to use for object encryption. The + // value of this header is a base64-encoded UTF-8 string holding JSON with the + // encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT // requests for an object protected by AWS KMS will fail if not made via SSL // or using SigV4. Documentation on configuring any of the officially supported @@ -20481,6 +20634,12 @@ func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput { s.SSEKMSKeyId = &v @@ -20634,12 +20793,12 @@ func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHo type PutObjectLockConfigurationInput struct { _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` - // The bucket whose Object Lock configuration you want to create or replace. + // The bucket whose object lock configuration you want to create or replace. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The Object Lock configuration that you want to apply to the specified bucket. + // The object lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that she or he will be charged for the @@ -20648,7 +20807,7 @@ type PutObjectLockConfigurationInput struct { // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // A token to allow Object Lock to be enabled for an existing bucket. + // A token to allow Amazon S3 object lock to be enabled for an existing bucket. Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` } @@ -20757,6 +20916,11 @@ type PutObjectOutput struct { // verification of the customer-provided encryption key. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` + // If present, specifies the AWS KMS Encryption Context to use for object encryption. + // The value of this header is a base64-encoded UTF-8 string holding JSON with + // the encryption context key-value pairs. + SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` + // If present, specifies the ID of the AWS Key Management Service (KMS) master // encryption key that was used for the object. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` @@ -20809,6 +20973,12 @@ func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput { return s } +// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. +func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput { + s.SSEKMSEncryptionContext = &v + return s +} + // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput { s.SSEKMSKeyId = &v @@ -21147,17 +21317,16 @@ func (s PutPublicAccessBlockOutput) GoString() string { return s.String() } -// A container for specifying the configuration for publication of messages -// to an Amazon Simple Queue Service (Amazon SQS) queue.when Amazon S3 detects -// specified events. +// Specifies the configuration for publishing messages to an Amazon Simple Queue +// Service (Amazon SQS) queue when Amazon S3 detects specified events. type QueueConfiguration struct { _ struct{} `type:"structure"` // Events is a required field Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` - // A container for object key name filtering rules. For information about key - // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // Specifies object key name filtering rules. For information about key name + // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // in the Amazon Simple Storage Service Developer Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -21166,7 +21335,7 @@ type QueueConfiguration struct { Id *string `type:"string"` // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 - // will publish a message when it detects events of the specified type. + // publishes a message when it detects events of the specified type. // // QueueArn is a required field QueueArn *string `locationName:"Queue" type:"string" required:"true"` @@ -21312,6 +21481,8 @@ func (s *RecordsEvent) UnmarshalEvent( return nil } +// Specifies how requests are redirected. In the event of an error, you can +// specify a different error code to return. type Redirect struct { _ struct{} `type:"structure"` @@ -21322,8 +21493,8 @@ type Redirect struct { // siblings is present. HttpRedirectCode *string `type:"string"` - // Protocol to use (http, https) when redirecting requests. The default is the - // protocol that is used in the original request. + // Protocol to use when redirecting requests. The default is the protocol that + // is used in the original request. Protocol *string `type:"string" enum:"Protocol"` // The object key prefix to use in the redirect request. For example, to redirect @@ -21335,7 +21506,7 @@ type Redirect struct { ReplaceKeyPrefixWith *string `type:"string"` // The specific object key to use in the redirect request. For example, redirect - // request to error.html. Not required if one of the sibling is present. Can + // request to error.html. Not required if one of the siblings is present. Can // be present only if ReplaceKeyPrefixWith is not provided. ReplaceKeyWith *string `type:"string"` } @@ -21380,16 +21551,18 @@ func (s *Redirect) SetReplaceKeyWith(v string) *Redirect { return s } +// Specifies the redirect behavior of all requests to a website endpoint of +// an Amazon S3 bucket. type RedirectAllRequestsTo struct { _ struct{} `type:"structure"` - // Name of the host where requests will be redirected. + // Name of the host where requests are redirected. // // HostName is a required field HostName *string `type:"string" required:"true"` - // Protocol to use (http, https) when redirecting requests. The default is the - // protocol that is used in the original request. + // Protocol to use when redirecting requests. The default is the protocol that + // is used in the original request. Protocol *string `type:"string" enum:"Protocol"` } @@ -21434,7 +21607,9 @@ type ReplicationConfiguration struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the AWS Identity and Access Management - // (IAM) role that Amazon S3 can assume when replicating the objects. + // (IAM) role that Amazon S3 assumes when replicating objects. For more information, + // see How to Set Up Cross-Region Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-how-setup.html) + // in the Amazon Simple Storage Service Developer Guide. // // Role is a required field Role *string `type:"string" required:"true"` @@ -21494,7 +21669,7 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo return s } -// A container for information about a specific replication rule. +// Specifies which Amazon S3 objects to replicate and where to store the replicas. type ReplicationRule struct { _ struct{} `type:"structure"` @@ -21514,7 +21689,8 @@ type ReplicationRule struct { ID *string `type:"string"` // An object keyname prefix that identifies the object or objects to which the - // rule applies. The maximum prefix length is 1,024 characters. + // rule applies. The maximum prefix length is 1,024 characters. To include all + // objects in a bucket, specify an empty string. // // Deprecated: Prefix has been deprecated Prefix *string `deprecated:"true" type:"string"` @@ -21539,12 +21715,9 @@ type ReplicationRule struct { // replication of these objects. Currently, Amazon S3 supports only the filter // that you can specify for objects created with server-side encryption using // an AWS KMS-Managed Key (SSE-KMS). - // - // If you want Amazon S3 to replicate objects created with server-side encryption - // using AWS KMS-Managed Keys. SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"` - // If status isn't enabled, the rule is ignored. + // Specifies whether the rule is enabled. // // Status is a required field Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"` @@ -22059,6 +22232,7 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { return s } +// Specifies the redirect behavior and when a redirect is applied. type RoutingRule struct { _ struct{} `type:"structure"` @@ -22111,16 +22285,22 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule { return s } +// Specifies lifecycle rules for an Amazon S3 bucket. For more information, +// see PUT Bucket lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) +// in the Amazon Simple Storage Service API Reference. type Rule struct { _ struct{} `type:"structure"` - // Specifies the days since the initiation of an Incomplete Multipart Upload - // that Lifecycle will wait before permanently removing all parts of the upload. + // Specifies the days since the initiation of an incomplete multipart upload + // that Amazon S3 will wait before permanently removing all parts of the upload. + // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket + // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon Simple Storage Service Developer Guide. AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` Expiration *LifecycleExpiration `type:"structure"` - // Unique identifier for the rule. The value cannot be longer than 255 characters. + // Unique identifier for the rule. The value can't be longer than 255 characters. ID *string `type:"string"` // Specifies when noncurrent object versions expire. Upon expiration, Amazon @@ -22131,25 +22311,27 @@ type Rule struct { NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` // Container for the transition rule that describes when noncurrent objects - // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or - // DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning + // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, + // or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning // is suspended), you can set this action to request that Amazon S3 transition // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, - // GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's + // GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's // lifetime. NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"` - // Prefix identifying one or more objects to which the rule applies. + // Object key prefix that identifies one or more objects to which this rule + // applies. // // Prefix is a required field Prefix *string `type:"string" required:"true"` - // If 'Enabled', the rule is currently being applied. If 'Disabled', the rule - // is not currently being applied. + // If Enabled, the rule is currently being applied. If Disabled, the rule is + // not currently being applied. // // Status is a required field Status *string `type:"string" required:"true" enum:"ExpirationStatus"` + // Specifies when an object transitions to a specified storage class. Transition *Transition `type:"structure"` } @@ -22800,13 +22982,15 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec } // Describes the default server-side encryption to apply to new objects in the -// bucket. If Put Object request does not specify any server-side encryption, -// this default encryption will be applied. +// bucket. If a PUT Object request doesn't specify any server-side encryption, +// this default encryption will be applied. For more information, see PUT Bucket +// encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) +// in the Amazon Simple Storage Service API Reference. type ServerSideEncryptionByDefault struct { _ struct{} `type:"structure"` // KMS master key ID to use for the default encryption. This parameter is allowed - // if SSEAlgorithm is aws:kms. + // if and only if SSEAlgorithm is set to aws:kms. KMSMasterKeyID *string `type:"string" sensitive:"true"` // Server-side encryption algorithm to use for the default encryption. @@ -22850,8 +23034,7 @@ func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEnc return s } -// Container for server-side encryption configuration rules. Currently S3 supports -// one rule only. +// Specifies the default server-side-encryption configuration. type ServerSideEncryptionConfiguration struct { _ struct{} `type:"structure"` @@ -22901,13 +23084,12 @@ func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRu return s } -// Container for information about a particular server-side encryption configuration -// rule. +// Specifies the default server-side encryption configuration. type ServerSideEncryptionRule struct { _ struct{} `type:"structure"` - // Describes the default server-side encryption to apply to new objects in the - // bucket. If Put Object request does not specify any server-side encryption, + // Specifies the default server-side encryption to apply to new objects in the + // bucket. If a PUT Object request doesn't specify any server-side encryption, // this default encryption will be applied. ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"` } @@ -22943,13 +23125,17 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv return s } -// A container for filters that define which source objects should be replicated. +// A container that describes additional filters for identifying the source +// objects that you want to replicate. You can choose to enable or disable the +// replication of these objects. Currently, Amazon S3 supports only the filter +// that you can specify for objects created with server-side encryption using +// an AWS KMS-Managed Key (SSE-KMS). type SourceSelectionCriteria struct { _ struct{} `type:"structure"` - // A container for filter information for the selection of S3 objects encrypted - // with AWS KMS. If you include SourceSelectionCriteria in the replication configuration, - // this element is required. + // A container for filter information for the selection of Amazon S3 objects + // encrypted with AWS KMS. If you include SourceSelectionCriteria in the replication + // configuration, this element is required. SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"` } @@ -22989,8 +23175,8 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb type SseKmsEncryptedObjects struct { _ struct{} `type:"structure"` - // If the status is not Enabled, replication for S3 objects encrypted with AWS - // KMS is disabled. + // Specifies whether Amazon S3 replicates objects created with server-side encryption + // using an AWS KMS-managed key. // // Status is a required field Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` @@ -23106,11 +23292,14 @@ func (s *StatsEvent) UnmarshalEvent( return nil } +// Specifies data related to access patterns to be collected and made available +// to analyze the tradeoffs between different storage classes for an Amazon +// S3 bucket. type StorageClassAnalysis struct { _ struct{} `type:"structure"` - // A container used to describe how data related to the storage class analysis - // should be exported. + // Specifies how data related to the storage class analysis for an Amazon S3 + // bucket should be exported. DataExport *StorageClassAnalysisDataExport `type:"structure"` } @@ -23350,16 +23539,20 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { } // A container for specifying the configuration for publication of messages -// to an Amazon Simple Notification Service (Amazon SNS) topic.when Amazon S3 +// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 // detects specified events. type TopicConfiguration struct { _ struct{} `type:"structure"` + // The Amazon S3 bucket event about which to send notifications. For more information, + // see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // in the Amazon Simple Storage Service Developer Guide. + // // Events is a required field Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` - // A container for object key name filtering rules. For information about key - // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) + // Specifies object key name filtering rules. For information about key name + // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // in the Amazon Simple Storage Service Developer Guide. Filter *NotificationConfigurationFilter `type:"structure"` @@ -23368,7 +23561,7 @@ type TopicConfiguration struct { Id *string `type:"string"` // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 - // will publish a message when it detects events of the specified type. + // publishes a message when it detects events of the specified type. // // TopicArn is a required field TopicArn *string `locationName:"Topic" type:"string" required:"true"` @@ -23477,18 +23670,19 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep return s } +// Specifies when an object transitions to a specified storage class. type Transition struct { _ struct{} `type:"structure"` - // Indicates at what date the object is to be moved or deleted. Should be in - // GMT ISO 8601 Format. + // Indicates when objects are transitioned to the specified storage class. The + // date value must be in ISO 8601 format. The time is always midnight UTC. Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` - // Indicates the lifetime, in days, of the objects that are subject to the rule. - // The value must be a non-zero positive integer. + // Indicates the number of days after creation when objects are transitioned + // to the specified storage class. The value must be a positive integer. Days *int64 `type:"integer"` - // The class of storage used to store the object. + // The storage class to which you want the object to transition. StorageClass *string `type:"string" enum:"TransitionStorageClass"` } @@ -23865,7 +24059,9 @@ type UploadPartInput struct { // body cannot be determined automatically. ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` - // The base64-encoded 128-bit MD5 digest of the part data. + // The base64-encoded 128-bit MD5 digest of the part data. This parameter is + // auto-populated when using the command from the CLI. This parameted is required + // if object lock parameters are specified. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // Object key for which the multipart upload was initiated. @@ -24100,6 +24296,9 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput { return s } +// Describes the versioning state of an Amazon S3 bucket. For more information, +// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) +// in the Amazon Simple Storage Service API Reference. type VersioningConfiguration struct { _ struct{} `type:"structure"` @@ -24134,15 +24333,22 @@ func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration { return s } +// Specifies website configuration parameters for an Amazon S3 bucket. type WebsiteConfiguration struct { _ struct{} `type:"structure"` + // The name of the error document for the website. ErrorDocument *ErrorDocument `type:"structure"` + // The name of the index document for the website. IndexDocument *IndexDocument `type:"structure"` + // The redirect behavior for every request to this bucket's website endpoint. + // + // If you specify this property, you can't specify any other property. RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` + // Rules that define when a redirect is applied and the redirect behavior. RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go index 39b912c260b5..4b65f71531a2 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go @@ -63,6 +63,20 @@ // See the s3manager package's Downloader type documentation for more information. // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader // +// Automatic URI cleaning +// +// Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname) +// requires setting DisableRestProtocolURICleaning to true in the aws.Config struct +// used by the service client. +// +// svc := s3.New(sess, &aws.Config{ +// DisableRestProtocolURICleaning: aws.Bool(true), +// }) +// out, err := svc.GetObject(&s3.GetObjectInput { +// Bucket: aws.String("bucketname"), +// Key: aws.String("//foo//bar//moo"), +// }) +// // Get Bucket Region // // GetBucketRegion will attempt to get the region for a bucket using a region diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 9e610591a19b..eb0a6a417efb 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -702,6 +702,102 @@ func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *Deco return out, req.Send() } +const opGetAccessKeyInfo = "GetAccessKeyInfo" + +// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the +// client's request for the GetAccessKeyInfo operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetAccessKeyInfoRequest method. +// req, resp := client.GetAccessKeyInfoRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo +func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) { + op := &request.Operation{ + Name: opGetAccessKeyInfo, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetAccessKeyInfoInput{} + } + + output = &GetAccessKeyInfoOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAccessKeyInfo API operation for AWS Security Token Service. +// +// Returns the account identifier for the specified access key ID. +// +// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) +// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). +// For more information about access keys, see Managing Access Keys for IAM +// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) +// in the IAM User Guide. +// +// When you pass an access key ID to this operation, it returns the ID of the +// AWS account to which the keys belong. Access key IDs beginning with AKIA +// are long-term credentials for an IAM user or the AWS account root user. Access +// key IDs beginning with ASIA are temporary credentials that are created using +// STS operations. If the account in the response belongs to you, you can sign +// in as the root user and review your root user access keys. Then, you can +// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) +// to learn which IAM user owns the keys. To learn who requested the temporary +// credentials for an ASIA access key, view the STS events in your CloudTrail +// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html). +// +// This operation does not indicate the state of the access key. The key might +// be active, inactive, or deleted. Active keys might not have permissions to +// perform an operation. Providing a deleted access key might return an error +// that the key doesn't exist. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Security Token Service's +// API operation GetAccessKeyInfo for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo +func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) { + req, out := c.GetAccessKeyInfoRequest(input) + return out, req.Send() +} + +// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of +// the ability to pass a context and additional request options. +// +// See GetAccessKeyInfo for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) { + req, out := c.GetAccessKeyInfoRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetCallerIdentity = "GetCallerIdentity" // GetCallerIdentityRequest generates a "aws/request.Request" representing the @@ -746,8 +842,15 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ // GetCallerIdentity API operation for AWS Security Token Service. // -// Returns details about the IAM identity whose credentials are used to call -// the API. +// Returns details about the IAM user or role whose credentials are used to +// call the operation. +// +// No permissions are required to perform this operation. If an administrator +// adds a policy to your IAM user or role that explicitly denies access to the +// sts:GetCallerIdentity action, you can still perform this operation. Permissions +// are not required because the same information is returned when an IAM user +// or role is denied access. To view an example response, see I Am Not Authorized +// to Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1129,7 +1232,7 @@ type AssumeRoleInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session // policies shouldn't exceed 2048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // The characters in this parameter count towards the 2048 character session @@ -1407,7 +1510,7 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session // policies shouldn't exceed 2048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // The characters in this parameter count towards the 2048 character session @@ -1702,7 +1805,7 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plain text that you use for both inline and managed session // policies shouldn't exceed 2048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // The characters in this parameter count towards the 2048 character session @@ -2156,6 +2259,73 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser { return s } +type GetAccessKeyInfoInput struct { + _ struct{} `type:"structure"` + + // The identifier of an access key. + // + // This parameter allows (through its regex pattern) a string of characters + // that can consist of any upper- or lowercased letter or digit. + // + // AccessKeyId is a required field + AccessKeyId *string `min:"16" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetAccessKeyInfoInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAccessKeyInfoInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAccessKeyInfoInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"} + if s.AccessKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessKeyId")) + } + if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 { + invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput { + s.AccessKeyId = &v + return s +} + +type GetAccessKeyInfoOutput struct { + _ struct{} `type:"structure"` + + // The number used to identify the AWS account. + Account *string `type:"string"` +} + +// String returns the string representation +func (s GetAccessKeyInfoOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAccessKeyInfoOutput) GoString() string { + return s.String() +} + +// SetAccount sets the Account field's value. +func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput { + s.Account = &v + return s +} + type GetCallerIdentityInput struct { _ struct{} `type:"structure"` } @@ -2284,7 +2454,7 @@ type GetFederationTokenInput struct { // use as managed session policies. The plain text that you use for both inline // and managed session policies shouldn't exceed 2048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // This parameter is optional. However, if you do not pass any session policies, @@ -2545,7 +2715,7 @@ type PolicyDescriptorType struct { // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session // policy for the role. For more information about ARNs, see Amazon Resource - // Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. Arn *string `locationName:"arn" min:"20" type:"string"` } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go new file mode 100644 index 000000000000..d5307fcaa0f3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go @@ -0,0 +1,11 @@ +package sts + +import "github.com/aws/aws-sdk-go/aws/request" + +func init() { + initRequest = customizeRequest +} + +func customizeRequest(r *request.Request) { + r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException) +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go index 1eba20b00250..e2e1d6efe55f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go @@ -76,6 +76,10 @@ type STSAPI interface { DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error) DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput) + GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error) + GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error) + GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput) + GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error) GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)