diff options
| author | Dave Henderson <dhenderson@gmail.com> | 2019-06-01 09:10:51 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-06-01 09:10:51 -0400 |
| commit | 83ebe4cfb1c24a8a6d1308664c4281ef050bd265 (patch) | |
| tree | 26f7b069951e6e524f5d7ee26049e656ef4bcba1 /vendor/github.com | |
| parent | 9b52395b5d201b100336dfe87eb21e02a2fcd9a7 (diff) | |
| parent | 899ddf06b8550a1153a63e2c4f170219e6d0718c (diff) | |
Merge pull request #562 from hairyhenderson/update-deps
Updating deps
Diffstat (limited to 'vendor/github.com')
59 files changed, 6544 insertions, 2724 deletions
diff --git a/vendor/github.com/armon/go-metrics/inmem.go b/vendor/github.com/armon/go-metrics/inmem.go index 4e2d6a70..93b0e0ad 100644 --- a/vendor/github.com/armon/go-metrics/inmem.go +++ b/vendor/github.com/armon/go-metrics/inmem.go @@ -255,11 +255,11 @@ func (i *InmemSink) Data() []*IntervalMetrics { } copyCurrent.Counters = make(map[string]SampledValue, len(current.Counters)) for k, v := range current.Counters { - copyCurrent.Counters[k] = v + copyCurrent.Counters[k] = v.deepCopy() } copyCurrent.Samples = make(map[string]SampledValue, len(current.Samples)) for k, v := range current.Samples { - copyCurrent.Samples[k] = v + copyCurrent.Samples[k] = v.deepCopy() } current.RUnlock() diff --git a/vendor/github.com/armon/go-metrics/inmem_endpoint.go b/vendor/github.com/armon/go-metrics/inmem_endpoint.go index 504f1b37..5fac958d 100644 --- a/vendor/github.com/armon/go-metrics/inmem_endpoint.go +++ b/vendor/github.com/armon/go-metrics/inmem_endpoint.go @@ -41,6 +41,16 @@ type SampledValue struct { DisplayLabels map[string]string `json:"Labels"` } +// deepCopy allocates a new instance of AggregateSample +func (source *SampledValue) deepCopy() SampledValue { + dest := *source + if source.AggregateSample != nil { + dest.AggregateSample = &AggregateSample{} + *dest.AggregateSample = *source.AggregateSample + } + return dest +} + // DisplayMetrics returns a summary of the metrics from the most recent finished interval. func (i *InmemSink) DisplayMetrics(resp http.ResponseWriter, req *http.Request) (interface{}, error) { data := i.Data() @@ -52,12 +62,15 @@ func (i *InmemSink) DisplayMetrics(resp http.ResponseWriter, req *http.Request) return nil, fmt.Errorf("no metric intervals have been initialized yet") case n == 1: // Show the current interval if it's all we have - interval = i.intervals[0] + interval = data[0] default: // Show the most recent finished interval if we have one - interval = i.intervals[n-2] + interval = data[n-2] } + interval.RLock() + defer interval.RUnlock() + summary := MetricsSummary{ Timestamp: interval.Interval.Round(time.Second).UTC().String(), Gauges: make([]GaugeValue, 0, len(interval.Gauges)), diff --git a/vendor/github.com/armon/go-metrics/metrics.go b/vendor/github.com/armon/go-metrics/metrics.go index cf9def74..4920d683 100644 --- a/vendor/github.com/armon/go-metrics/metrics.go +++ b/vendor/github.com/armon/go-metrics/metrics.go @@ -197,7 +197,7 @@ func (m *Metrics) filterLabels(labels []Label) []Label { if labels == nil { return nil } - toReturn := labels[:0] + toReturn := []Label{} for _, label := range labels { if m.labelIsAllowed(&label) { toReturn = append(toReturn, label) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go index 56fdfc2b..99849c0e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go @@ -138,8 +138,27 @@ type RequestFailure interface { RequestID() string } -// NewRequestFailure returns a new request error wrapper for the given Error -// provided. +// NewRequestFailure returns a wrapped error with additional information for +// request status code, and service requestID. +// +// Should be used to wrap all request which involve service requests. Even if +// the request failed without a service response, but had an HTTP status code +// that may be meaningful. func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure { return newRequestError(err, statusCode, reqID) } + +// UnmarshalError provides the interface for the SDK failing to unmarshal data. +type UnmarshalError interface { + awsError + Bytes() []byte +} + +// NewUnmarshalError returns an initialized UnmarshalError error wrapper adding +// the bytes that fail to unmarshal to the error. +func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError { + return &unmarshalError{ + awsError: New("UnmarshalError", msg, err), + bytes: bytes, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go index 0202a008..a2c5817c 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go @@ -1,6 +1,9 @@ package awserr -import "fmt" +import ( + "encoding/hex" + "fmt" +) // SprintError returns a string of the formatted error code. // @@ -119,6 +122,7 @@ type requestError struct { awsError statusCode int requestID string + bytes []byte } // newRequestError returns a wrapped error with additional information for @@ -170,6 +174,29 @@ func (r requestError) OrigErrs() []error { return []error{r.OrigErr()} } +type unmarshalError struct { + awsError + bytes []byte +} + +// Error returns the string representation of the error. +// Satisfies the error interface. +func (e unmarshalError) Error() string { + extra := hex.Dump(e.bytes) + return SprintError(e.Code(), e.Message(), extra, e.OrigErr()) +} + +// String returns the string representation of the error. +// Alias for Error to satisfy the stringer interface. +func (e unmarshalError) String() string { + return e.Error() +} + +// Bytes returns the bytes that failed to unmarshal. +func (e unmarshalError) Bytes() []byte { + return e.bytes +} + // An error list that satisfies the golang interface type errorList []error diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go index 0ed791be..43d4ed38 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go @@ -11,6 +11,7 @@ import ( "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/ec2metadata" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/internal/sdkuri" ) @@ -142,7 +143,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) { } if err := s.Err(); err != nil { - return nil, awserr.New("SerializationError", "failed to read EC2 instance role from metadata service", err) + return nil, awserr.New(request.ErrCodeSerialization, + "failed to read EC2 instance role from metadata service", err) } return credsList, nil @@ -164,7 +166,7 @@ func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCred respCreds := ec2RoleCredRespBody{} if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil { return ec2RoleCredRespBody{}, - awserr.New("SerializationError", + awserr.New(request.ErrCodeSerialization, fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName), err) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index ace51313..c2b2c5d6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -39,6 +39,7 @@ import ( "github.com/aws/aws-sdk-go/aws/client/metadata" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" ) // ProviderName is the name of the credentials provider. @@ -174,7 +175,7 @@ func unmarshalHandler(r *request.Request) { out := r.Data.(*getCredentialsOutput) if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil { - r.Error = awserr.New("SerializationError", + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode endpoint credentials", err, ) @@ -185,11 +186,15 @@ func unmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() var errOut errorOutput - if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&errOut); err != nil { - r.Error = awserr.New("SerializationError", - "failed to decode endpoint credentials", - err, + err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body) + if err != nil { + r.Error = awserr.NewRequestFailure( + awserr.New(request.ErrCodeSerialization, + "failed to decode error message", err), + r.HTTPResponse.StatusCode, + r.RequestID, ) + return } // Response body format is not consistent between metadata endpoints. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index 0d1b5504..b6dbfd24 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go @@ -87,6 +87,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/internal/sdkrand" "github.com/aws/aws-sdk-go/service/sts" ) @@ -194,6 +195,18 @@ type AssumeRoleProvider struct { // // If ExpiryWindow is 0 or less it will be ignored. ExpiryWindow time.Duration + + // MaxJitterFrac reduces the effective Duration of each credential requested + // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must + // have a value between 0 and 1. Any other value may lead to expected behavior. + // With a MaxJitterFrac value of 0, default) will no jitter will be used. + // + // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the + // AssumeRole call will be made with an arbitrary Duration between 27m and + // 30m. + // + // MaxJitterFrac should not be negative. + MaxJitterFrac float64 } // NewCredentials returns a pointer to a new Credentials object wrapping the @@ -255,8 +268,9 @@ func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { // Expire as often as AWS permits. p.Duration = DefaultDuration } + jitter := time.Duration(sdkrand.SeededRand.Float64() * p.MaxJitterFrac * float64(p.Duration)) input := &sts.AssumeRoleInput{ - DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), + DurationSeconds: aws.Int64(int64((p.Duration - jitter) / time.Second)), RoleArn: aws.String(p.RoleARN), RoleSessionName: aws.String(p.RoleSessionName), ExternalId: p.ExternalID, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index 0b5571ac..d9aa5b06 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go @@ -96,7 +96,7 @@ func getMetricException(err awserr.Error) metricException { switch code { case "RequestError", - "SerializationError", + request.ErrCodeSerialization, request.CanceledErrorCode: return sdkException{ requestException{exception: code, message: msg}, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go index d57a1af5..2c8d5f56 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go @@ -82,7 +82,7 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument doc := EC2InstanceIdentityDocument{} if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil { return EC2InstanceIdentityDocument{}, - awserr.New("SerializationError", + awserr.New(request.ErrCodeSerialization, "failed to decode EC2 instance identity document", err) } @@ -101,7 +101,7 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) { info := EC2IAMInfo{} if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil { return EC2IAMInfo{}, - awserr.New("SerializationError", + awserr.New(request.ErrCodeSerialization, "failed to decode EC2 IAM info", err) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index f4438eae..f0c1d31e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -123,7 +123,7 @@ func unmarshalHandler(r *request.Request) { defer r.HTTPResponse.Body.Close() b := &bytes.Buffer{} if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { - r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata respose", err) + r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata respose", err) return } @@ -136,7 +136,7 @@ func unmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() b := &bytes.Buffer{} if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { - r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata error respose", err) + r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error respose", err) return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index d020c66c..e315e7bd 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -15,6 +15,7 @@ const ( // AWS Standard partition's regions. const ( + ApEast1RegionID = "ap-east-1" // Asia Pacific (Hong Kong). ApNortheast1RegionID = "ap-northeast-1" // Asia Pacific (Tokyo). ApNortheast2RegionID = "ap-northeast-2" // Asia Pacific (Seoul). ApSouth1RegionID = "ap-south-1" // Asia Pacific (Mumbai). @@ -91,6 +92,9 @@ var awsPartition = partition{ SignatureVersions: []string{"v4"}, }, Regions: regions{ + "ap-east-1": region{ + Description: "Asia Pacific (Hong Kong)", + }, "ap-northeast-1": region{ Description: "Asia Pacific (Tokyo)", }, @@ -150,6 +154,7 @@ var awsPartition = partition{ "acm": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -174,20 +179,31 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, "api.ecr": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{ + Hostname: "api.ecr.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, "ap-northeast-1": endpoint{ Hostname: "api.ecr.ap-northeast-1.amazonaws.com", CredentialScope: credentialScope{ @@ -353,6 +369,7 @@ var awsPartition = partition{ "apigateway": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -380,6 +397,7 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -398,6 +416,24 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "appmesh": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "appstream2": service{ Defaults: endpoint{ Protocols: []string{"https"}, @@ -454,6 +490,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -563,7 +600,9 @@ var awsPartition = partition{ "cloud9": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, "ap-southeast-1": endpoint{}, + "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -587,6 +626,7 @@ var awsPartition = partition{ "cloudformation": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -641,6 +681,7 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -676,6 +717,7 @@ var awsPartition = partition{ "cloudtrail": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -704,6 +746,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -767,6 +810,7 @@ var awsPartition = partition{ "codedeploy": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -915,15 +959,19 @@ var awsPartition = partition{ "comprehendmedical": service{ Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "config": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -948,6 +996,19 @@ var awsPartition = partition{ "us-east-1": endpoint{}, }, }, + "data.mediastore": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "datapipeline": service{ Endpoints: endpoints{ @@ -1025,6 +1086,7 @@ var awsPartition = partition{ "dms": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1046,6 +1108,18 @@ var awsPartition = partition{ "docdb": service{ Endpoints: endpoints{ + "ap-northeast-1": endpoint{ + Hostname: "rds.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + "ap-northeast-2": endpoint{ + Hostname: "rds.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, "eu-central-1": endpoint{ Hostname: "rds.eu-central-1.amazonaws.com", CredentialScope: credentialScope{ @@ -1102,6 +1176,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1132,6 +1207,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1164,6 +1240,7 @@ var awsPartition = partition{ "ecs": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1185,6 +1262,7 @@ var awsPartition = partition{ "elasticache": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1212,6 +1290,7 @@ var awsPartition = partition{ "elasticbeanstalk": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1237,6 +1316,7 @@ var awsPartition = partition{ "ap-northeast-2": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, @@ -1251,6 +1331,7 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1275,6 +1356,7 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1313,9 +1395,12 @@ var awsPartition = partition{ "email": service{ Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "entitlement.marketplace": service{ @@ -1331,6 +1416,7 @@ var awsPartition = partition{ "es": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1358,6 +1444,7 @@ var awsPartition = partition{ "events": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1386,6 +1473,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -1402,11 +1490,15 @@ var awsPartition = partition{ }, Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1414,6 +1506,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -1444,6 +1537,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1495,6 +1589,13 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "groundstation": service{ + + Endpoints: endpoints{ + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "guardduty": service{ IsRegionalized: boxedTrue, Defaults: endpoint{ @@ -1508,6 +1609,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -1598,9 +1700,36 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "iotthingsgraph": service{ + Defaults: endpoint{ + CredentialScope: credentialScope{ + Service: "iotthingsgraph", + }, + }, + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "kafka": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "kinesis": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1622,11 +1751,16 @@ var awsPartition = partition{ "kinesisanalytics": service{ Endpoints: endpoints{ - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-2": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, }, }, "kinesisvideo": service{ @@ -1649,6 +1783,7 @@ var awsPartition = partition{ Region: "ca-central-1", }, }, + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1670,6 +1805,7 @@ var awsPartition = partition{ "lambda": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1696,11 +1832,16 @@ var awsPartition = partition{ "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, + "us-west-1": endpoint{}, "us-west-2": endpoint{}, }, }, @@ -1725,6 +1866,7 @@ var awsPartition = partition{ "logs": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1834,6 +1976,7 @@ var awsPartition = partition{ "ap-northeast-2": endpoint{}, "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "us-east-1": endpoint{}, "us-west-2": endpoint{}, @@ -1846,6 +1989,7 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1893,6 +2037,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -1946,6 +2091,12 @@ var awsPartition = partition{ Region: "ap-northeast-1", }, }, + "ap-northeast-2": endpoint{ + Hostname: "rds.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, "ap-south-1": endpoint{ Hostname: "rds.ap-south-1.amazonaws.com", CredentialScope: credentialScope{ @@ -2056,10 +2207,12 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ - "eu-central-1": endpoint{}, - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "polly": service{ @@ -2083,9 +2236,41 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "projects.iot1click": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "ram": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "rds": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2109,6 +2294,7 @@ var awsPartition = partition{ "redshift": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2143,6 +2329,7 @@ var awsPartition = partition{ "resource-groups": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2164,9 +2351,10 @@ var awsPartition = partition{ "robomaker": service{ Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, - "us-west-2": endpoint{}, + "ap-northeast-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "route53": service{ @@ -2250,6 +2438,7 @@ var awsPartition = partition{ DualStackHostname: "{service}.dualstack.{region}.{dnsSuffix}", }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{ Hostname: "s3.ap-northeast-1.amazonaws.com", SignatureVersions: []string{"s3", "s3v4"}, @@ -2478,6 +2667,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2558,6 +2748,9 @@ var awsPartition = partition{ "eu-central-1": endpoint{ Protocols: []string{"https"}, }, + "eu-north-1": endpoint{ + Protocols: []string{"https"}, + }, "eu-west-1": endpoint{ Protocols: []string{"https"}, }, @@ -2669,6 +2862,7 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, "eu-west-3": endpoint{}, @@ -2703,6 +2897,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2727,6 +2922,7 @@ var awsPartition = partition{ Protocols: []string{"http", "https"}, }, Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2774,6 +2970,7 @@ var awsPartition = partition{ "ssm": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2795,6 +2992,7 @@ var awsPartition = partition{ "states": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2876,6 +3074,12 @@ var awsPartition = partition{ }, }, Endpoints: endpoints{ + "ap-east-1": endpoint{ + Hostname: "sts.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{ Hostname: "sts.ap-northeast-2.amazonaws.com", @@ -2933,6 +3137,7 @@ var awsPartition = partition{ "swf": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2954,6 +3159,7 @@ var awsPartition = partition{ "tagging": service{ Endpoints: endpoints{ + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -2996,8 +3202,14 @@ var awsPartition = partition{ Protocols: []string{"https"}, }, Endpoints: endpoints{ - "eu-west-1": endpoint{}, - "us-east-1": endpoint{}, + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, "us-east-1-fips": endpoint{ Hostname: "translate-fips.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -3193,6 +3405,20 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "cloudfront": service{ + PartitionEndpoint: "aws-cn-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-cn-global": endpoint{ + Hostname: "cloudfront.cn-northwest-1.amazonaws.com.cn", + Protocols: []string{"http", "https"}, + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "cloudtrail": service{ Endpoints: endpoints{ @@ -3396,6 +3622,17 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "mediaconvert": service{ + + Endpoints: endpoints{ + "cn-northwest-1": endpoint{ + Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "monitoring": service{ Defaults: endpoint{ Protocols: []string{"http", "https"}, @@ -3581,6 +3818,15 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "acm-pca": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "api.ecr": service{ Endpoints: endpoints{ @@ -3626,6 +3872,7 @@ var awsusgovPartition = partition{ "athena": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -3675,6 +3922,12 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "codecommit": service{ + + Endpoints: endpoints{ + "us-gov-west-1": endpoint{}, + }, + }, "codedeploy": service{ Endpoints: endpoints{ @@ -3726,6 +3979,7 @@ var awsusgovPartition = partition{ "ds": service{ Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, }, @@ -3918,6 +4172,13 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "license-manager": service{ + + Endpoints: endpoints{ + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "logs": service{ Endpoints: endpoints{ @@ -3948,6 +4209,19 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "organizations": service{ + PartitionEndpoint: "aws-us-gov-global", + IsRegionalized: boxedFalse, + + Endpoints: endpoints{ + "aws-us-gov-global": endpoint{ + Hostname: "organizations.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + }, + }, "polly": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go index 000dd79e..ca8fc828 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go @@ -2,7 +2,7 @@ package endpoints // Service identifiers // -// Deprecated: Use client package's EndpointID value instead of these +// Deprecated: Use client package's EndpointsID value instead of these // ServiceIDs. These IDs are not maintained, and are out of date. const ( A4bServiceID = "a4b" // A4b. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 8f2eb3e4..19da3fcd 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -588,7 +588,7 @@ func shouldRetryCancel(err error) bool { return err.Temporary() case nil: // `awserr.Error.OrigErr()` can be nil, meaning there was an error but - // because we don't know the cause, it is marked as retriable. See + // because we don't know the cause, it is marked as retryable. See // TestRequest4xxUnretryable for an example. return true default: diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go index 8b6f2342..45509154 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go @@ -7,13 +7,18 @@ import ( "github.com/aws/aws-sdk-go/internal/sdkio" ) -// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should -// only be used with an io.Reader that is also an io.Seeker. Doing so may -// cause request signature errors, or request body's not sent for GET, HEAD -// and DELETE HTTP methods. +// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the +// SDK to accept an io.Reader that is not also an io.Seeker for unsigned +// streaming payload API operations. // -// Deprecated: Should only be used with io.ReadSeeker. If using for -// S3 PutObject to stream content use s3manager.Uploader instead. +// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API +// operation's input will prevent that operation being retried in the case of +// network errors, and cause operation requests to fail if the operation +// requires payload signing. +// +// Note: If using With S3 PutObject to stream an object upload The SDK's S3 +// Upload manager (s3manager.Uploader) provides support for streaming with the +// ability to retry network errors. func ReadSeekCloser(r io.Reader) ReaderSeekerCloser { return ReaderSeekerCloser{r} } @@ -43,7 +48,8 @@ func IsReaderSeekable(r io.Reader) bool { // Read reads from the reader up to size of p. The number of bytes read, and // error if it occurred will be returned. // -// If the reader is not an io.Reader zero bytes read, and nil error will be returned. +// If the reader is not an io.Reader zero bytes read, and nil error will be +// returned. // // Performs the same functionality as io.Reader Read func (r ReaderSeekerCloser) Read(p []byte) (int, error) { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 1d96f9c0..9ed1367d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.19.11" +const SDKVersion = "1.19.41" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index f9970337..e56dcee2 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go @@ -304,7 +304,9 @@ loop: stmt := newCommentStatement(tok) stack.Push(stmt) default: - return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok)) + return nil, NewParseError( + fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", + k, tok.Type())) } if len(tokens) > 0 { @@ -314,7 +316,7 @@ loop: // this occurs when a statement has not been completed if stack.top > 1 { - return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container)) + return nil, NewParseError(fmt.Sprintf("incomplete ini expression")) } // returns a sublist which excludes the start symbol diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go index 3104e6ce..50c5ed76 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/build.go @@ -21,7 +21,8 @@ func Build(r *request.Request) { "Version": {r.ClientInfo.APIVersion}, } if err := queryutil.Parse(body, r.Params, true); err != nil { - r.Error = awserr.New("SerializationError", "failed encoding EC2 Query request", err) + r.Error = awserr.New(request.ErrCodeSerialization, + "failed encoding EC2 Query request", err) } if !r.IsPresigned() { diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go index 5793c047..105d732f 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go @@ -4,7 +4,6 @@ package ec2query import ( "encoding/xml" - "io" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/request" @@ -28,7 +27,8 @@ func Unmarshal(r *request.Request) { err := xmlutil.UnmarshalXML(r.Data, decoder, "") if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed decoding EC2 Query response", err), + awserr.New(request.ErrCodeSerialization, + "failed decoding EC2 Query response", err), r.HTTPResponse.StatusCode, r.RequestID, ) @@ -39,7 +39,11 @@ func Unmarshal(r *request.Request) { // UnmarshalMeta unmarshals response headers for the EC2 protocol. func UnmarshalMeta(r *request.Request) { - // TODO implement unmarshaling of request IDs + r.RequestID = r.HTTPResponse.Header.Get("X-Amzn-Requestid") + if r.RequestID == "" { + // Alternative version of request id in the header + r.RequestID = r.HTTPResponse.Header.Get("X-Amz-Request-Id") + } } type xmlErrorResponse struct { @@ -53,19 +57,21 @@ type xmlErrorResponse struct { func UnmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() - resp := &xmlErrorResponse{} - err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp) - if err != nil && err != io.EOF { + var respErr xmlErrorResponse + err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body) + if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed decoding EC2 Query error response", err), + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal error message", err), r.HTTPResponse.StatusCode, r.RequestID, ) - } else { - r.Error = awserr.NewRequestFailure( - awserr.New(resp.Code, resp.Message, nil), - r.HTTPResponse.StatusCode, - resp.RequestID, - ) + return } + + r.Error = awserr.NewRequestFailure( + awserr.New(respErr.Code, respErr.Message, nil), + r.HTTPResponse.StatusCode, + respErr.RequestID, + ) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go index b11f3ee4..ea0da79a 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go @@ -1,6 +1,7 @@ package jsonutil import ( + "bytes" "encoding/base64" "encoding/json" "fmt" @@ -9,9 +10,30 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/private/protocol" ) +// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in +// type. The value to unmarshal the json document into must be a pointer to the +// type. +func UnmarshalJSONError(v interface{}, stream io.Reader) error { + var errBuf bytes.Buffer + body := io.TeeReader(stream, &errBuf) + + err := json.NewDecoder(body).Decode(v) + if err != nil { + msg := "failed decoding error message" + if err == io.EOF { + msg = "error message missing" + err = nil + } + return awserr.NewUnmarshalError(err, msg, errBuf.Bytes()) + } + + return nil +} + // UnmarshalJSON reads a stream and unmarshals the results in object v. func UnmarshalJSON(v interface{}, stream io.Reader) error { var out interface{} diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go index 36ceab08..bfedc9fd 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go @@ -6,8 +6,6 @@ package jsonrpc //go:generate go run -tags codegen ../../../models/protocol_tests/generate.go ../../../models/protocol_tests/output/json.json unmarshal_test.go import ( - "encoding/json" - "io" "strings" "github.com/aws/aws-sdk-go/aws/awserr" @@ -37,7 +35,7 @@ func Build(req *request.Request) { if req.ParamsFilled() { buf, err = jsonutil.BuildJSON(req.Params) if err != nil { - req.Error = awserr.New("SerializationError", "failed encoding JSON RPC request", err) + req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err) return } } else { @@ -68,7 +66,7 @@ func Unmarshal(req *request.Request) { err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body) if err != nil { req.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed decoding JSON RPC response", err), + awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err), req.HTTPResponse.StatusCode, req.RequestID, ) @@ -87,17 +85,11 @@ func UnmarshalError(req *request.Request) { defer req.HTTPResponse.Body.Close() var jsonErr jsonErrorResponse - err := json.NewDecoder(req.HTTPResponse.Body).Decode(&jsonErr) - if err == io.EOF { + err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body) + if err != nil { req.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", req.HTTPResponse.Status, nil), - req.HTTPResponse.StatusCode, - req.RequestID, - ) - return - } else if err != nil { - req.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed decoding JSON RPC error response", err), + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal error message", err), req.HTTPResponse.StatusCode, req.RequestID, ) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go index 60e5b09d..0cb99eb5 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go @@ -21,7 +21,7 @@ func Build(r *request.Request) { "Version": {r.ClientInfo.APIVersion}, } if err := queryutil.Parse(body, r.Params, false); err != nil { - r.Error = awserr.New("SerializationError", "failed encoding Query request", err) + r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err) return } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go index 3495c730..f69c1efc 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go @@ -24,7 +24,7 @@ func Unmarshal(r *request.Request) { err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result") if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed decoding Query response", err), + awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err), r.HTTPResponse.StatusCode, r.RequestID, ) diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go index 46d354e8..831b0110 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go @@ -2,73 +2,68 @@ package query import ( "encoding/xml" - "io/ioutil" + "fmt" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil" ) +// UnmarshalErrorHandler is a name request handler to unmarshal request errors +var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError} + type xmlErrorResponse struct { - XMLName xml.Name `xml:"ErrorResponse"` - Code string `xml:"Error>Code"` - Message string `xml:"Error>Message"` - RequestID string `xml:"RequestId"` + Code string `xml:"Error>Code"` + Message string `xml:"Error>Message"` + RequestID string `xml:"RequestId"` } -type xmlServiceUnavailableResponse struct { - XMLName xml.Name `xml:"ServiceUnavailableException"` +type xmlResponseError struct { + xmlErrorResponse } -// UnmarshalErrorHandler is a name request handler to unmarshal request errors -var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError} +func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { + const svcUnavailableTagName = "ServiceUnavailableException" + const errorResponseTagName = "ErrorResponse" + + switch start.Name.Local { + case svcUnavailableTagName: + e.Code = svcUnavailableTagName + e.Message = "service is unavailable" + return d.Skip() + + case errorResponseTagName: + return d.DecodeElement(&e.xmlErrorResponse, &start) + + default: + return fmt.Errorf("unknown error response tag, %v", start) + } +} // UnmarshalError unmarshals an error response for an AWS Query service. func UnmarshalError(r *request.Request) { defer r.HTTPResponse.Body.Close() - bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body) + var respErr xmlResponseError + err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body) if err != nil { r.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", "failed to read from query HTTP response body", err), + awserr.New(request.ErrCodeSerialization, + "failed to unmarshal error message", err), r.HTTPResponse.StatusCode, r.RequestID, ) return } - // First check for specific error - resp := xmlErrorResponse{} - decodeErr := xml.Unmarshal(bodyBytes, &resp) - if decodeErr == nil { - reqID := resp.RequestID - if reqID == "" { - reqID = r.RequestID - } - r.Error = awserr.NewRequestFailure( - awserr.New(resp.Code, resp.Message, nil), - r.HTTPResponse.StatusCode, - reqID, - ) - return - } - - // Check for unhandled error - servUnavailResp := xmlServiceUnavailableResponse{} - unavailErr := xml.Unmarshal(bodyBytes, &servUnavailResp) - if unavailErr == nil { - r.Error = awserr.NewRequestFailure( - awserr.New("ServiceUnavailableException", "service is unavailable", nil), - r.HTTPResponse.StatusCode, - r.RequestID, - ) - return + reqID := respErr.RequestID + if len(reqID) == 0 { + reqID = r.RequestID } - // Failed to retrieve any error message from the response body r.Error = awserr.NewRequestFailure( - awserr.New("SerializationError", - "failed to decode query XML error response", decodeErr), + awserr.New(respErr.Code, respErr.Message, nil), r.HTTPResponse.StatusCode, - r.RequestID, + reqID, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index b80f84fb..1301b149 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go @@ -25,6 +25,8 @@ var noEscape [256]bool var errValueNotSet = fmt.Errorf("value not set") +var byteSliceType = reflect.TypeOf([]byte{}) + func init() { for i := 0; i < len(noEscape); i++ { // AWS expects every character except these to be escaped @@ -94,6 +96,14 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo continue } + // Support the ability to customize values to be marshaled as a + // blob even though they were modeled as a string. Required for S3 + // API operations like SSECustomerKey is modeled as stirng but + // required to be base64 encoded in request. + if field.Tag.Get("marshal-as") == "blob" { + m = m.Convert(byteSliceType) + } + var err error switch field.Tag.Get("location") { case "headers": // header maps @@ -137,7 +147,7 @@ func buildBody(r *request.Request, v reflect.Value) { case string: r.SetStringBody(reader) default: - r.Error = awserr.New("SerializationError", + r.Error = awserr.New(request.ErrCodeSerialization, "failed to encode REST request", fmt.Errorf("unknown payload type %s", payload.Type())) } @@ -152,7 +162,7 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect. if err == errValueNotSet { return nil } else if err != nil { - return awserr.New("SerializationError", "failed to encode REST request", err) + return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) } name = strings.TrimSpace(name) @@ -170,7 +180,7 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag) if err == errValueNotSet { continue } else if err != nil { - return awserr.New("SerializationError", "failed to encode REST request", err) + return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) } keyStr := strings.TrimSpace(key.String()) @@ -186,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) e if err == errValueNotSet { return nil } else if err != nil { - return awserr.New("SerializationError", "failed to encode REST request", err) + return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) } u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1) @@ -219,7 +229,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec if err == errValueNotSet { return nil } else if err != nil { - return awserr.New("SerializationError", "failed to encode REST request", err) + return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) } query.Set(name, str) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go index 33fd53b1..de021367 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go @@ -57,7 +57,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { defer r.HTTPResponse.Body.Close() b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New("SerializationError", "failed to decode REST response", err) + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } else { payload.Set(reflect.ValueOf(b)) } @@ -65,7 +65,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { defer r.HTTPResponse.Body.Close() b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New("SerializationError", "failed to decode REST response", err) + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) } else { str := string(b) payload.Set(reflect.ValueOf(&str)) @@ -77,7 +77,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { case "io.ReadSeeker": b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { - r.Error = awserr.New("SerializationError", + r.Error = awserr.New(request.ErrCodeSerialization, "failed to read response body", err) return } @@ -85,7 +85,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { default: io.Copy(ioutil.Discard, r.HTTPResponse.Body) defer r.HTTPResponse.Body.Close() - r.Error = awserr.New("SerializationError", + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", fmt.Errorf("unknown payload type %s", payload.Type())) } @@ -115,14 +115,14 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) { case "header": err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag) if err != nil { - r.Error = awserr.New("SerializationError", "failed to decode REST response", err) + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) break } case "headers": prefix := field.Tag.Get("locationName") err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) if err != nil { - r.Error = awserr.New("SerializationError", "failed to decode REST response", err) + r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) break } } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go index ff1ef683..7108d380 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go @@ -1,6 +1,7 @@ package xmlutil import ( + "bytes" "encoding/base64" "encoding/xml" "fmt" @@ -10,9 +11,27 @@ import ( "strings" "time" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/private/protocol" ) +// UnmarshalXMLError unmarshals the XML error from the stream into the value +// type specified. The value must be a pointer. If the message fails to +// unmarshal, the message content will be included in the returned error as a +// awserr.UnmarshalError. +func UnmarshalXMLError(v interface{}, stream io.Reader) error { + var errBuf bytes.Buffer + body := io.TeeReader(stream, &errBuf) + + err := xml.NewDecoder(body).Decode(v) + if err != nil && err != io.EOF { + return awserr.NewUnmarshalError(err, + "failed to unmarshal error message", errBuf.Bytes()) + } + + return nil +} + // UnmarshalXML deserializes an xml.Decoder into the container v. V // needs to match the shape of the XML expected to be decoded. // If the shape doesn't match unmarshaling will fail. diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go index b086c93e..7ab3c049 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go @@ -290,8 +290,8 @@ func (c *EC2) AcceptVpcPeeringConnectionRequest(input *AcceptVpcPeeringConnectio // of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding // VPC peering connection requests. // -// For an inter-region VPC peering connection request, you must accept the VPC -// peering connection in the region of the accepter VPC. +// For an inter-Region VPC peering connection request, you must accept the VPC +// peering connection in the Region of the accepter VPC. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -474,7 +474,7 @@ func (c *EC2) AllocateAddressRequest(input *AllocateAddressInput) (req *request. // // An Elastic IP address is for use either in the EC2-Classic platform or in // a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic -// per region and 5 Elastic IP addresses for EC2-VPC per region. +// per Region and 5 Elastic IP addresses for EC2-VPC per Region. // // For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -2017,25 +2017,24 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [EC2-VPC only] Adds one or more egress rules to a security group for use -// with a VPC. Specifically, this action permits instances to send traffic to -// one or more destination IPv4 or IPv6 CIDR address ranges, or to one or more -// destination security groups for the same VPC. This action doesn't apply to -// security groups for use in EC2-Classic. For more information, see Security -// Groups for Your VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) -// in the Amazon Virtual Private Cloud User Guide. For more information about -// security group limits, see Amazon VPC Limits (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html). -// -// Each rule consists of the protocol (for example, TCP), plus either a CIDR -// range or a source group. For the TCP and UDP protocols, you must also specify -// the destination port or port range. For the ICMP protocol, you must also -// specify the ICMP type and code. You can use -1 for the type or code to mean -// all types or all codes. You can optionally specify a description for the -// rule. +// [VPC only] Adds the specified egress rules to a security group for use with +// a VPC. +// +// An outbound rule permits instances to send traffic to the specified IPv4 +// or IPv6 CIDR address ranges, or to the instances associated with the specified +// destination security groups. +// +// You specify a protocol for each rule (for example, TCP). For the TCP and +// UDP protocols, you must also specify the destination port or port range. +// For the ICMP protocol, you must also specify the ICMP type and code. You +// can use -1 for the type or code to mean all types or all codes. // // Rule changes are propagated to affected instances as quickly as possible. // However, a small delay might occur. // +// For more information about VPC security group limits, see Amazon VPC Limits +// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2109,25 +2108,22 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // AuthorizeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Adds one or more ingress rules to a security group. +// Adds the specified ingress rules to a security group. // -// Rule changes are propagated to instances within the security group as quickly -// as possible. However, a small delay might occur. +// An inbound rule permits instances to receive traffic from the specified IPv4 +// or IPv6 CIDR address ranges, or from the instances associated with the specified +// destination security groups. // -// [EC2-Classic] This action gives one or more IPv4 CIDR address ranges permission -// to access a security group in your account, or gives one or more security -// groups (called the source groups) permission to access a security group for -// your account. A source group can be for your own AWS account, or another. -// You can have up to 100 rules per group. +// You specify a protocol for each rule (for example, TCP). For TCP and UDP, +// you must also specify the destination port or port range. For ICMP/ICMPv6, +// you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean +// all types or all codes. // -// [EC2-VPC] This action gives one or more IPv4 or IPv6 CIDR address ranges -// permission to access a security group in your VPC, or gives one or more other -// security groups (called the source groups) permission to access a security -// group for your VPC. The security groups must all be for the same VPC or a -// peer VPC in a VPC peering connection. For more information about VPC security -// group limits, see Amazon VPC Limits (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html). +// Rule changes are propagated to instances within the security group as quickly +// as possible. However, a small delay might occur. // -// You can optionally specify a description for the security group rule. +// For more information about VPC security group limits, see Amazon VPC Limits +// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2982,7 +2978,7 @@ func (c *EC2) CopyFpgaImageRequest(input *CopyFpgaImageInput) (req *request.Requ // CopyFpgaImage API operation for Amazon Elastic Compute Cloud. // -// Copies the specified Amazon FPGA Image (AFI) to the current region. +// Copies the specified Amazon FPGA Image (AFI) to the current Region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3056,8 +3052,8 @@ func (c *EC2) CopyImageRequest(input *CopyImageInput) (req *request.Request, out // CopyImage API operation for Amazon Elastic Compute Cloud. // -// Initiates the copy of an AMI from the specified source region to the current -// region. You specify the destination region by using its endpoint when making +// Initiates the copy of an AMI from the specified source Region to the current +// Region. You specify the destination Region by using its endpoint when making // the request. // // Copies of encrypted backing snapshots for the AMI are encrypted. Copies of @@ -3409,8 +3405,8 @@ func (c *EC2) CreateClientVpnRouteRequest(input *CreateClientVpnRouteInput) (req // // Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint // has a route table that describes the available destination network routes. -// Each route in the route table specifies the path for traffic to specific resources -// or networks. +// Each route in the route table specifies the path for traffic to specific +// resources or networks. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3497,8 +3493,8 @@ func (c *EC2) CreateCustomerGatewayRequest(input *CreateCustomerGatewayInput) (r // a private ASN (in the 64512 - 65534 range). // // Amazon EC2 supports all 2-byte ASN numbers in the range of 1 - 65534, with -// the exception of 7224, which is reserved in the us-east-1 region, and 9059, -// which is reserved in the eu-west-1 region. +// the exception of 7224, which is reserved in the us-east-1 Region, and 9059, +// which is reserved in the eu-west-1 Region. // // For more information, see AWS Site-to-Site VPN (https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) // in the AWS Site-to-Site VPN User Guide. @@ -3759,7 +3755,7 @@ func (c *EC2) CreateDhcpOptionsRequest(input *CreateDhcpOptionsInput) (req *requ // domain-name-servers to a custom DNS server. // // * domain-name - If you're using AmazonProvidedDNS in us-east-1, specify -// ec2.internal. If you're using AmazonProvidedDNS in another region, specify +// ec2.internal. If you're using AmazonProvidedDNS in another Region, specify // region.compute.internal (for example, ap-northeast-1.compute.internal). // Otherwise, specify a domain name (for example, MyCompany.com). This value // is used to complete unqualified DNS hostnames. Important: Some Linux operating @@ -4109,8 +4105,8 @@ func (c *EC2) CreateFpgaImageRequest(input *CreateFpgaImageInput) (req *request. // use, check the output logs. // // An AFI contains the FPGA bitstream that is ready to download to an FPGA. -// You can securely deploy an AFI on one or more FPGA-accelerated instances. -// For more information, see the AWS FPGA Hardware Development Kit (https://github.com/aws/aws-fpga/). +// You can securely deploy an AFI on multiple FPGA-accelerated instances. For +// more information, see the AWS FPGA Hardware Development Kit (https://github.com/aws/aws-fpga/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4429,11 +4425,11 @@ func (c *EC2) CreateKeyPairRequest(input *CreateKeyPairInput) (req *request.Requ // private key is returned as an unencrypted PEM encoded PKCS#1 private key. // If a key with the specified name already exists, Amazon EC2 returns an error. // -// You can have up to five thousand key pairs per region. +// You can have up to five thousand key pairs per Region. // -// The key pair returned to you is available only in the region in which you +// The key pair returned to you is available only in the Region in which you // create it. If you prefer, you can create your own key pair using a third-party -// tool and upload it to any region using ImportKeyPair. +// tool and upload it to any Region using ImportKeyPair. // // For more information, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -5424,17 +5420,13 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // // Creates a security group. // -// A security group is for use with instances either in the EC2-Classic platform -// or in a specific VPC. For more information, see Amazon EC2 Security Groups -// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) +// A security group acts as a virtual firewall for your instance to control +// inbound and outbound traffic. For more information, see Amazon EC2 Security +// Groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) // in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your // VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html) // in the Amazon Virtual Private Cloud User Guide. // -// EC2-Classic: You can have up to 500 security groups. -// -// EC2-VPC: You can create up to 500 security groups per VPC. -// // When you create a security group, you specify a friendly name of your choice. // You can have a security group for use in EC2-Classic with the same name as // a security group for use in a VPC. However, you can't have two security groups @@ -5450,6 +5442,9 @@ func (c *EC2) CreateSecurityGroupRequest(input *CreateSecurityGroupInput) (req * // You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, // AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. // +// For more information about VPC security group limits, see Amazon VPC Limits +// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5583,6 +5578,83 @@ func (c *EC2) CreateSnapshotWithContext(ctx aws.Context, input *CreateSnapshotIn return out, req.Send() } +const opCreateSnapshots = "CreateSnapshots" + +// CreateSnapshotsRequest generates a "aws/request.Request" representing the +// client's request for the CreateSnapshots operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSnapshots for more information on using the CreateSnapshots +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateSnapshotsRequest method. +// req, resp := client.CreateSnapshotsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSnapshots +func (c *EC2) CreateSnapshotsRequest(input *CreateSnapshotsInput) (req *request.Request, output *CreateSnapshotsOutput) { + op := &request.Operation{ + Name: opCreateSnapshots, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateSnapshotsInput{} + } + + output = &CreateSnapshotsOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSnapshots API operation for Amazon Elastic Compute Cloud. +// +// Creates crash-consistent snapshots of multiple EBS volumes and stores the +// data in S3. Volumes are chosen by specifying an instance. Any attached volumes +// will produce one snapshot each that is crash-consistent across the instance. +// Boot volumes can be excluded by changing the paramaters. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation CreateSnapshots for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateSnapshots +func (c *EC2) CreateSnapshots(input *CreateSnapshotsInput) (*CreateSnapshotsOutput, error) { + req, out := c.CreateSnapshotsRequest(input) + return out, req.Send() +} + +// CreateSnapshotsWithContext is the same as CreateSnapshots with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSnapshots for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) CreateSnapshotsWithContext(ctx aws.Context, input *CreateSnapshotsInput, opts ...request.Option) (*CreateSnapshotsOutput, error) { + req, out := c.CreateSnapshotsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateSpotDatafeedSubscription = "CreateSpotDatafeedSubscription" // CreateSpotDatafeedSubscriptionRequest generates a "aws/request.Request" representing the @@ -5805,7 +5877,7 @@ func (c *EC2) CreateTagsRequest(input *CreateTagsInput) (req *request.Request, o // CreateTags API operation for Amazon Elastic Compute Cloud. // -// Adds or overwrites one or more tags for the specified Amazon EC2 resource +// Adds or overwrites the specified tags for the specified Amazon EC2 resource // or resources. Each resource can have a maximum of 50 tags. Each tag consists // of a key and optional value. Tag keys must be unique per resource. // @@ -6735,7 +6807,7 @@ func (c *EC2) CreateVpnConnectionRequest(input *CreateVpnConnectionInput) (req * // CreateVpnConnection API operation for Amazon Elastic Compute Cloud. // // Creates a VPN connection between an existing virtual private gateway and -// a VPN customer gateway. The only supported connection type is ipsec.1. +// a VPN customer gateway. The supported connection types are ipsec.1 and ipsec.2. // // The response includes information that you need to give to your network administrator // to configure your customer gateway. @@ -10167,7 +10239,7 @@ func (c *EC2) DescribeAddressesRequest(input *DescribeAddressesInput) (req *requ // DescribeAddresses API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your Elastic IP addresses. +// Describes the specified Elastic IP addresses or all of your Elastic IP addresses. // // An Elastic IP address is for use in either the EC2-Classic platform or in // a VPC. For more information, see Elastic IP Addresses (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) @@ -10246,8 +10318,8 @@ func (c *EC2) DescribeAggregateIdFormatRequest(input *DescribeAggregateIdFormatI // DescribeAggregateIdFormat API operation for Amazon Elastic Compute Cloud. // // Describes the longer ID format settings for all resource types in a specific -// region. This request is useful for performing a quick audit to determine -// whether a specific region is fully opted in for longer IDs (17-character +// Region. This request is useful for performing a quick audit to determine +// whether a specific Region is fully opted in for longer IDs (17-character // IDs). // // This request only returns information about resource types that support longer @@ -10333,10 +10405,10 @@ func (c *EC2) DescribeAvailabilityZonesRequest(input *DescribeAvailabilityZonesI // DescribeAvailabilityZones API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of the Availability Zones that are available to you. -// The results include zones only for the region you're currently using. If -// there is an event impacting an Availability Zone, you can use this request -// to view the state and any provided message for that Availability Zone. +// Describes the Availability Zones that are available to you. The results include +// zones only for the Region you're currently using. If there is an event impacting +// an Availability Zone, you can use this request to view the state and any +// provided message for that Availability Zone. // // For more information, see Regions and Availability Zones (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -10413,7 +10485,7 @@ func (c *EC2) DescribeBundleTasksRequest(input *DescribeBundleTasksInput) (req * // DescribeBundleTasks API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your bundling tasks. +// Describes the specified bundle tasks or all of your bundle tasks. // // Completed bundle tasks are listed for only a limited time. If your bundle // task is no longer in the list, you can still register an AMI from it. Just @@ -10542,7 +10614,7 @@ func (c *EC2) DescribeByoipCidrsWithContext(ctx aws.Context, input *DescribeByoi // // Example iterating over at most 3 pages of a DescribeByoipCidrs operation. // pageNum := 0 // err := client.DescribeByoipCidrsPages(params, -// func(page *DescribeByoipCidrsOutput, lastPage bool) bool { +// func(page *ec2.DescribeByoipCidrsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -10673,7 +10745,7 @@ func (c *EC2) DescribeCapacityReservationsWithContext(ctx aws.Context, input *De // // Example iterating over at most 3 pages of a DescribeCapacityReservations operation. // pageNum := 0 // err := client.DescribeCapacityReservationsPages(params, -// func(page *DescribeCapacityReservationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeCapacityReservationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -10806,7 +10878,7 @@ func (c *EC2) DescribeClassicLinkInstancesWithContext(ctx aws.Context, input *De // // Example iterating over at most 3 pages of a DescribeClassicLinkInstances operation. // pageNum := 0 // err := client.DescribeClassicLinkInstancesPages(params, -// func(page *DescribeClassicLinkInstancesOutput, lastPage bool) bool { +// func(page *ec2.DescribeClassicLinkInstancesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -10936,7 +11008,7 @@ func (c *EC2) DescribeClientVpnAuthorizationRulesWithContext(ctx aws.Context, in // // Example iterating over at most 3 pages of a DescribeClientVpnAuthorizationRules operation. // pageNum := 0 // err := client.DescribeClientVpnAuthorizationRulesPages(params, -// func(page *DescribeClientVpnAuthorizationRulesOutput, lastPage bool) bool { +// func(page *ec2.DescribeClientVpnAuthorizationRulesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11067,7 +11139,7 @@ func (c *EC2) DescribeClientVpnConnectionsWithContext(ctx aws.Context, input *De // // Example iterating over at most 3 pages of a DescribeClientVpnConnections operation. // pageNum := 0 // err := client.DescribeClientVpnConnectionsPages(params, -// func(page *DescribeClientVpnConnectionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeClientVpnConnectionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11197,7 +11269,7 @@ func (c *EC2) DescribeClientVpnEndpointsWithContext(ctx aws.Context, input *Desc // // Example iterating over at most 3 pages of a DescribeClientVpnEndpoints operation. // pageNum := 0 // err := client.DescribeClientVpnEndpointsPages(params, -// func(page *DescribeClientVpnEndpointsOutput, lastPage bool) bool { +// func(page *ec2.DescribeClientVpnEndpointsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11327,7 +11399,7 @@ func (c *EC2) DescribeClientVpnRoutesWithContext(ctx aws.Context, input *Describ // // Example iterating over at most 3 pages of a DescribeClientVpnRoutes operation. // pageNum := 0 // err := client.DescribeClientVpnRoutesPages(params, -// func(page *DescribeClientVpnRoutesOutput, lastPage bool) bool { +// func(page *ec2.DescribeClientVpnRoutesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11457,7 +11529,7 @@ func (c *EC2) DescribeClientVpnTargetNetworksWithContext(ctx aws.Context, input // // Example iterating over at most 3 pages of a DescribeClientVpnTargetNetworks operation. // pageNum := 0 // err := client.DescribeClientVpnTargetNetworksPages(params, -// func(page *DescribeClientVpnTargetNetworksOutput, lastPage bool) bool { +// func(page *ec2.DescribeClientVpnTargetNetworksOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11540,8 +11612,8 @@ func (c *EC2) DescribeConversionTasksRequest(input *DescribeConversionTasksInput // DescribeConversionTasks API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your conversion tasks. For more information, see -// the VM Import/Export User Guide (https://docs.aws.amazon.com/vm-import/latest/userguide/). +// Describes the specified conversion tasks or all your conversion tasks. For +// more information, see the VM Import/Export User Guide (https://docs.aws.amazon.com/vm-import/latest/userguide/). // // For information about the import manifest referenced by this API action, // see VM Import Manifest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). @@ -11682,6 +11754,12 @@ func (c *EC2) DescribeDhcpOptionsRequest(input *DescribeDhcpOptionsInput) (req * Name: opDescribeDhcpOptions, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -11728,6 +11806,56 @@ func (c *EC2) DescribeDhcpOptionsWithContext(ctx aws.Context, input *DescribeDhc return out, req.Send() } +// DescribeDhcpOptionsPages iterates over the pages of a DescribeDhcpOptions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeDhcpOptions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeDhcpOptions operation. +// pageNum := 0 +// err := client.DescribeDhcpOptionsPages(params, +// func(page *ec2.DescribeDhcpOptionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeDhcpOptionsPages(input *DescribeDhcpOptionsInput, fn func(*DescribeDhcpOptionsOutput, bool) bool) error { + return c.DescribeDhcpOptionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeDhcpOptionsPagesWithContext same as DescribeDhcpOptionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeDhcpOptionsPagesWithContext(ctx aws.Context, input *DescribeDhcpOptionsInput, fn func(*DescribeDhcpOptionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeDhcpOptionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDhcpOptionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*DescribeDhcpOptionsOutput), !p.HasNextPage()) + } + return p.Err() +} + const opDescribeEgressOnlyInternetGateways = "DescribeEgressOnlyInternetGateways" // DescribeEgressOnlyInternetGatewaysRequest generates a "aws/request.Request" representing the @@ -11819,7 +11947,7 @@ func (c *EC2) DescribeEgressOnlyInternetGatewaysWithContext(ctx aws.Context, inp // // Example iterating over at most 3 pages of a DescribeEgressOnlyInternetGateways operation. // pageNum := 0 // err := client.DescribeEgressOnlyInternetGatewaysPages(params, -// func(page *DescribeEgressOnlyInternetGatewaysOutput, lastPage bool) bool { +// func(page *ec2.DescribeEgressOnlyInternetGatewaysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -11978,7 +12106,7 @@ func (c *EC2) DescribeExportTasksRequest(input *DescribeExportTasksInput) (req * // DescribeExportTasks API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your export tasks. +// Describes the specified export tasks or all your export tasks. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12206,7 +12334,7 @@ func (c *EC2) DescribeFleetsRequest(input *DescribeFleetsInput) (req *request.Re // DescribeFleets API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your EC2 Fleets. +// Describes the specified EC2 Fleets or all your EC2 Fleets. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12247,7 +12375,7 @@ func (c *EC2) DescribeFleetsWithContext(ctx aws.Context, input *DescribeFleetsIn // // Example iterating over at most 3 pages of a DescribeFleets operation. // pageNum := 0 // err := client.DescribeFleetsPages(params, -// func(page *DescribeFleetsOutput, lastPage bool) bool { +// func(page *ec2.DescribeFleetsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -12379,7 +12507,7 @@ func (c *EC2) DescribeFlowLogsWithContext(ctx aws.Context, input *DescribeFlowLo // // Example iterating over at most 3 pages of a DescribeFlowLogs operation. // pageNum := 0 // err := client.DescribeFlowLogsPages(params, -// func(page *DescribeFlowLogsOutput, lastPage bool) bool { +// func(page *ec2.DescribeFlowLogsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -12542,9 +12670,9 @@ func (c *EC2) DescribeFpgaImagesRequest(input *DescribeFpgaImagesInput) (req *re // DescribeFpgaImages API operation for Amazon Elastic Compute Cloud. // -// Describes one or more available Amazon FPGA Images (AFIs). These include -// public AFIs, private AFIs that you own, and AFIs owned by other AWS accounts -// for which you have load permissions. +// Describes the Amazon FPGA Images (AFIs) available to you. These include public +// AFIs, private AFIs that you own, and AFIs owned by other AWS accounts for +// which you have load permissions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12585,7 +12713,7 @@ func (c *EC2) DescribeFpgaImagesWithContext(ctx aws.Context, input *DescribeFpga // // Example iterating over at most 3 pages of a DescribeFpgaImages operation. // pageNum := 0 // err := client.DescribeFpgaImagesPages(params, -// func(page *DescribeFpgaImagesOutput, lastPage bool) bool { +// func(page *ec2.DescribeFpgaImagesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -12723,7 +12851,7 @@ func (c *EC2) DescribeHostReservationOfferingsWithContext(ctx aws.Context, input // // Example iterating over at most 3 pages of a DescribeHostReservationOfferings operation. // pageNum := 0 // err := client.DescribeHostReservationOfferingsPages(params, -// func(page *DescribeHostReservationOfferingsOutput, lastPage bool) bool { +// func(page *ec2.DescribeHostReservationOfferingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -12853,7 +12981,7 @@ func (c *EC2) DescribeHostReservationsWithContext(ctx aws.Context, input *Descri // // Example iterating over at most 3 pages of a DescribeHostReservations operation. // pageNum := 0 // err := client.DescribeHostReservationsPages(params, -// func(page *DescribeHostReservationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeHostReservationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -12942,7 +13070,7 @@ func (c *EC2) DescribeHostsRequest(input *DescribeHostsInput) (req *request.Requ // DescribeHosts API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your Dedicated Hosts. +// Describes the specified Dedicated Hosts or all your Dedicated Hosts. // // The results describe only the Dedicated Hosts in the Region you're currently // using. All listed instances consume capacity on your Dedicated Host. Dedicated @@ -12987,7 +13115,7 @@ func (c *EC2) DescribeHostsWithContext(ctx aws.Context, input *DescribeHostsInpu // // Example iterating over at most 3 pages of a DescribeHosts operation. // pageNum := 0 // err := client.DescribeHostsPages(params, -// func(page *DescribeHostsOutput, lastPage bool) bool { +// func(page *ec2.DescribeHostsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -13117,7 +13245,7 @@ func (c *EC2) DescribeIamInstanceProfileAssociationsWithContext(ctx aws.Context, // // Example iterating over at most 3 pages of a DescribeIamInstanceProfileAssociations operation. // pageNum := 0 // err := client.DescribeIamInstanceProfileAssociationsPages(params, -// func(page *DescribeIamInstanceProfileAssociationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeIamInstanceProfileAssociationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -13200,7 +13328,7 @@ func (c *EC2) DescribeIdFormatRequest(input *DescribeIdFormatInput) (req *reques // DescribeIdFormat API operation for Amazon Elastic Compute Cloud. // -// Describes the ID format settings for your resources on a per-region basis, +// Describes the ID format settings for your resources on a per-Region basis, // for example, to view which resource types are enabled for longer IDs. This // request only returns information about resource types whose ID formats can // be modified; it does not return information about other resource types. @@ -13457,13 +13585,17 @@ func (c *EC2) DescribeImagesRequest(input *DescribeImagesInput) (req *request.Re // DescribeImages API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. -// Images available to you include public images, private images that you own, -// and private images owned by other AWS accounts but for which you have explicit +// Describes the specified images (AMIs, AKIs, and ARIs) available to you or +// all of the images available to you. +// +// The images available to you include public images, private images that you +// own, and private images owned by other AWS accounts for which you have explicit // launch permissions. // -// Deregistered images are included in the returned results for an unspecified -// interval after deregistration. +// Recently deregistered images appear in the returned results for a short interval +// and then return empty results. After all instances that reference a deregistered +// AMI are terminated, specifying the ID of the image results in an error indicating +// that the AMI ID cannot be found. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13585,7 +13717,7 @@ func (c *EC2) DescribeImportImageTasksWithContext(ctx aws.Context, input *Descri // // Example iterating over at most 3 pages of a DescribeImportImageTasks operation. // pageNum := 0 // err := client.DescribeImportImageTasksPages(params, -// func(page *DescribeImportImageTasksOutput, lastPage bool) bool { +// func(page *ec2.DescribeImportImageTasksOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -13715,7 +13847,7 @@ func (c *EC2) DescribeImportSnapshotTasksWithContext(ctx aws.Context, input *Des // // Example iterating over at most 3 pages of a DescribeImportSnapshotTasks operation. // pageNum := 0 // err := client.DescribeImportSnapshotTasksPages(params, -// func(page *DescribeImportSnapshotTasksOutput, lastPage bool) bool { +// func(page *ec2.DescribeImportSnapshotTasksOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -13882,8 +14014,8 @@ func (c *EC2) DescribeInstanceCreditSpecificationsRequest(input *DescribeInstanc // DescribeInstanceCreditSpecifications API operation for Amazon Elastic Compute Cloud. // -// Describes the credit option for CPU usage of one or more of your T2 or T3 -// instances. The credit options are standard and unlimited. +// Describes the credit option for CPU usage of the specified T2 or T3 instances. +// The credit options are standard and unlimited. // // If you do not specify an instance ID, Amazon EC2 returns T2 and T3 instances // with the unlimited credit option, as well as instances that were previously @@ -13946,7 +14078,7 @@ func (c *EC2) DescribeInstanceCreditSpecificationsWithContext(ctx aws.Context, i // // Example iterating over at most 3 pages of a DescribeInstanceCreditSpecifications operation. // pageNum := 0 // err := client.DescribeInstanceCreditSpecificationsPages(params, -// func(page *DescribeInstanceCreditSpecificationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeInstanceCreditSpecificationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14035,9 +14167,9 @@ func (c *EC2) DescribeInstanceStatusRequest(input *DescribeInstanceStatusInput) // DescribeInstanceStatus API operation for Amazon Elastic Compute Cloud. // -// Describes the status of one or more instances. By default, only running instances -// are described, unless you specifically indicate to return the status of all -// instances. +// Describes the status of the specified instances or all of your instances. +// By default, only running instances are described, unless you specifically +// indicate to return the status of all instances. // // Instance status includes the following components: // @@ -14097,7 +14229,7 @@ func (c *EC2) DescribeInstanceStatusWithContext(ctx aws.Context, input *Describe // // Example iterating over at most 3 pages of a DescribeInstanceStatus operation. // pageNum := 0 // err := client.DescribeInstanceStatusPages(params, -// func(page *DescribeInstanceStatusOutput, lastPage bool) bool { +// func(page *ec2.DescribeInstanceStatusOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14186,7 +14318,7 @@ func (c *EC2) DescribeInstancesRequest(input *DescribeInstancesInput) (req *requ // DescribeInstances API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your instances. +// Describes the specified instances or all of your instances. // // If you specify one or more instance IDs, Amazon EC2 returns information for // those instances. If you do not specify instance IDs, Amazon EC2 returns information @@ -14242,7 +14374,7 @@ func (c *EC2) DescribeInstancesWithContext(ctx aws.Context, input *DescribeInsta // // Example iterating over at most 3 pages of a DescribeInstances operation. // pageNum := 0 // err := client.DescribeInstancesPages(params, -// func(page *DescribeInstancesOutput, lastPage bool) bool { +// func(page *ec2.DescribeInstancesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14372,7 +14504,7 @@ func (c *EC2) DescribeInternetGatewaysWithContext(ctx aws.Context, input *Descri // // Example iterating over at most 3 pages of a DescribeInternetGateways operation. // pageNum := 0 // err := client.DescribeInternetGatewaysPages(params, -// func(page *DescribeInternetGatewaysOutput, lastPage bool) bool { +// func(page *ec2.DescribeInternetGatewaysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14455,7 +14587,7 @@ func (c *EC2) DescribeKeyPairsRequest(input *DescribeKeyPairsInput) (req *reques // DescribeKeyPairs API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your key pairs. +// Describes the specified key pairs or all of your key pairs. // // For more information about key pairs, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -14580,7 +14712,7 @@ func (c *EC2) DescribeLaunchTemplateVersionsWithContext(ctx aws.Context, input * // // Example iterating over at most 3 pages of a DescribeLaunchTemplateVersions operation. // pageNum := 0 // err := client.DescribeLaunchTemplateVersionsPages(params, -// func(page *DescribeLaunchTemplateVersionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeLaunchTemplateVersionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14710,7 +14842,7 @@ func (c *EC2) DescribeLaunchTemplatesWithContext(ctx aws.Context, input *Describ // // Example iterating over at most 3 pages of a DescribeLaunchTemplates operation. // pageNum := 0 // err := client.DescribeLaunchTemplatesPages(params, -// func(page *DescribeLaunchTemplatesOutput, lastPage bool) bool { +// func(page *ec2.DescribeLaunchTemplatesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14842,7 +14974,7 @@ func (c *EC2) DescribeMovingAddressesWithContext(ctx aws.Context, input *Describ // // Example iterating over at most 3 pages of a DescribeMovingAddresses operation. // pageNum := 0 // err := client.DescribeMovingAddressesPages(params, -// func(page *DescribeMovingAddressesOutput, lastPage bool) bool { +// func(page *ec2.DescribeMovingAddressesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -14972,7 +15104,7 @@ func (c *EC2) DescribeNatGatewaysWithContext(ctx aws.Context, input *DescribeNat // // Example iterating over at most 3 pages of a DescribeNatGateways operation. // pageNum := 0 // err := client.DescribeNatGatewaysPages(params, -// func(page *DescribeNatGatewaysOutput, lastPage bool) bool { +// func(page *ec2.DescribeNatGatewaysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15105,7 +15237,7 @@ func (c *EC2) DescribeNetworkAclsWithContext(ctx aws.Context, input *DescribeNet // // Example iterating over at most 3 pages of a DescribeNetworkAcls operation. // pageNum := 0 // err := client.DescribeNetworkAclsPages(params, -// func(page *DescribeNetworkAclsOutput, lastPage bool) bool { +// func(page *ec2.DescribeNetworkAclsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15310,7 +15442,7 @@ func (c *EC2) DescribeNetworkInterfacePermissionsWithContext(ctx aws.Context, in // // Example iterating over at most 3 pages of a DescribeNetworkInterfacePermissions operation. // pageNum := 0 // err := client.DescribeNetworkInterfacePermissionsPages(params, -// func(page *DescribeNetworkInterfacePermissionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeNetworkInterfacePermissionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15440,7 +15572,7 @@ func (c *EC2) DescribeNetworkInterfacesWithContext(ctx aws.Context, input *Descr // // Example iterating over at most 3 pages of a DescribeNetworkInterfaces operation. // pageNum := 0 // err := client.DescribeNetworkInterfacesPages(params, -// func(page *DescribeNetworkInterfacesOutput, lastPage bool) bool { +// func(page *ec2.DescribeNetworkInterfacesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15523,8 +15655,8 @@ func (c *EC2) DescribePlacementGroupsRequest(input *DescribePlacementGroupsInput // DescribePlacementGroups API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your placement groups. For more information, see -// Placement Groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) +// Describes the specified placement groups or all of your placement groups. +// For more information, see Placement Groups (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) // in the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -15651,7 +15783,7 @@ func (c *EC2) DescribePrefixListsWithContext(ctx aws.Context, input *DescribePre // // Example iterating over at most 3 pages of a DescribePrefixLists operation. // pageNum := 0 // err := client.DescribePrefixListsPages(params, -// func(page *DescribePrefixListsOutput, lastPage bool) bool { +// func(page *ec2.DescribePrefixListsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15795,7 +15927,7 @@ func (c *EC2) DescribePrincipalIdFormatWithContext(ctx aws.Context, input *Descr // // Example iterating over at most 3 pages of a DescribePrincipalIdFormat operation. // pageNum := 0 // err := client.DescribePrincipalIdFormatPages(params, -// func(page *DescribePrincipalIdFormatOutput, lastPage bool) bool { +// func(page *ec2.DescribePrincipalIdFormatOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -15925,7 +16057,7 @@ func (c *EC2) DescribePublicIpv4PoolsWithContext(ctx aws.Context, input *Describ // // Example iterating over at most 3 pages of a DescribePublicIpv4Pools operation. // pageNum := 0 // err := client.DescribePublicIpv4PoolsPages(params, -// func(page *DescribePublicIpv4PoolsOutput, lastPage bool) bool { +// func(page *ec2.DescribePublicIpv4PoolsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16008,9 +16140,13 @@ func (c *EC2) DescribeRegionsRequest(input *DescribeRegionsInput) (req *request. // DescribeRegions API operation for Amazon Elastic Compute Cloud. // -// Describes one or more regions that are currently available to you. +// Describes the Regions that are currently available to you. The API returns +// a list of all the Regions, including Regions that are disabled for your account. +// For information about enabling Regions for your account, see Enabling and +// Disabling Regions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/manage-account-payment.html#manage-account-payment-enable-disable-regions) +// in the AWS Billing and Cost Management User Guide. // -// For a list of the regions supported by Amazon EC2, see Regions and Endpoints +// For a list of the Regions supported by Amazon EC2, see Regions and Endpoints // (https://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -16310,7 +16446,7 @@ func (c *EC2) DescribeReservedInstancesModificationsWithContext(ctx aws.Context, // // Example iterating over at most 3 pages of a DescribeReservedInstancesModifications operation. // pageNum := 0 // err := client.DescribeReservedInstancesModificationsPages(params, -// func(page *DescribeReservedInstancesModificationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeReservedInstancesModificationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16451,7 +16587,7 @@ func (c *EC2) DescribeReservedInstancesOfferingsWithContext(ctx aws.Context, inp // // Example iterating over at most 3 pages of a DescribeReservedInstancesOfferings operation. // pageNum := 0 // err := client.DescribeReservedInstancesOfferingsPages(params, -// func(page *DescribeReservedInstancesOfferingsOutput, lastPage bool) bool { +// func(page *ec2.DescribeReservedInstancesOfferingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16589,7 +16725,7 @@ func (c *EC2) DescribeRouteTablesWithContext(ctx aws.Context, input *DescribeRou // // Example iterating over at most 3 pages of a DescribeRouteTables operation. // pageNum := 0 // err := client.DescribeRouteTablesPages(params, -// func(page *DescribeRouteTablesOutput, lastPage bool) bool { +// func(page *ec2.DescribeRouteTablesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16727,7 +16863,7 @@ func (c *EC2) DescribeScheduledInstanceAvailabilityWithContext(ctx aws.Context, // // Example iterating over at most 3 pages of a DescribeScheduledInstanceAvailability operation. // pageNum := 0 // err := client.DescribeScheduledInstanceAvailabilityPages(params, -// func(page *DescribeScheduledInstanceAvailabilityOutput, lastPage bool) bool { +// func(page *ec2.DescribeScheduledInstanceAvailabilityOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16816,7 +16952,7 @@ func (c *EC2) DescribeScheduledInstancesRequest(input *DescribeScheduledInstance // DescribeScheduledInstances API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your Scheduled Instances. +// Describes the specified Scheduled Instances or all your Scheduled Instances. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16857,7 +16993,7 @@ func (c *EC2) DescribeScheduledInstancesWithContext(ctx aws.Context, input *Desc // // Example iterating over at most 3 pages of a DescribeScheduledInstances operation. // pageNum := 0 // err := client.DescribeScheduledInstancesPages(params, -// func(page *DescribeScheduledInstancesOutput, lastPage bool) bool { +// func(page *ec2.DescribeScheduledInstancesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -16940,7 +17076,7 @@ func (c *EC2) DescribeSecurityGroupReferencesRequest(input *DescribeSecurityGrou // DescribeSecurityGroupReferences API operation for Amazon Elastic Compute Cloud. // -// [EC2-VPC only] Describes the VPCs on the other side of a VPC peering connection +// [VPC only] Describes the VPCs on the other side of a VPC peering connection // that are referencing the security groups you've specified in this request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -17021,7 +17157,7 @@ func (c *EC2) DescribeSecurityGroupsRequest(input *DescribeSecurityGroupsInput) // DescribeSecurityGroups API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of your security groups. +// Describes the specified security groups or all of your security groups. // // A security group is for use with instances either in the EC2-Classic platform // or in a specific VPC. For more information, see Amazon EC2 Security Groups @@ -17069,7 +17205,7 @@ func (c *EC2) DescribeSecurityGroupsWithContext(ctx aws.Context, input *Describe // // Example iterating over at most 3 pages of a DescribeSecurityGroups operation. // pageNum := 0 // err := client.DescribeSecurityGroupsPages(params, -// func(page *DescribeSecurityGroupsOutput, lastPage bool) bool { +// func(page *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -17236,10 +17372,12 @@ func (c *EC2) DescribeSnapshotsRequest(input *DescribeSnapshotsInput) (req *requ // DescribeSnapshots API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of the EBS snapshots available to you. Available snapshots -// include public snapshots available for use by any AWS account, private snapshots -// that you own, and private snapshots owned by another AWS account for which -// you've been given explicit create volume permissions. +// Describes the specified EBS snapshots available to you or all of the EBS +// snapshots available to you. +// +// The snapshots available to you include public snapshots, private snapshots +// that you own, and private snapshots owned by other AWS accounts for which +// you have explicit create volume permissions. // // The create volume permissions fall into the following categories: // @@ -17322,7 +17460,7 @@ func (c *EC2) DescribeSnapshotsWithContext(ctx aws.Context, input *DescribeSnaps // // Example iterating over at most 3 pages of a DescribeSnapshots operation. // pageNum := 0 // err := client.DescribeSnapshotsPages(params, -// func(page *DescribeSnapshotsOutput, lastPage bool) bool { +// func(page *ec2.DescribeSnapshotsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -17684,7 +17822,7 @@ func (c *EC2) DescribeSpotFleetRequestsWithContext(ctx aws.Context, input *Descr // // Example iterating over at most 3 pages of a DescribeSpotFleetRequests operation. // pageNum := 0 // err := client.DescribeSpotFleetRequestsPages(params, -// func(page *DescribeSpotFleetRequestsOutput, lastPage bool) bool { +// func(page *ec2.DescribeSpotFleetRequestsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -17830,7 +17968,7 @@ func (c *EC2) DescribeSpotInstanceRequestsWithContext(ctx aws.Context, input *De // // Example iterating over at most 3 pages of a DescribeSpotInstanceRequests operation. // pageNum := 0 // err := client.DescribeSpotInstanceRequestsPages(params, -// func(page *DescribeSpotInstanceRequestsOutput, lastPage bool) bool { +// func(page *ec2.DescribeSpotInstanceRequestsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -17967,7 +18105,7 @@ func (c *EC2) DescribeSpotPriceHistoryWithContext(ctx aws.Context, input *Descri // // Example iterating over at most 3 pages of a DescribeSpotPriceHistory operation. // pageNum := 0 // err := client.DescribeSpotPriceHistoryPages(params, -// func(page *DescribeSpotPriceHistoryOutput, lastPage bool) bool { +// func(page *ec2.DescribeSpotPriceHistoryOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18056,10 +18194,10 @@ func (c *EC2) DescribeStaleSecurityGroupsRequest(input *DescribeStaleSecurityGro // DescribeStaleSecurityGroups API operation for Amazon Elastic Compute Cloud. // -// [EC2-VPC only] Describes the stale security group rules for security groups -// in a specified VPC. Rules are stale when they reference a deleted security -// group in a peer VPC, or a security group in a peer VPC for which the VPC -// peering connection has been deleted. +// [VPC only] Describes the stale security group rules for security groups in +// a specified VPC. Rules are stale when they reference a deleted security group +// in a peer VPC, or a security group in a peer VPC for which the VPC peering +// connection has been deleted. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -18100,7 +18238,7 @@ func (c *EC2) DescribeStaleSecurityGroupsWithContext(ctx aws.Context, input *Des // // Example iterating over at most 3 pages of a DescribeStaleSecurityGroups operation. // pageNum := 0 // err := client.DescribeStaleSecurityGroupsPages(params, -// func(page *DescribeStaleSecurityGroupsOutput, lastPage bool) bool { +// func(page *ec2.DescribeStaleSecurityGroupsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18170,6 +18308,12 @@ func (c *EC2) DescribeSubnetsRequest(input *DescribeSubnetsInput) (req *request. Name: opDescribeSubnets, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { @@ -18216,6 +18360,56 @@ func (c *EC2) DescribeSubnetsWithContext(ctx aws.Context, input *DescribeSubnets return out, req.Send() } +// DescribeSubnetsPages iterates over the pages of a DescribeSubnets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeSubnets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeSubnets operation. +// pageNum := 0 +// err := client.DescribeSubnetsPages(params, +// func(page *ec2.DescribeSubnetsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeSubnetsPages(input *DescribeSubnetsInput, fn func(*DescribeSubnetsOutput, bool) bool) error { + return c.DescribeSubnetsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeSubnetsPagesWithContext same as DescribeSubnetsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSubnetsPagesWithContext(ctx aws.Context, input *DescribeSubnetsInput, fn func(*DescribeSubnetsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeSubnetsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSubnetsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + cont := true + for p.Next() && cont { + cont = fn(p.Page().(*DescribeSubnetsOutput), !p.HasNextPage()) + } + return p.Err() +} + const opDescribeTags = "DescribeTags" // DescribeTagsRequest generates a "aws/request.Request" representing the @@ -18266,7 +18460,7 @@ func (c *EC2) DescribeTagsRequest(input *DescribeTagsInput) (req *request.Reques // DescribeTags API operation for Amazon Elastic Compute Cloud. // -// Describes one or more of the tags for your EC2 resources. +// Describes the specified tags for your EC2 resources. // // For more information about tags, see Tagging Your Resources (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -18310,7 +18504,7 @@ func (c *EC2) DescribeTagsWithContext(ctx aws.Context, input *DescribeTagsInput, // // Example iterating over at most 3 pages of a DescribeTags operation. // pageNum := 0 // err := client.DescribeTagsPages(params, -// func(page *DescribeTagsOutput, lastPage bool) bool { +// func(page *ec2.DescribeTagsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18443,7 +18637,7 @@ func (c *EC2) DescribeTransitGatewayAttachmentsWithContext(ctx aws.Context, inpu // // Example iterating over at most 3 pages of a DescribeTransitGatewayAttachments operation. // pageNum := 0 // err := client.DescribeTransitGatewayAttachmentsPages(params, -// func(page *DescribeTransitGatewayAttachmentsOutput, lastPage bool) bool { +// func(page *ec2.DescribeTransitGatewayAttachmentsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18574,7 +18768,7 @@ func (c *EC2) DescribeTransitGatewayRouteTablesWithContext(ctx aws.Context, inpu // // Example iterating over at most 3 pages of a DescribeTransitGatewayRouteTables operation. // pageNum := 0 // err := client.DescribeTransitGatewayRouteTablesPages(params, -// func(page *DescribeTransitGatewayRouteTablesOutput, lastPage bool) bool { +// func(page *ec2.DescribeTransitGatewayRouteTablesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18705,7 +18899,7 @@ func (c *EC2) DescribeTransitGatewayVpcAttachmentsWithContext(ctx aws.Context, i // // Example iterating over at most 3 pages of a DescribeTransitGatewayVpcAttachments operation. // pageNum := 0 // err := client.DescribeTransitGatewayVpcAttachmentsPages(params, -// func(page *DescribeTransitGatewayVpcAttachmentsOutput, lastPage bool) bool { +// func(page *ec2.DescribeTransitGatewayVpcAttachmentsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -18836,7 +19030,7 @@ func (c *EC2) DescribeTransitGatewaysWithContext(ctx aws.Context, input *Describ // // Example iterating over at most 3 pages of a DescribeTransitGateways operation. // pageNum := 0 // err := client.DescribeTransitGatewaysPages(params, -// func(page *DescribeTransitGatewaysOutput, lastPage bool) bool { +// func(page *ec2.DescribeTransitGatewaysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19079,7 +19273,7 @@ func (c *EC2) DescribeVolumeStatusWithContext(ctx aws.Context, input *DescribeVo // // Example iterating over at most 3 pages of a DescribeVolumeStatus operation. // pageNum := 0 // err := client.DescribeVolumeStatusPages(params, -// func(page *DescribeVolumeStatusOutput, lastPage bool) bool { +// func(page *ec2.DescribeVolumeStatusOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19168,7 +19362,7 @@ func (c *EC2) DescribeVolumesRequest(input *DescribeVolumesInput) (req *request. // DescribeVolumes API operation for Amazon Elastic Compute Cloud. // -// Describes the specified EBS volumes. +// Describes the specified EBS volumes or all of your EBS volumes. // // If you are describing a long list of volumes, you can paginate the output // to make the list more manageable. The MaxResults parameter sets the maximum @@ -19219,7 +19413,7 @@ func (c *EC2) DescribeVolumesWithContext(ctx aws.Context, input *DescribeVolumes // // Example iterating over at most 3 pages of a DescribeVolumes operation. // pageNum := 0 // err := client.DescribeVolumesPages(params, -// func(page *DescribeVolumesOutput, lastPage bool) bool { +// func(page *ec2.DescribeVolumesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19362,7 +19556,7 @@ func (c *EC2) DescribeVolumesModificationsWithContext(ctx aws.Context, input *De // // Example iterating over at most 3 pages of a DescribeVolumesModifications operation. // pageNum := 0 // err := client.DescribeVolumesModificationsPages(params, -// func(page *DescribeVolumesModificationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVolumesModificationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19647,7 +19841,7 @@ func (c *EC2) DescribeVpcClassicLinkDnsSupportWithContext(ctx aws.Context, input // // Example iterating over at most 3 pages of a DescribeVpcClassicLinkDnsSupport operation. // pageNum := 0 // err := client.DescribeVpcClassicLinkDnsSupportPages(params, -// func(page *DescribeVpcClassicLinkDnsSupportOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcClassicLinkDnsSupportOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19778,7 +19972,7 @@ func (c *EC2) DescribeVpcEndpointConnectionNotificationsWithContext(ctx aws.Cont // // Example iterating over at most 3 pages of a DescribeVpcEndpointConnectionNotifications operation. // pageNum := 0 // err := client.DescribeVpcEndpointConnectionNotificationsPages(params, -// func(page *DescribeVpcEndpointConnectionNotificationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcEndpointConnectionNotificationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -19909,7 +20103,7 @@ func (c *EC2) DescribeVpcEndpointConnectionsWithContext(ctx aws.Context, input * // // Example iterating over at most 3 pages of a DescribeVpcEndpointConnections operation. // pageNum := 0 // err := client.DescribeVpcEndpointConnectionsPages(params, -// func(page *DescribeVpcEndpointConnectionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcEndpointConnectionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -20039,7 +20233,7 @@ func (c *EC2) DescribeVpcEndpointServiceConfigurationsWithContext(ctx aws.Contex // // Example iterating over at most 3 pages of a DescribeVpcEndpointServiceConfigurations operation. // pageNum := 0 // err := client.DescribeVpcEndpointServiceConfigurationsPages(params, -// func(page *DescribeVpcEndpointServiceConfigurationsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcEndpointServiceConfigurationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -20170,7 +20364,7 @@ func (c *EC2) DescribeVpcEndpointServicePermissionsWithContext(ctx aws.Context, // // Example iterating over at most 3 pages of a DescribeVpcEndpointServicePermissions operation. // pageNum := 0 // err := client.DescribeVpcEndpointServicePermissionsPages(params, -// func(page *DescribeVpcEndpointServicePermissionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcEndpointServicePermissionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -20374,7 +20568,7 @@ func (c *EC2) DescribeVpcEndpointsWithContext(ctx aws.Context, input *DescribeVp // // Example iterating over at most 3 pages of a DescribeVpcEndpoints operation. // pageNum := 0 // err := client.DescribeVpcEndpointsPages(params, -// func(page *DescribeVpcEndpointsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcEndpointsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -20504,7 +20698,7 @@ func (c *EC2) DescribeVpcPeeringConnectionsWithContext(ctx aws.Context, input *D // // Example iterating over at most 3 pages of a DescribeVpcPeeringConnections operation. // pageNum := 0 // err := client.DescribeVpcPeeringConnectionsPages(params, -// func(page *DescribeVpcPeeringConnectionsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcPeeringConnectionsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -20634,7 +20828,7 @@ func (c *EC2) DescribeVpcsWithContext(ctx aws.Context, input *DescribeVpcsInput, // // Example iterating over at most 3 pages of a DescribeVpcs operation. // pageNum := 0 // err := client.DescribeVpcsPages(params, -// func(page *DescribeVpcsOutput, lastPage bool) bool { +// func(page *ec2.DescribeVpcsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -21224,6 +21418,89 @@ func (c *EC2) DetachVpnGatewayWithContext(ctx aws.Context, input *DetachVpnGatew return out, req.Send() } +const opDisableEbsEncryptionByDefault = "DisableEbsEncryptionByDefault" + +// DisableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the +// client's request for the DisableEbsEncryptionByDefault operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableEbsEncryptionByDefault for more information on using the DisableEbsEncryptionByDefault +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableEbsEncryptionByDefaultRequest method. +// req, resp := client.DisableEbsEncryptionByDefaultRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableEbsEncryptionByDefault +func (c *EC2) DisableEbsEncryptionByDefaultRequest(input *DisableEbsEncryptionByDefaultInput) (req *request.Request, output *DisableEbsEncryptionByDefaultOutput) { + op := &request.Operation{ + Name: opDisableEbsEncryptionByDefault, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisableEbsEncryptionByDefaultInput{} + } + + output = &DisableEbsEncryptionByDefaultOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. +// +// Disables default encryption for EBS volumes that are created in your account +// in the current region. +// +// Call this API if you have enabled default encryption using EnableEbsEncryptionByDefault +// and want to disable default EBS encryption. Once default EBS encryption is +// disabled, you can still create an encrypted volume by setting encrypted to +// true in the API call that creates the volume. +// +// Disabling default EBS encryption will not change the encryption status of +// any of your existing volumes. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DisableEbsEncryptionByDefault for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DisableEbsEncryptionByDefault +func (c *EC2) DisableEbsEncryptionByDefault(input *DisableEbsEncryptionByDefaultInput) (*DisableEbsEncryptionByDefaultOutput, error) { + req, out := c.DisableEbsEncryptionByDefaultRequest(input) + return out, req.Send() +} + +// DisableEbsEncryptionByDefaultWithContext is the same as DisableEbsEncryptionByDefault with the addition of +// the ability to pass a context and additional request options. +// +// See DisableEbsEncryptionByDefault for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DisableEbsEncryptionByDefaultWithContext(ctx aws.Context, input *DisableEbsEncryptionByDefaultInput, opts ...request.Option) (*DisableEbsEncryptionByDefaultOutput, error) { + req, out := c.DisableEbsEncryptionByDefaultRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisableTransitGatewayRouteTablePropagation = "DisableTransitGatewayRouteTablePropagation" // DisableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -22081,6 +22358,105 @@ func (c *EC2) DisassociateVpcCidrBlockWithContext(ctx aws.Context, input *Disass return out, req.Send() } +const opEnableEbsEncryptionByDefault = "EnableEbsEncryptionByDefault" + +// EnableEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the +// client's request for the EnableEbsEncryptionByDefault operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableEbsEncryptionByDefault for more information on using the EnableEbsEncryptionByDefault +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableEbsEncryptionByDefaultRequest method. +// req, resp := client.EnableEbsEncryptionByDefaultRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableEbsEncryptionByDefault +func (c *EC2) EnableEbsEncryptionByDefaultRequest(input *EnableEbsEncryptionByDefaultInput) (req *request.Request, output *EnableEbsEncryptionByDefaultOutput) { + op := &request.Operation{ + Name: opEnableEbsEncryptionByDefault, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &EnableEbsEncryptionByDefaultInput{} + } + + output = &EnableEbsEncryptionByDefaultOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. +// +// Enables default encryption for EBS volumes that are created in your account +// in the current region. +// +// Once encryption is enabled with this action, EBS volumes that are created +// in your account will always be encrypted even if encryption is not specified +// at launch. This setting overrides the encrypted setting to true in all API +// calls that create EBS volumes in your account. A volume will be encrypted +// even if you specify encryption to be false in the API call that creates the +// volume. +// +// If you do not specify a customer master key (CMK) in the API call that creates +// the EBS volume, then the volume is encrypted to your AWS account's default +// CMK. +// +// You can specify a default CMK of your choice using ModifyEbsDefaultKmsKeyId. +// +// Enabling default encryption for EBS volumes has no effect on existing unencrypted +// volumes in your account. Encrypting the data in these requires manual action. +// You can either create an encrypted snapshot of an unencrypted volume, or +// encrypt a copy of an unencrypted snapshot. Any volume restored from an encrypted +// snapshot is also encrypted. For more information, see Amazon EBS Snapshots +// (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html). +// +// After EBS encryption by default is enabled, you can no longer launch older-generation +// instance types that do not support encryption. For more information, see +// Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation EnableEbsEncryptionByDefault for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EnableEbsEncryptionByDefault +func (c *EC2) EnableEbsEncryptionByDefault(input *EnableEbsEncryptionByDefaultInput) (*EnableEbsEncryptionByDefaultOutput, error) { + req, out := c.EnableEbsEncryptionByDefaultRequest(input) + return out, req.Send() +} + +// EnableEbsEncryptionByDefaultWithContext is the same as EnableEbsEncryptionByDefault with the addition of +// the ability to pass a context and additional request options. +// +// See EnableEbsEncryptionByDefault for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) EnableEbsEncryptionByDefaultWithContext(ctx aws.Context, input *EnableEbsEncryptionByDefaultInput, opts ...request.Option) (*EnableEbsEncryptionByDefaultOutput, error) { + req, out := c.EnableEbsEncryptionByDefaultRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opEnableTransitGatewayRouteTablePropagation = "EnableTransitGatewayRouteTablePropagation" // EnableTransitGatewayRouteTablePropagationRequest generates a "aws/request.Request" representing the @@ -22862,6 +23238,157 @@ func (c *EC2) GetConsoleScreenshotWithContext(ctx aws.Context, input *GetConsole return out, req.Send() } +const opGetEbsDefaultKmsKeyId = "GetEbsDefaultKmsKeyId" + +// GetEbsDefaultKmsKeyIdRequest generates a "aws/request.Request" representing the +// client's request for the GetEbsDefaultKmsKeyId operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetEbsDefaultKmsKeyId for more information on using the GetEbsDefaultKmsKeyId +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetEbsDefaultKmsKeyIdRequest method. +// req, resp := client.GetEbsDefaultKmsKeyIdRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsDefaultKmsKeyId +func (c *EC2) GetEbsDefaultKmsKeyIdRequest(input *GetEbsDefaultKmsKeyIdInput) (req *request.Request, output *GetEbsDefaultKmsKeyIdOutput) { + op := &request.Operation{ + Name: opGetEbsDefaultKmsKeyId, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetEbsDefaultKmsKeyIdInput{} + } + + output = &GetEbsDefaultKmsKeyIdOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. +// +// Describes the default customer master key (CMK) that your account uses to +// encrypt EBS volumes if you don’t specify a CMK in the API call. You can +// change this default using ModifyEbsDefaultKmsKeyId. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetEbsDefaultKmsKeyId for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsDefaultKmsKeyId +func (c *EC2) GetEbsDefaultKmsKeyId(input *GetEbsDefaultKmsKeyIdInput) (*GetEbsDefaultKmsKeyIdOutput, error) { + req, out := c.GetEbsDefaultKmsKeyIdRequest(input) + return out, req.Send() +} + +// GetEbsDefaultKmsKeyIdWithContext is the same as GetEbsDefaultKmsKeyId with the addition of +// the ability to pass a context and additional request options. +// +// See GetEbsDefaultKmsKeyId for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetEbsDefaultKmsKeyIdWithContext(ctx aws.Context, input *GetEbsDefaultKmsKeyIdInput, opts ...request.Option) (*GetEbsDefaultKmsKeyIdOutput, error) { + req, out := c.GetEbsDefaultKmsKeyIdRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetEbsEncryptionByDefault = "GetEbsEncryptionByDefault" + +// GetEbsEncryptionByDefaultRequest generates a "aws/request.Request" representing the +// client's request for the GetEbsEncryptionByDefault operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetEbsEncryptionByDefault for more information on using the GetEbsEncryptionByDefault +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetEbsEncryptionByDefaultRequest method. +// req, resp := client.GetEbsEncryptionByDefaultRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsEncryptionByDefault +func (c *EC2) GetEbsEncryptionByDefaultRequest(input *GetEbsEncryptionByDefaultInput) (req *request.Request, output *GetEbsEncryptionByDefaultOutput) { + op := &request.Operation{ + Name: opGetEbsEncryptionByDefault, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetEbsEncryptionByDefaultInput{} + } + + output = &GetEbsEncryptionByDefaultOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetEbsEncryptionByDefault API operation for Amazon Elastic Compute Cloud. +// +// Describes whether default EBS encryption is enabled for your account in the +// current region. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation GetEbsEncryptionByDefault for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/GetEbsEncryptionByDefault +func (c *EC2) GetEbsEncryptionByDefault(input *GetEbsEncryptionByDefaultInput) (*GetEbsEncryptionByDefaultOutput, error) { + req, out := c.GetEbsEncryptionByDefaultRequest(input) + return out, req.Send() +} + +// GetEbsEncryptionByDefaultWithContext is the same as GetEbsEncryptionByDefault with the addition of +// the ability to pass a context and additional request options. +// +// See GetEbsEncryptionByDefault for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) GetEbsEncryptionByDefaultWithContext(ctx aws.Context, input *GetEbsEncryptionByDefaultInput, opts ...request.Option) (*GetEbsEncryptionByDefaultOutput, error) { + req, out := c.GetEbsEncryptionByDefaultRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetHostReservationPurchasePreview = "GetHostReservationPurchasePreview" // GetHostReservationPurchasePreviewRequest generates a "aws/request.Request" representing the @@ -23276,7 +23803,7 @@ func (c *EC2) GetTransitGatewayAttachmentPropagationsWithContext(ctx aws.Context // // Example iterating over at most 3 pages of a GetTransitGatewayAttachmentPropagations operation. // pageNum := 0 // err := client.GetTransitGatewayAttachmentPropagationsPages(params, -// func(page *GetTransitGatewayAttachmentPropagationsOutput, lastPage bool) bool { +// func(page *ec2.GetTransitGatewayAttachmentPropagationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -23407,7 +23934,7 @@ func (c *EC2) GetTransitGatewayRouteTableAssociationsWithContext(ctx aws.Context // // Example iterating over at most 3 pages of a GetTransitGatewayRouteTableAssociations operation. // pageNum := 0 // err := client.GetTransitGatewayRouteTableAssociationsPages(params, -// func(page *GetTransitGatewayRouteTableAssociationsOutput, lastPage bool) bool { +// func(page *ec2.GetTransitGatewayRouteTableAssociationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -23538,7 +24065,7 @@ func (c *EC2) GetTransitGatewayRouteTablePropagationsWithContext(ctx aws.Context // // Example iterating over at most 3 pages of a GetTransitGatewayRouteTablePropagations operation. // pageNum := 0 // err := client.GetTransitGatewayRouteTablePropagationsPages(params, -// func(page *GetTransitGatewayRouteTablePropagationsOutput, lastPage bool) bool { +// func(page *ec2.GetTransitGatewayRouteTablePropagationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -24201,6 +24728,89 @@ func (c *EC2) ModifyClientVpnEndpointWithContext(ctx aws.Context, input *ModifyC return out, req.Send() } +const opModifyEbsDefaultKmsKeyId = "ModifyEbsDefaultKmsKeyId" + +// ModifyEbsDefaultKmsKeyIdRequest generates a "aws/request.Request" representing the +// client's request for the ModifyEbsDefaultKmsKeyId operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyEbsDefaultKmsKeyId for more information on using the ModifyEbsDefaultKmsKeyId +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyEbsDefaultKmsKeyIdRequest method. +// req, resp := client.ModifyEbsDefaultKmsKeyIdRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyEbsDefaultKmsKeyId +func (c *EC2) ModifyEbsDefaultKmsKeyIdRequest(input *ModifyEbsDefaultKmsKeyIdInput) (req *request.Request, output *ModifyEbsDefaultKmsKeyIdOutput) { + op := &request.Operation{ + Name: opModifyEbsDefaultKmsKeyId, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyEbsDefaultKmsKeyIdInput{} + } + + output = &ModifyEbsDefaultKmsKeyIdOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. +// +// Changes the default customer master key (CMK) that your account uses to encrypt +// EBS volumes if you don't specify a CMK in the API call. +// +// Your account has an AWS-managed default CMK that is used for encrypting an +// EBS volume when no CMK is specified in the API call that creates the volume. +// By calling this API, you can specify a customer-managed CMK to use in place +// of the AWS-managed default CMK. +// +// Note: Deleting or disabling the custom CMK that you have specified to act +// as your default CMK will result in instance-launch failures. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyEbsDefaultKmsKeyId for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyEbsDefaultKmsKeyId +func (c *EC2) ModifyEbsDefaultKmsKeyId(input *ModifyEbsDefaultKmsKeyIdInput) (*ModifyEbsDefaultKmsKeyIdOutput, error) { + req, out := c.ModifyEbsDefaultKmsKeyIdRequest(input) + return out, req.Send() +} + +// ModifyEbsDefaultKmsKeyIdWithContext is the same as ModifyEbsDefaultKmsKeyId with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyEbsDefaultKmsKeyId for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyEbsDefaultKmsKeyIdWithContext(ctx aws.Context, input *ModifyEbsDefaultKmsKeyIdInput, opts ...request.Option) (*ModifyEbsDefaultKmsKeyIdOutput, error) { + req, out := c.ModifyEbsDefaultKmsKeyIdRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyFleet = "ModifyFleet" // ModifyFleetRequest generates a "aws/request.Request" representing the @@ -24476,7 +25086,7 @@ func (c *EC2) ModifyIdFormatRequest(input *ModifyIdFormatInput) (req *request.Re // ModifyIdFormat API operation for Amazon Elastic Compute Cloud. // -// Modifies the ID format for the specified resource on a per-region basis. +// Modifies the ID format for the specified resource on a per-Region basis. // You can specify that resources should receive longer IDs (17-character IDs) // when they are created. // @@ -25485,6 +26095,8 @@ func (c *EC2) ModifySpotFleetRequestRequest(input *ModifySpotFleetRequestInput) // // Modifies the specified Spot Fleet request. // +// You can only modify a Spot Fleet request of type maintain. +// // While the Spot Fleet request is being modified, it is in the modifying state. // // To scale up your Spot Fleet, increase its target capacity. The Spot Fleet @@ -26319,11 +26931,11 @@ func (c *EC2) ModifyVpcPeeringConnectionOptionsRequest(input *ModifyVpcPeeringCo // If the peered VPCs are in the same AWS account, you can enable DNS resolution // for queries from the local VPC. This ensures that queries from the local // VPC resolve to private IP addresses in the peer VPC. This option is not available -// if the peered VPCs are in different AWS accounts or different regions. For +// if the peered VPCs are in different AWS accounts or different Regions. For // peered VPCs in different AWS accounts, each AWS account owner must initiate // a separate request to modify the peering connection options. For inter-region -// peering connections, you must use the region for the requester VPC to modify -// the requester VPC peering options and the region for the accepter VPC to +// peering connections, you must use the Region for the requester VPC to modify +// the requester VPC peering options and the Region for the accepter VPC to // modify the accepter VPC peering options. To verify which VPCs are the accepter // and the requester for a VPC peering connection, use the DescribeVpcPeeringConnections // command. @@ -26439,6 +27051,119 @@ func (c *EC2) ModifyVpcTenancyWithContext(ctx aws.Context, input *ModifyVpcTenan return out, req.Send() } +const opModifyVpnConnection = "ModifyVpnConnection" + +// ModifyVpnConnectionRequest generates a "aws/request.Request" representing the +// client's request for the ModifyVpnConnection operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyVpnConnection for more information on using the ModifyVpnConnection +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyVpnConnectionRequest method. +// req, resp := client.ModifyVpnConnectionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnConnection +func (c *EC2) ModifyVpnConnectionRequest(input *ModifyVpnConnectionInput) (req *request.Request, output *ModifyVpnConnectionOutput) { + op := &request.Operation{ + Name: opModifyVpnConnection, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyVpnConnectionInput{} + } + + output = &ModifyVpnConnectionOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyVpnConnection API operation for Amazon Elastic Compute Cloud. +// +// Modifies the target gateway of a AWS Site-to-Site VPN connection. The following +// migration options are available: +// +// * An existing virtual private gateway to a new virtual private gateway +// +// * An existing virtual private gateway to a transit gateway +// +// * An existing transit gateway to a new transit gateway +// +// * An existing transit gateway to a virtual private gateway +// +// Before you perform the migration to the new gateway, you must configure the +// new gateway. Use CreateVpnGateway to create a virtual private gateway, or +// CreateTransitGateway to create a transit gateway. +// +// This step is required when you migrate from a virtual private gateway with +// static routes to a transit gateway. +// +// You must delete the static routes before you migrate to the new gateway. +// +// Keep a copy of the static route before you delete it. You will need to add +// back these routes to the transit gateway after the VPN connection migration +// is complete. +// +// After you migrate to the new gateway, you might need to modify your VPC route +// table. Use CreateRoute and DeleteRoute to make the changes described in VPN +// Gateway Target Modification Required VPC Route Table Updates (https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing) +// in the AWS Site-to-Site VPN User Guide. +// +// When the new gateway is a transit gateway, modify the transit gateway route +// table to allow traffic between the VPC and the AWS Site-to-Site VPN connection. +// Use CreateTransitGatewayRoute to add the routes. +// +// If you deleted VPN static routes, you must add the static routes to the transit +// gateway route table. +// +// After you perform this operation, the AWS VPN endpoint's IP addresses on +// the AWS side and the tunnel options remain intact. Your s2slong; connection +// will be temporarily unavailable for approximately 10 minutes while we provision +// the new endpoints +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyVpnConnection for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpnConnection +func (c *EC2) ModifyVpnConnection(input *ModifyVpnConnectionInput) (*ModifyVpnConnectionOutput, error) { + req, out := c.ModifyVpnConnectionRequest(input) + return out, req.Send() +} + +// ModifyVpnConnectionWithContext is the same as ModifyVpnConnection with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyVpnConnection for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyVpnConnectionWithContext(ctx aws.Context, input *ModifyVpnConnectionInput, opts ...request.Option) (*ModifyVpnConnectionOutput, error) { + req, out := c.ModifyVpnConnectionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opMonitorInstances = "MonitorInstances" // MonitorInstancesRequest generates a "aws/request.Request" representing the @@ -26892,7 +27617,7 @@ func (c *EC2) PurchaseScheduledInstancesRequest(input *PurchaseScheduledInstance // PurchaseScheduledInstances API operation for Amazon Elastic Compute Cloud. // -// Purchases one or more Scheduled Instances with the specified schedule. +// Purchases the Scheduled Instances with the specified schedule. // // Scheduled Instances enable you to purchase Amazon EC2 compute capacity by // the hour for a one-year term. Before you can purchase a Scheduled Instance, @@ -26976,7 +27701,7 @@ func (c *EC2) RebootInstancesRequest(input *RebootInstancesInput) (req *request. // RebootInstances API operation for Amazon Elastic Compute Cloud. // -// Requests a reboot of one or more instances. This operation is asynchronous; +// Requests a reboot of the specified instances. This operation is asynchronous; // it only queues a request to reboot the specified instances. The operation // succeeds if the instances are valid and belong to you. Requests to reboot // terminated instances are ignored. @@ -28256,6 +28981,92 @@ func (c *EC2) RequestSpotInstancesWithContext(ctx aws.Context, input *RequestSpo return out, req.Send() } +const opResetEbsDefaultKmsKeyId = "ResetEbsDefaultKmsKeyId" + +// ResetEbsDefaultKmsKeyIdRequest generates a "aws/request.Request" representing the +// client's request for the ResetEbsDefaultKmsKeyId operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ResetEbsDefaultKmsKeyId for more information on using the ResetEbsDefaultKmsKeyId +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ResetEbsDefaultKmsKeyIdRequest method. +// req, resp := client.ResetEbsDefaultKmsKeyIdRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetEbsDefaultKmsKeyId +func (c *EC2) ResetEbsDefaultKmsKeyIdRequest(input *ResetEbsDefaultKmsKeyIdInput) (req *request.Request, output *ResetEbsDefaultKmsKeyIdOutput) { + op := &request.Operation{ + Name: opResetEbsDefaultKmsKeyId, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ResetEbsDefaultKmsKeyIdInput{} + } + + output = &ResetEbsDefaultKmsKeyIdOutput{} + req = c.newRequest(op, input, output) + return +} + +// ResetEbsDefaultKmsKeyId API operation for Amazon Elastic Compute Cloud. +// +// Resets the account's default customer master key (CMK) to the account's AWS-managed +// default CMK. This default CMK is used to encrypt EBS volumes when you have +// enabled EBS encryption by default without specifying a CMK in the API call. +// If you have not enabled encryption by default, then this CMK is used when +// you set the Encrypted parameter to true without specifying a custom CMK in +// the API call. +// +// Call this API if you have modified the default CMK that is used for encrypting +// your EBS volume using ModifyEbsDefaultKmsKeyId and you want to reset it to +// the AWS-managed default CMK. After resetting, you can continue to provide +// a CMK of your choice in the API call that creates the volume. However, if +// no CMK is specified, your account will encrypt the volume to the AWS-managed +// default CMK. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ResetEbsDefaultKmsKeyId for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ResetEbsDefaultKmsKeyId +func (c *EC2) ResetEbsDefaultKmsKeyId(input *ResetEbsDefaultKmsKeyIdInput) (*ResetEbsDefaultKmsKeyIdOutput, error) { + req, out := c.ResetEbsDefaultKmsKeyIdRequest(input) + return out, req.Send() +} + +// ResetEbsDefaultKmsKeyIdWithContext is the same as ResetEbsDefaultKmsKeyId with the addition of +// the ability to pass a context and additional request options. +// +// See ResetEbsDefaultKmsKeyId for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ResetEbsDefaultKmsKeyIdWithContext(ctx aws.Context, input *ResetEbsDefaultKmsKeyIdInput, opts ...request.Option) (*ResetEbsDefaultKmsKeyIdOutput, error) { + req, out := c.ResetEbsDefaultKmsKeyIdRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opResetFpgaImageAttribute = "ResetFpgaImageAttribute" // ResetFpgaImageAttributeRequest generates a "aws/request.Request" representing the @@ -28842,10 +29653,10 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [EC2-VPC only] Removes one or more egress rules from a security group for -// EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic. -// To remove a rule, the values that you specify (for example, ports) must match -// the existing rule's values exactly. +// [VPC only] Removes the specified egress rules from a security group for EC2-VPC. +// This action doesn't apply to security groups for use in EC2-Classic. To remove +// a rule, the values that you specify (for example, ports) must match the existing +// rule's values exactly. // // Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source // security group. For the TCP and UDP protocols, you must also specify the @@ -28929,13 +29740,13 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // RevokeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Removes one or more ingress rules from a security group. To remove a rule, +// Removes the specified ingress rules from a security group. To remove a rule, // the values that you specify (for example, ports) must match the existing // rule's values exactly. // -// [EC2-Classic security groups only] If the values you specify do not match -// the existing rule's values, no error is returned. Use DescribeSecurityGroups -// to verify that the rule has been removed. +// [EC2-Classic only] If the values you specify do not match the existing rule's +// values, no error is returned. Use DescribeSecurityGroups to verify that the +// rule has been removed. // // Each rule consists of the protocol and the CIDR range or source security // group. For the TCP and UDP protocols, you must also specify the destination @@ -29592,8 +30403,8 @@ func (c *EC2) TerminateInstancesRequest(input *TerminateInstancesInput) (req *re // TerminateInstances API operation for Amazon Elastic Compute Cloud. // -// Shuts down one or more instances. This operation is idempotent; if you terminate -// an instance more than once, each call succeeds. +// Shuts down the specified instances. This operation is idempotent; if you +// terminate an instance more than once, each call succeeds. // // If you specify multiple instances and the request fails (for example, because // of a single incorrect instance ID), none of the instances are terminated. @@ -29915,7 +30726,7 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // UpdateSecurityGroupRuleDescriptionsEgress API operation for Amazon Elastic Compute Cloud. // -// [EC2-VPC only] Updates the description of an egress (outbound) security group +// [VPC only] Updates the description of an egress (outbound) security group // rule. You can replace an existing description, or add a description to a // rule that did not have one previously. // @@ -30434,7 +31245,7 @@ type AccountAttribute struct { // The name of the account attribute. AttributeName *string `locationName:"attributeName" type:"string"` - // One or more values for the account attribute. + // The values for the account attribute. AttributeValues []*AccountAttributeValue `locationName:"attributeValueSet" locationNameList:"item" type:"list"` } @@ -30831,14 +31642,16 @@ func (s *AllocateAddressOutput) SetPublicIpv4Pool(v string) *AllocateAddressOutp type AllocateHostsInput struct { _ struct{} `type:"structure"` - // This is enabled by default. This property allows instances to be automatically - // placed onto available Dedicated Hosts, when you are launching instances without - // specifying a host ID. + // Indicates whether the host accepts any untargeted instance launches that + // match its instance type configuration, or if it only accepts Host tenancy + // instance launches that specify its unique host ID. For more information, + // see Understanding Instance Placement and Host Affinity (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html#dedicated-hosts-understanding) + // in the Amazon EC2 User Guide for Linux Instances. // - // Default: Enabled + // Default: on AutoPlacement *string `locationName:"autoPlacement" type:"string" enum:"AutoPlacement"` - // The Availability Zone for the Dedicated Hosts. + // The Availability Zone in which to allocate the Dedicated Host. // // AvailabilityZone is a required field AvailabilityZone *string `locationName:"availabilityZone" type:"string" required:"true"` @@ -30848,9 +31661,9 @@ type AllocateHostsInput struct { // in the Amazon Elastic Compute Cloud User Guide. ClientToken *string `locationName:"clientToken" type:"string"` - // Specify the instance type for which to configure your Dedicated Hosts. When - // you specify the instance type, that is the only instance type that you can - // launch onto that host. + // Specifies the instance type for which to configure your Dedicated Hosts. + // When you specify the instance type, that is the only instance type that you + // can launch onto that host. // // InstanceType is a required field InstanceType *string `locationName:"instanceType" type:"string" required:"true"` @@ -31295,6 +32108,9 @@ type AssociateAddressInput struct { // [EC2-VPC] The ID of the network interface. If the instance has more than // one network interface, you must specify a network interface ID. + // + // For EC2-VPC, you can specify either the instance ID or the network interface + // ID, but not both. NetworkInterfaceId *string `locationName:"networkInterfaceId" type:"string"` // [EC2-VPC] The primary or secondary private IP address to associate with the @@ -31302,7 +32118,8 @@ type AssociateAddressInput struct { // address is associated with the primary private IP address. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` - // The Elastic IP address. This is required for EC2-Classic. + // The Elastic IP address to associate with the instance. This is required for + // EC2-Classic. PublicIp *string `type:"string"` } @@ -31385,6 +32202,10 @@ func (s *AssociateAddressOutput) SetAssociationId(v string) *AssociateAddressOut type AssociateClientVpnTargetNetworkInput struct { _ struct{} `type:"structure"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + // The ID of the Client VPN endpoint. // // ClientVpnEndpointId is a required field @@ -31428,6 +32249,12 @@ func (s *AssociateClientVpnTargetNetworkInput) Validate() error { return nil } +// SetClientToken sets the ClientToken field's value. +func (s *AssociateClientVpnTargetNetworkInput) SetClientToken(v string) *AssociateClientVpnTargetNetworkInput { + s.ClientToken = &v + return s +} + // SetClientVpnEndpointId sets the ClientVpnEndpointId field's value. func (s *AssociateClientVpnTargetNetworkInput) SetClientVpnEndpointId(v string) *AssociateClientVpnTargetNetworkInput { s.ClientVpnEndpointId = &v @@ -32638,6 +33465,10 @@ type AuthorizeClientVpnIngressInput struct { // who successfully establish a VPN connection access to the network. AuthorizeAllGroups *bool `type:"boolean"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + // The ID of the Client VPN endpoint. // // ClientVpnEndpointId is a required field @@ -32697,6 +33528,12 @@ func (s *AuthorizeClientVpnIngressInput) SetAuthorizeAllGroups(v bool) *Authoriz return s } +// SetClientToken sets the ClientToken field's value. +func (s *AuthorizeClientVpnIngressInput) SetClientToken(v string) *AuthorizeClientVpnIngressInput { + s.ClientToken = &v + return s +} + // SetClientVpnEndpointId sets the ClientVpnEndpointId field's value. func (s *AuthorizeClientVpnIngressInput) SetClientVpnEndpointId(v string) *AuthorizeClientVpnIngressInput { s.ClientVpnEndpointId = &v @@ -32764,8 +33601,8 @@ type AuthorizeSecurityGroupEgressInput struct { // GroupId is a required field GroupId *string `locationName:"groupId" type:"string" required:"true"` - // One or more sets of IP permissions. You can't specify a destination security - // group and a CIDR IP address range in the same set of permissions. + // The sets of IP permissions. You can't specify a destination security group + // and a CIDR IP address range in the same set of permissions. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` // Not supported. Use a set of IP permissions to specify the protocol name or @@ -32878,8 +33715,12 @@ func (s AuthorizeSecurityGroupEgressOutput) GoString() string { type AuthorizeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` - // The CIDR IPv4 address range. You can't specify this parameter when specifying - // a source security group. + // The IPv4 address range, in CIDR format. You can't specify this parameter + // when specifying a source security group. To specify an IPv6 address range, + // use a set of IP permissions. + // + // Alternatively, use a set of IP permissions to specify multiple rules and + // a description for the rule. CidrIp *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -32888,9 +33729,12 @@ type AuthorizeSecurityGroupIngressInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 - // type number. For the ICMP/ICMPv6 type number, use -1 to specify all types. - // If you specify all ICMP/ICMPv6 types, you must specify all codes. + // The start of port range for the TCP and UDP protocols, or an ICMP type number. + // For the ICMP type number, use -1 to specify all types. If you specify all + // ICMP types, you must specify all codes. + // + // Alternatively, use a set of IP permissions to specify multiple rules and + // a description for the rule. FromPort *int64 `type:"integer"` // The ID of the security group. You must specify either the security group @@ -32902,16 +33746,18 @@ type AuthorizeSecurityGroupIngressInput struct { // either the security group ID or the security group name in the request. GroupName *string `type:"string"` - // One or more sets of IP permissions. Can be used to specify multiple rules - // in a single command. + // The sets of IP permissions. IpPermissions []*IpPermission `locationNameList:"item" type:"list"` // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). - // (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol - // number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is - // allowed, regardless of any ports you specify. For tcp, udp, and icmp, you - // must specify a port range. For protocol 58 (ICMPv6), you can optionally specify - // a port range; if you don't, traffic for all types and codes is allowed. + // To specify icmpv6, use a set of IP permissions. + // + // [VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol + // other than tcp, udp, or icmp, traffic on all ports is allowed, regardless + // of any ports you specify. + // + // Alternatively, use a set of IP permissions to specify multiple rules and + // a description for the rule. IpProtocol *string `type:"string"` // [EC2-Classic, default VPC] The name of the source security group. You can't @@ -32931,9 +33777,12 @@ type AuthorizeSecurityGroupIngressInput struct { // with a specific IP protocol and port range, use a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` - // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code - // number. For the ICMP/ICMPv6 code number, use -1 to specify all codes. If - // you specify all ICMP/ICMPv6 types, you must specify all codes. + // The end of port range for the TCP and UDP protocols, or an ICMP code number. + // For the ICMP code number, use -1 to specify all codes. If you specify all + // ICMP types, you must specify all codes. + // + // Alternatively, use a set of IP permissions to specify multiple rules and + // a description for the rule. ToPort *int64 `type:"integer"` } @@ -33028,7 +33877,7 @@ type AvailabilityZone struct { // Any messages about the Availability Zone. Messages []*AvailabilityZoneMessage `locationName:"messageSet" locationNameList:"item" type:"list"` - // The name of the region. + // The name of the Region. RegionName *string `locationName:"regionName" type:"string"` // The state of the Availability Zone. @@ -35930,7 +36779,7 @@ type CopyFpgaImageInput struct { // SourceFpgaImageId is a required field SourceFpgaImageId *string `type:"string" required:"true"` - // The region that contains the source AFI. + // The Region that contains the source AFI. // // SourceRegion is a required field SourceRegion *string `type:"string" required:"true"` @@ -36030,7 +36879,7 @@ type CopyImageInput struct { // in the Amazon Elastic Compute Cloud User Guide. ClientToken *string `type:"string"` - // A description for the new AMI in the destination region. + // A description for the new AMI in the destination Region. Description *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -36054,31 +36903,26 @@ type CopyImageInput struct { // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted // flag must also be set. // - // The CMK identifier may be provided in any of the following formats: - // - // * Key ID - // - // * Key alias, in the form alias/ExampleAlias + // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, + // or alias ARN. When using an alias name, prefix it with "alias/". For example: // - // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the region of the CMK, the AWS account ID of the CMK owner, the key - // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // - // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the region of the CMK, the AWS account ID of the CMK owner, - // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // * Alias name: alias/ExampleAlias // + // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. This action // will eventually report failure. // - // The specified CMK must exist in the region that the snapshot is being copied + // The specified CMK must exist in the Region that the snapshot is being copied // to. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` - // The name of the new AMI in the destination region. + // The name of the new AMI in the destination Region. // // Name is a required field Name *string `type:"string" required:"true"` @@ -36088,7 +36932,7 @@ type CopyImageInput struct { // SourceImageId is a required field SourceImageId *string `type:"string" required:"true"` - // The name of the region that contains the AMI to copy. + // The name of the Region that contains the AMI to copy. // // SourceRegion is a required field SourceRegion *string `type:"string" required:"true"` @@ -36236,18 +37080,18 @@ type CopySnapshotInput struct { // // * Key ID // - // * Key alias + // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed + // by the Region of the CMK, the AWS account ID of the CMK owner, the alias + // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the region of the CMK, the AWS account ID of the CMK owner, the key + // by the Region of the CMK, the AWS account ID of the CMK owner, the key // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // - // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the region of the CMK, the AWS account ID of the CMK owner, + // followed by the Region of the CMK, the AWS account ID of the CMK owner, // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. The action // will eventually fail. @@ -36699,8 +37543,8 @@ type CreateClientVpnEndpointInput struct { // ClientCidrBlock is a required field ClientCidrBlock *string `type:"string" required:"true"` - // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `type:"string" idempotencyToken:"true"` // Information about the client connection logging options. @@ -36885,6 +37729,10 @@ func (s *CreateClientVpnEndpointOutput) SetStatus(v *ClientVpnEndpointStatus) *C type CreateClientVpnRouteInput struct { _ struct{} `type:"structure"` + // Unique, case-sensitive identifier that you provide to ensure the idempotency + // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + ClientToken *string `type:"string" idempotencyToken:"true"` + // The ID of the Client VPN endpoint to which to add the route. // // ClientVpnEndpointId is a required field @@ -36950,6 +37798,12 @@ func (s *CreateClientVpnRouteInput) Validate() error { return nil } +// SetClientToken sets the ClientToken field's value. +func (s *CreateClientVpnRouteInput) SetClientToken(v string) *CreateClientVpnRouteInput { + s.ClientToken = &v + return s +} + // SetClientVpnEndpointId sets the ClientVpnEndpointId field's value. func (s *CreateClientVpnRouteInput) SetClientVpnEndpointId(v string) *CreateClientVpnRouteInput { s.ClientVpnEndpointId = &v @@ -37753,7 +38607,11 @@ type CreateFlowLogsInput struct { // of the request. For more information, see How to Ensure Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Run_Instance_Idempotency.html). ClientToken *string `type:"string"` - // The ARN for the IAM role that's used to post flow logs to a log group. + // The ARN for the IAM role that permits Amazon EC2 to publish flow logs to + // a CloudWatch Logs log group in your account. + // + // If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + // or LogGroupName. DeliverLogsPermissionArn *string `type:"string"` // Checks whether you have the required permissions for the action, without @@ -37763,7 +38621,7 @@ type CreateFlowLogsInput struct { DryRun *bool `type:"boolean"` // Specifies the destination to which the flow log data is to be published. - // Flow log data can be published to an CloudWatch Logs log group or an Amazon + // Flow log data can be published to a CloudWatch Logs log group or an Amazon // S3 bucket. The value specified for this parameter depends on the value specified // for LogDestinationType. // @@ -37783,25 +38641,35 @@ type CreateFlowLogsInput struct { // flow log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow // log data to Amazon S3, specify s3. // + // If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + // or LogGroupName. + // // Default: cloud-watch-logs LogDestinationType *string `type:"string" enum:"LogDestinationType"` - // The name of the log group. + // The name of a new or existing CloudWatch Logs log group where Amazon EC2 + // publishes your flow logs. + // + // If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + // or LogGroupName. LogGroupName *string `type:"string"` - // One or more subnet, network interface, or VPC IDs. + // The ID of the subnet, network interface, or VPC for which you want to create + // a flow log. // // Constraints: Maximum of 1000 resources // // ResourceIds is a required field ResourceIds []*string `locationName:"ResourceId" locationNameList:"item" type:"list" required:"true"` - // The type of resource on which to create the flow log. + // The type of resource for which to create the flow log. For example, if you + // specified a VPC ID for the ResourceId property, specify VPC for this property. // // ResourceType is a required field ResourceType *string `type:"string" required:"true" enum:"FlowLogsResourceType"` - // The type of traffic to log. + // The type of traffic to log. You can log traffic that the resource accepts + // or rejects, or all traffic. // // TrafficType is a required field TrafficType *string `type:"string" required:"true" enum:"TrafficType"` @@ -38052,13 +38920,12 @@ func (s *CreateFpgaImageOutput) SetFpgaImageId(v string) *CreateFpgaImageOutput return s } -// Contains the parameters for CreateImage. type CreateImageInput struct { _ struct{} `type:"structure"` - // Information about one or more block device mappings. This parameter cannot - // be used to modify the encryption status of existing volumes or snapshots. - // To create an AMI with encrypted snapshots, use the CopyImage action. + // Tthe block device mappings. This parameter cannot be used to modify the encryption + // status of existing volumes or snapshots. To create an AMI with encrypted + // snapshots, use the CopyImage action. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // A description for the new image. @@ -38153,7 +39020,6 @@ func (s *CreateImageInput) SetNoReboot(v bool) *CreateImageInput { return s } -// Contains the output of CreateImage. type CreateImageOutput struct { _ struct{} `type:"structure"` @@ -39017,6 +39883,13 @@ type CreateNetworkInterfaceInput struct { // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` + // Indicates the type of network interface. To create an Elastic Fabric Adapter + // (EFA), specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // If you are not creating an EFA, specify interface or omit this parameter. + InterfaceType *string `type:"string" enum:"NetworkInterfaceCreationType"` + // The number of IPv6 addresses to assign to a network interface. Amazon EC2 // automatically selects the IPv6 addresses from the subnet range. You can't // use this option if specifying specific IPv6 addresses. If your subnet has @@ -39096,6 +39969,12 @@ func (s *CreateNetworkInterfaceInput) SetGroups(v []*string) *CreateNetworkInter return s } +// SetInterfaceType sets the InterfaceType field's value. +func (s *CreateNetworkInterfaceInput) SetInterfaceType(v string) *CreateNetworkInterfaceInput { + s.InterfaceType = &v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *CreateNetworkInterfaceInput) SetIpv6AddressCount(v int64) *CreateNetworkInterfaceInput { s.Ipv6AddressCount = &v @@ -39852,6 +40731,105 @@ func (s *CreateSnapshotInput) SetVolumeId(v string) *CreateSnapshotInput { return s } +type CreateSnapshotsInput struct { + _ struct{} `type:"structure"` + + // Copies the tags from the specified instance to all snapshots. + CopyTagsFromSource *string `type:"string" enum:"CopyTagsFromSource"` + + // A description propagated to every snapshot specified by the instance. + Description *string `type:"string"` + + // Checks whether you have the required permissions for the action without actually + // making the request. Provides an error response. If you have the required + // permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The instance to specify which volumes should be included in the snapshots. + // + // InstanceSpecification is a required field + InstanceSpecification *InstanceSpecification `type:"structure" required:"true"` + + // Tags to apply to every snapshot specified by the instance. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateSnapshotsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSnapshotsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSnapshotsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSnapshotsInput"} + if s.InstanceSpecification == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceSpecification")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCopyTagsFromSource sets the CopyTagsFromSource field's value. +func (s *CreateSnapshotsInput) SetCopyTagsFromSource(v string) *CreateSnapshotsInput { + s.CopyTagsFromSource = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *CreateSnapshotsInput) SetDescription(v string) *CreateSnapshotsInput { + s.Description = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *CreateSnapshotsInput) SetDryRun(v bool) *CreateSnapshotsInput { + s.DryRun = &v + return s +} + +// SetInstanceSpecification sets the InstanceSpecification field's value. +func (s *CreateSnapshotsInput) SetInstanceSpecification(v *InstanceSpecification) *CreateSnapshotsInput { + s.InstanceSpecification = v + return s +} + +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *CreateSnapshotsInput) SetTagSpecifications(v []*TagSpecification) *CreateSnapshotsInput { + s.TagSpecifications = v + return s +} + +type CreateSnapshotsOutput struct { + _ struct{} `type:"structure"` + + // List of snapshots. + Snapshots []*SnapshotInfo `locationName:"snapshotSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s CreateSnapshotsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateSnapshotsOutput) GoString() string { + return s.String() +} + +// SetSnapshots sets the Snapshots field's value. +func (s *CreateSnapshotsOutput) SetSnapshots(v []*SnapshotInfo) *CreateSnapshotsOutput { + s.Snapshots = v + return s +} + // Contains the parameters for CreateSpotDatafeedSubscription. type CreateSpotDatafeedSubscriptionInput struct { _ struct{} `type:"structure"` @@ -40063,7 +41041,7 @@ type CreateTagsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The IDs of one or more resources, separated by spaces. + // The IDs of the resources, separated by spaces. // // Constraints: Up to 1000 resource IDs. We recommend breaking up this request // into smaller batches. @@ -40071,9 +41049,9 @@ type CreateTagsInput struct { // Resources is a required field Resources []*string `locationName:"ResourceId" type:"list" required:"true"` - // One or more tags. The value parameter is required, but if you don't want - // the tag to have a value, specify the parameter with no value, and we set - // the value to an empty string. + // The tags. The value parameter is required, but if you don't want the tag + // to have a value, specify the parameter with no value, and we set the value + // to an empty string. // // Tags is a required field Tags []*Tag `locationName:"Tag" locationNameList:"item" type:"list" required:"true"` @@ -40216,7 +41194,7 @@ func (s *CreateTransitGatewayOutput) SetTransitGateway(v *TransitGateway) *Creat type CreateTransitGatewayRouteInput struct { _ struct{} `type:"structure"` - // Indicates whether traffic matching this route is to be dropped. + // Indicates whether to drop traffic that matches this route. Blackhole *bool `type:"boolean"` // The CIDR range used for destination matches. Routing decisions are based @@ -40560,8 +41538,7 @@ func (s *CreateTransitGatewayVpcAttachmentRequestOptions) SetIpv6Support(v strin type CreateVolumeInput struct { _ struct{} `type:"structure"` - // The Availability Zone in which to create the volume. Use DescribeAvailabilityZones - // to list the Availability Zones that are currently available to you. + // The Availability Zone in which to create the volume. // // AvailabilityZone is a required field AvailabilityZone *string `type:"string" required:"true"` @@ -40572,13 +41549,18 @@ type CreateVolumeInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // Specifies whether the volume should be encrypted. Encrypted Amazon EBS volumes - // may only be attached to instances that support Amazon EBS encryption. Volumes - // that are created from encrypted snapshots are automatically encrypted. There - // is no way to create an encrypted volume from an unencrypted snapshot or vice - // versa. If your AMI uses encrypted volumes, you can only launch it on supported - // instance types. For more information, see Amazon EBS Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) - // in the Amazon Elastic Compute Cloud User Guide. + // Specifies the encryption state of the volume. The default effect of setting + // the Encrypted parameter to true depends on the volume origin (new or from + // a snapshot), starting encryption state, ownership, and whether account-level + // encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html) + // is enabled. Each default case can be overridden by specifying a customer + // master key (CMK) using the KmsKeyId parameter, in addition to setting Encrypted + // to true. For a complete list of possible encryption cases, see Amazon EBS + // Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). + // + // Encrypted Amazon EBS volumes may only be attached to instances that support + // Amazon EBS encryption. For more information, see Supported Instance Types + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). Encrypted *bool `locationName:"encrypted" type:"boolean"` // The number of I/O operations per second (IOPS) to provision for the volume, @@ -40593,27 +41575,27 @@ type CreateVolumeInput struct { Iops *int64 `type:"integer"` // An identifier for the AWS Key Management Service (AWS KMS) customer master - // key (CMK) to use when creating the encrypted volume. This parameter is only - // required if you want to use a non-default CMK; if this parameter is not specified, - // the default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted - // flag must also be set. + // key (CMK) to use to encrypt the volume. This parameter is only required if + // you want to use a non-default CMK; if this parameter is not specified, the + // default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag + // must also be set. // // The CMK identifier may be provided in any of the following formats: // // * Key ID // - // * Key alias + // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed + // by the Region of the CMK, the AWS account ID of the CMK owner, the alias + // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the region of the CMK, the AWS account ID of the CMK owner, the key + // by the Region of the CMK, the AWS account ID of the CMK owner, the key // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // - // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the region of the CMK, the AWS account ID of the CMK owner, + // followed by the Region of the CMK, the AWS account ID of the CMK owner, // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. The action // will eventually fail. @@ -40628,7 +41610,7 @@ type CreateVolumeInput struct { // Default: If you're creating the volume from a snapshot and don't specify // a volume size, the default is the snapshot size. // - // At least one of Size or SnapshotId are required. + // At least one of Size or SnapshotId is required. Size *int64 `type:"integer"` // The snapshot from which to create the volume. @@ -40941,7 +41923,7 @@ type CreateVpcEndpointInput struct { // (Interface endpoint) Indicate whether to associate a private hosted zone // with the specified VPC. The private hosted zone contains a record set for - // the default public DNS name for the service for the region (for example, + // the default public DNS name for the service for the Region (for example, // kinesis.us-east-1.amazonaws.com) which resolves to the private IP addresses // of the endpoint network interfaces in the VPC. This enables you to make requests // to the default public DNS name for the service instead of the public DNS @@ -40951,7 +41933,7 @@ type CreateVpcEndpointInput struct { // true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to // set the VPC attributes. // - // Default: false + // Default: true PrivateDnsEnabled *bool `type:"boolean"` // (Gateway endpoint) One or more route table IDs. @@ -41322,10 +42304,10 @@ type CreateVpcPeeringConnectionInput struct { // Default: Your AWS account ID PeerOwnerId *string `locationName:"peerOwnerId" type:"string"` - // The region code for the accepter VPC, if the accepter VPC is located in a - // region other than the region in which you make the request. + // The Region code for the accepter VPC, if the accepter VPC is located in a + // Region other than the Region in which you make the request. // - // Default: The region in which you make the request. + // Default: The Region in which you make the request. PeerRegion *string `type:"string"` // The ID of the VPC with which you are creating the VPC peering connection. @@ -41421,7 +42403,7 @@ type CreateVpnConnectionInput struct { // specify a virtual private gateway. TransitGatewayId *string `type:"string"` - // The type of VPN connection (ipsec.1). + // The type of VPN connection (ipsec.1 | ipsec.2). // // Type is a required field Type *string `type:"string" required:"true"` @@ -42404,6 +43386,8 @@ type DeleteFlowLogsInput struct { // One or more flow log IDs. // + // Constraint: Maximum of 1000 flow log IDs. + // // FlowLogIds is a required field FlowLogIds []*string `locationName:"FlowLogId" locationNameList:"item" type:"list" required:"true"` } @@ -43764,7 +44748,7 @@ type DeleteTagsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // The IDs of one or more resources, separated by spaces. + // The IDs of the resources, separated by spaces. // // Constraints: Up to 1000 resource IDs. We recommend breaking up this request // into smaller batches. @@ -43772,9 +44756,9 @@ type DeleteTagsInput struct { // Resources is a required field Resources []*string `locationName:"resourceId" type:"list" required:"true"` - // One or more tags to delete. Specify a tag key and an optional tag value to - // delete specific tags. If you specify a tag key without a tag value, we delete - // any tag with this key regardless of its value. If you specify a tag key with + // The tags to delete. Specify a tag key and an optional tag value to delete + // specific tags. If you specify a tag key without a tag value, we delete any + // tag with this key regardless of its value. If you specify a tag key with // an empty string as the tag value, we delete the tag only if its value is // an empty string. // @@ -44906,7 +45890,7 @@ func (s DeregisterImageOutput) GoString() string { type DescribeAccountAttributesInput struct { _ struct{} `type:"structure"` - // One or more account attribute names. + // The account attribute names. AttributeNames []*string `locationName:"attributeName" locationNameList:"attributeName" type:"list"` // Checks whether you have the required permissions for the action, without @@ -44941,7 +45925,7 @@ func (s *DescribeAccountAttributesInput) SetDryRun(v bool) *DescribeAccountAttri type DescribeAccountAttributesOutput struct { _ struct{} `type:"structure"` - // Information about one or more account attributes. + // Information about the account attributes. AccountAttributes []*AccountAttribute `locationName:"accountAttributeSet" locationNameList:"item" type:"list"` } @@ -44964,9 +45948,7 @@ func (s *DescribeAccountAttributesOutput) SetAccountAttributes(v []*AccountAttri type DescribeAddressesInput struct { _ struct{} `type:"structure"` - // [EC2-VPC] One or more allocation IDs. - // - // Default: Describes all your Elastic IP addresses. + // [EC2-VPC] Information about the allocation IDs. AllocationIds []*string `locationName:"AllocationId" locationNameList:"AllocationId" type:"list"` // Checks whether you have the required permissions for the action, without @@ -45051,7 +46033,7 @@ func (s *DescribeAddressesInput) SetPublicIps(v []*string) *DescribeAddressesInp type DescribeAddressesOutput struct { _ struct{} `type:"structure"` - // Information about one or more Elastic IP addresses. + // Information about the Elastic IP addresses. Addresses []*Address `locationName:"addressesSet" locationNameList:"item" type:"list"` } @@ -45103,9 +46085,9 @@ type DescribeAggregateIdFormatOutput struct { // Information about each resource's ID format. Statuses []*IdFormat `locationName:"statusSet" locationNameList:"item" type:"list"` - // Indicates whether all resource types in the region are configured to use + // Indicates whether all resource types in the Region are configured to use // longer IDs. This value is only true if all users are configured to use longer - // IDs for all resources types in the region. + // IDs for all resources types in the Region. UseLongIdsAggregated *bool `locationName:"useLongIdsAggregated" type:"boolean"` } @@ -45140,11 +46122,11 @@ type DescribeAvailabilityZonesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * message - Information about the Availability Zone. // - // * region-name - The name of the region for the Availability Zone (for + // * region-name - The name of the Region for the Availability Zone (for // example, us-east-1). // // * state - The state of the Availability Zone (available | information @@ -45155,10 +46137,10 @@ type DescribeAvailabilityZonesInput struct { // * zone-name - The name of the Availability Zone (for example, us-east-1a). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The IDs of one or more Availability Zones. + // The IDs of the Availability Zones. ZoneIds []*string `locationName:"ZoneId" locationNameList:"ZoneId" type:"list"` - // The names of one or more Availability Zones. + // The names of the Availability Zones. ZoneNames []*string `locationName:"ZoneName" locationNameList:"ZoneName" type:"list"` } @@ -45199,7 +46181,7 @@ func (s *DescribeAvailabilityZonesInput) SetZoneNames(v []*string) *DescribeAvai type DescribeAvailabilityZonesOutput struct { _ struct{} `type:"structure"` - // Information about one or more Availability Zones. + // Information about the Availability Zones. AvailabilityZones []*AvailabilityZone `locationName:"availabilityZoneInfo" locationNameList:"item" type:"list"` } @@ -45219,11 +46201,10 @@ func (s *DescribeAvailabilityZonesOutput) SetAvailabilityZones(v []*Availability return s } -// Contains the parameters for DescribeBundleTasks. type DescribeBundleTasksInput struct { _ struct{} `type:"structure"` - // One or more bundle task IDs. + // The bundle task IDs. // // Default: Describes all your bundle tasks. BundleIds []*string `locationName:"BundleId" locationNameList:"BundleId" type:"list"` @@ -45234,7 +46215,7 @@ type DescribeBundleTasksInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * bundle-id - The ID of the bundle task. // @@ -45288,11 +46269,10 @@ func (s *DescribeBundleTasksInput) SetFilters(v []*Filter) *DescribeBundleTasksI return s } -// Contains the output of DescribeBundleTasks. type DescribeBundleTasksOutput struct { _ struct{} `type:"structure"` - // Information about one or more bundle tasks. + // Information about the bundle tasks. BundleTasks []*BundleTask `locationName:"bundleInstanceTasksSet" locationNameList:"item" type:"list"` } @@ -45429,7 +46409,7 @@ type DescribeCapacityReservationsInput struct { // The maximum number of results to return for the request in a single page. // The remaining results can be seen by sending another request with the returned // nextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"1" type:"integer"` // The token to retrieve the next page of results. NextToken *string `type:"string"` @@ -45445,6 +46425,19 @@ func (s DescribeCapacityReservationsInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeCapacityReservationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeCapacityReservationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetCapacityReservationIds sets the CapacityReservationIds field's value. func (s *DescribeCapacityReservationsInput) SetCapacityReservationIds(v []*string) *DescribeCapacityReservationsInput { s.CapacityReservationIds = v @@ -45534,9 +46527,8 @@ type DescribeClassicLinkInstancesInput struct { // to find all resources assigned a tag with a specific key, regardless of // the tag value. // - // * vpc-id - The ID of the VPC to which the instance is linked. - // - // vpc-id - The ID of the VPC that the instance is linked to. + // * vpc-id - The ID of the VPC to which the instance is linked. vpc-id - + // The ID of the VPC that the instance is linked to. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // One or more instance IDs. Must be instances linked to a VPC through ClassicLink. @@ -46223,7 +47215,7 @@ func (s *DescribeClientVpnTargetNetworksOutput) SetNextToken(v string) *Describe type DescribeConversionTasksInput struct { _ struct{} `type:"structure"` - // One or more conversion task IDs. + // The conversion task IDs. ConversionTaskIds []*string `locationName:"conversionTaskId" locationNameList:"item" type:"list"` // Checks whether you have the required permissions for the action, without @@ -46408,6 +47400,13 @@ type DescribeDhcpOptionsInput struct { // to find all resources assigned a tag with a specific key, regardless of // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` } // String returns the string representation @@ -46420,6 +47419,19 @@ func (s DescribeDhcpOptionsInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeDhcpOptionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeDhcpOptionsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDhcpOptionsIds sets the DhcpOptionsIds field's value. func (s *DescribeDhcpOptionsInput) SetDhcpOptionsIds(v []*string) *DescribeDhcpOptionsInput { s.DhcpOptionsIds = v @@ -46438,11 +47450,27 @@ func (s *DescribeDhcpOptionsInput) SetFilters(v []*Filter) *DescribeDhcpOptionsI return s } +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeDhcpOptionsInput) SetMaxResults(v int64) *DescribeDhcpOptionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeDhcpOptionsInput) SetNextToken(v string) *DescribeDhcpOptionsInput { + s.NextToken = &v + return s +} + type DescribeDhcpOptionsOutput struct { _ struct{} `type:"structure"` // Information about one or more DHCP options sets. DhcpOptions []*DhcpOptions `locationName:"dhcpOptionsSet" locationNameList:"item" type:"list"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation @@ -46461,6 +47489,12 @@ func (s *DescribeDhcpOptionsOutput) SetDhcpOptions(v []*DhcpOptions) *DescribeDh return s } +// SetNextToken sets the NextToken field's value. +func (s *DescribeDhcpOptionsOutput) SetNextToken(v string) *DescribeDhcpOptionsOutput { + s.NextToken = &v + return s +} + type DescribeEgressOnlyInternetGatewaysInput struct { _ struct{} `type:"structure"` @@ -46557,10 +47591,10 @@ type DescribeElasticGpusInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more Elastic Graphics accelerator IDs. + // The Elastic Graphics accelerator IDs. ElasticGpuIds []*string `locationName:"ElasticGpuId" locationNameList:"item" type:"list"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone in which the Elastic Graphics // accelerator resides. @@ -46580,7 +47614,7 @@ type DescribeElasticGpusInput struct { // The maximum number of results to return in a single call. To retrieve the // remaining results, make another call with the returned NextToken value. This // value can be between 5 and 1000. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"10" type:"integer"` // The token to request the next page of results. NextToken *string `type:"string"` @@ -46596,6 +47630,19 @@ func (s DescribeElasticGpusInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeElasticGpusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeElasticGpusInput"} + if s.MaxResults != nil && *s.MaxResults < 10 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeElasticGpusInput) SetDryRun(v bool) *DescribeElasticGpusInput { s.DryRun = &v @@ -46674,7 +47721,7 @@ func (s *DescribeElasticGpusOutput) SetNextToken(v string) *DescribeElasticGpusO type DescribeExportTasksInput struct { _ struct{} `type:"structure"` - // One or more export task IDs. + // The export task IDs. ExportTaskIds []*string `locationName:"exportTaskId" locationNameList:"ExportTaskId" type:"list"` } @@ -46938,7 +47985,7 @@ type DescribeFleetInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * instance-type - The instance type. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -47061,7 +48108,7 @@ type DescribeFleetsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * activity-status - The progress of the EC2 Fleet ( error | pending-fulfillment // | pending-termination | fulfilled). @@ -47253,6 +48300,8 @@ type DescribeFlowLogsInput struct { Filter []*Filter `locationNameList:"Filter" type:"list"` // One or more flow log IDs. + // + // Constraint: Maximum of 1000 flow log IDs. FlowLogIds []*string `locationName:"FlowLogId" locationNameList:"item" type:"list"` // The maximum number of results to return with a single call. To retrieve the @@ -47432,7 +48481,7 @@ type DescribeFpgaImagesInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * create-time - The creation time of the AFI. // @@ -47464,7 +48513,7 @@ type DescribeFpgaImagesInput struct { // * update-time - The time of the most recent update. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more AFI IDs. + // The AFI IDs. FpgaImageIds []*string `locationName:"FpgaImageId" locationNameList:"item" type:"list"` // The maximum number of results to return in a single call. @@ -47543,7 +48592,7 @@ func (s *DescribeFpgaImagesInput) SetOwners(v []*string) *DescribeFpgaImagesInpu type DescribeFpgaImagesOutput struct { _ struct{} `type:"structure"` - // Information about one or more FPGA images. + // Information about the FPGA images. FpgaImages []*FpgaImage `locationName:"fpgaImageSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -47576,7 +48625,7 @@ func (s *DescribeFpgaImagesOutput) SetNextToken(v string) *DescribeFpgaImagesOut type DescribeHostReservationOfferingsInput struct { _ struct{} `type:"structure"` - // One or more filters. + // The filters. // // * instance-family - The instance family of the offering (for example, // m4). @@ -47706,7 +48755,7 @@ func (s *DescribeHostReservationOfferingsOutput) SetOfferingSet(v []*HostOfferin type DescribeHostReservationsInput struct { _ struct{} `type:"structure"` - // One or more filters. + // The filters. // // * instance-family - The instance family (for example, m4). // @@ -47726,7 +48775,7 @@ type DescribeHostReservationsInput struct { // the tag value. Filter []*Filter `locationNameList:"Filter" type:"list"` - // One or more host reservation IDs. + // The host reservation IDs. HostReservationIdSet []*string `locationNameList:"item" type:"list"` // The maximum number of results to return for the request in a single page. @@ -47809,7 +48858,7 @@ func (s *DescribeHostReservationsOutput) SetNextToken(v string) *DescribeHostRes type DescribeHostsInput struct { _ struct{} `type:"structure"` - // One or more filters. + // The filters. // // * auto-placement - Whether auto-placement is enabled or disabled (on | // off). @@ -47916,10 +48965,10 @@ func (s *DescribeHostsOutput) SetNextToken(v string) *DescribeHostsOutput { type DescribeIamInstanceProfileAssociationsInput struct { _ struct{} `type:"structure"` - // One or more IAM instance profile associations. + // The IAM instance profile associations. AssociationIds []*string `locationName:"AssociationId" locationNameList:"AssociationId" type:"list"` - // One or more filters. + // The filters. // // * instance-id - The ID of the instance. // @@ -47988,7 +49037,7 @@ func (s *DescribeIamInstanceProfileAssociationsInput) SetNextToken(v string) *De type DescribeIamInstanceProfileAssociationsOutput struct { _ struct{} `type:"structure"` - // Information about one or more IAM instance profile associations. + // Information about the IAM instance profile associations. IamInstanceProfileAssociations []*IamInstanceProfileAssociation `locationName:"iamInstanceProfileAssociationSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -48220,7 +49269,7 @@ func (s *DescribeImageAttributeInput) SetImageId(v string) *DescribeImageAttribu type DescribeImageAttributeOutput struct { _ struct{} `type:"structure"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // A description for the AMI. @@ -48232,10 +49281,10 @@ type DescribeImageAttributeOutput struct { // The kernel ID. KernelId *AttributeValue `locationName:"kernel" type:"structure"` - // One or more launch permissions. + // The launch permissions. LaunchPermissions []*LaunchPermission `locationName:"launchPermission" locationNameList:"item" type:"list"` - // One or more product codes. + // The product codes. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` // The RAM disk ID. @@ -48304,7 +49353,6 @@ func (s *DescribeImageAttributeOutput) SetSriovNetSupport(v *AttributeValue) *De return s } -// Contains the parameters for DescribeImages. type DescribeImagesInput struct { _ struct{} `type:"structure"` @@ -48318,7 +49366,7 @@ type DescribeImagesInput struct { // account ID, self (the sender of the request), or all (public AMIs). ExecutableUsers []*string `locationName:"ExecutableBy" locationNameList:"ExecutableBy" type:"list"` - // One or more filters. + // The filters. // // * architecture - The image architecture (i386 | x86_64). // @@ -48400,7 +49448,7 @@ type DescribeImagesInput struct { // * virtualization-type - The virtualization type (paravirtual | hvm). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more image IDs. + // The image IDs. // // Default: Describes all images available to you. ImageIds []*string `locationName:"ImageId" locationNameList:"ImageId" type:"list"` @@ -48452,11 +49500,10 @@ func (s *DescribeImagesInput) SetOwners(v []*string) *DescribeImagesInput { return s } -// Contains the output of DescribeImages. type DescribeImagesOutput struct { _ struct{} `type:"structure"` - // Information about one or more images. + // Information about the images. Images []*Image `locationName:"imagesSet" locationNameList:"item" type:"list"` } @@ -48586,7 +49633,7 @@ type DescribeImportSnapshotTasksInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. Filters []*Filter `locationNameList:"Filter" type:"list"` // A list of import snapshot task IDs. @@ -48905,12 +49952,12 @@ type DescribeInstanceCreditSpecificationsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * instance-id - The ID of the instance. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more instance IDs. + // The instance IDs. // // Default: Describes all your instances. // @@ -49022,7 +50069,7 @@ type DescribeInstanceStatusInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone of the instance. // @@ -49071,7 +50118,7 @@ type DescribeInstanceStatusInput struct { // Default: false IncludeAllInstances *bool `locationName:"includeAllInstances" type:"boolean"` - // One or more instance IDs. + // The instance IDs. // // Default: Describes all your instances. // @@ -49137,7 +50184,7 @@ func (s *DescribeInstanceStatusInput) SetNextToken(v string) *DescribeInstanceSt type DescribeInstanceStatusOutput struct { _ struct{} `type:"structure"` - // One or more instance status descriptions. + // Information about the status of the instances. InstanceStatuses []*InstanceStatus `locationName:"instanceStatusSet" locationNameList:"item" type:"list"` // The token to use to retrieve the next page of results. This value is null @@ -49176,7 +50223,7 @@ type DescribeInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * affinity - The affinity setting for an instance running on a Dedicated // Host (default | host). @@ -49244,7 +50291,6 @@ type DescribeInstancesInput struct { // // * instance.group-name - The name of the security group for the instance. // - // // * ip-address - The public IPv4 address of the instance. // // * kernel-id - The kernel ID. @@ -49254,7 +50300,6 @@ type DescribeInstancesInput struct { // * launch-index - When launching multiple instances, this is the index // for the instance in the launch group (for example, 0, 1, 2, and so on). // - // // * launch-time - The time when the instance was launched. // // * monitoring-state - Indicates whether detailed monitoring is enabled @@ -49353,8 +50398,7 @@ type DescribeInstancesInput struct { // * placement-partition-number - The partition in which the instance is // located. // - // * platform - The platform. Use windows if you have Windows instances; - // otherwise, leave blank. + // * platform - The platform. To list only Windows instances, use windows. // // * private-dns-name - The private IPv4 DNS name of the instance. // @@ -49418,7 +50462,7 @@ type DescribeInstancesInput struct { // * vpc-id - The ID of the VPC that the instance is running in. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more instance IDs. + // The instance IDs. // // Default: Describes all your instances. InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list"` @@ -49480,7 +50524,7 @@ type DescribeInstancesOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // Zero or more reservations. + // Information about the reservations. Reservations []*Reservation `locationName:"reservationSet" locationNameList:"item" type:"list"` } @@ -49645,14 +50689,14 @@ type DescribeKeyPairsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * fingerprint - The fingerprint of the key pair. // // * key-name - The name of the key pair. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more key pair names. + // The key pair names. // // Default: Describes all your key pairs. KeyNames []*string `locationName:"KeyName" locationNameList:"KeyName" type:"list"` @@ -49689,7 +50733,7 @@ func (s *DescribeKeyPairsInput) SetKeyNames(v []*string) *DescribeKeyPairsInput type DescribeKeyPairsOutput struct { _ struct{} `type:"structure"` - // Information about one or more key pairs. + // Information about the key pairs. KeyPairs []*KeyPairInfo `locationName:"keySet" locationNameList:"item" type:"list"` } @@ -49910,7 +50954,7 @@ type DescribeLaunchTemplatesInput struct { // The maximum number of results to return in a single call. To retrieve the // remaining results, make another call with the returned NextToken value. This // value can be between 1 and 200. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"1" type:"integer"` // The token to request the next page of results. NextToken *string `type:"string"` @@ -49926,6 +50970,19 @@ func (s DescribeLaunchTemplatesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeLaunchTemplatesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeLaunchTemplatesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeLaunchTemplatesInput) SetDryRun(v bool) *DescribeLaunchTemplatesInput { s.DryRun = &v @@ -50235,7 +51292,6 @@ type DescribeNetworkAclsInput struct { // // * entry.port-range.to - The end of the port range specified in the entry. // - // // * entry.protocol - The protocol specified in the entry (tcp | udp | icmp // or a protocol number). // @@ -50503,7 +51559,7 @@ type DescribeNetworkInterfacePermissionsInput struct { // The maximum number of results to return in a single call. To retrieve the // remaining results, make another call with the returned NextToken value. If // this parameter is not specified, up to 50 results are returned by default. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // One or more network interface permission IDs. NetworkInterfacePermissionIds []*string `locationName:"NetworkInterfacePermissionId" type:"list"` @@ -50522,6 +51578,19 @@ func (s DescribeNetworkInterfacePermissionsInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeNetworkInterfacePermissionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeNetworkInterfacePermissionsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetFilters sets the Filters field's value. func (s *DescribeNetworkInterfacePermissionsInput) SetFilters(v []*Filter) *DescribeNetworkInterfacePermissionsInput { s.Filters = v @@ -50671,7 +51740,7 @@ type DescribeNetworkInterfacesInput struct { // managed by an AWS service (for example, AWS Management Console, Auto Scaling, // and so on). // - // * source-desk-check - Indicates whether the network interface performs + // * source-dest-check - Indicates whether the network interface performs // source/destination checking. A value of true means checking is enabled, // and false means checking is disabled. The value must be false for the // network interface to perform network address translation (NAT) in your @@ -50699,7 +51768,7 @@ type DescribeNetworkInterfacesInput struct { // The maximum number of items to return for this request. The request returns // a token that you can specify in a subsequent call to get the next set of // results. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // One or more network interface IDs. // @@ -50720,6 +51789,19 @@ func (s DescribeNetworkInterfacesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeNetworkInterfacesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeNetworkInterfacesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeNetworkInterfacesInput) SetDryRun(v bool) *DescribeNetworkInterfacesInput { s.DryRun = &v @@ -50793,7 +51875,7 @@ type DescribePlacementGroupsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * group-name - The name of the placement group. // @@ -50803,7 +51885,7 @@ type DescribePlacementGroupsInput struct { // * strategy - The strategy of the placement group (cluster | spread | partition). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more placement group names. + // The names of the placement groups. // // Default: Describes all your placement groups, or only those otherwise specified. GroupNames []*string `locationName:"groupName" type:"list"` @@ -50840,7 +51922,7 @@ func (s *DescribePlacementGroupsInput) SetGroupNames(v []*string) *DescribePlace type DescribePlacementGroupsOutput struct { _ struct{} `type:"structure"` - // One or more placement groups. + // Information about the placement groups. PlacementGroups []*PlacementGroup `locationName:"placementGroupSet" locationNameList:"item" type:"list"` } @@ -51153,14 +52235,14 @@ type DescribeRegionsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // - // * endpoint - The endpoint of the region (for example, ec2.us-east-1.amazonaws.com). + // * endpoint - The endpoint of the Region (for example, ec2.us-east-1.amazonaws.com). // - // * region-name - The name of the region (for example, us-east-1). + // * region-name - The name of the Region (for example, us-east-1). Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // The names of one or more regions. + // The names of the Regions. RegionNames []*string `locationName:"RegionName" locationNameList:"RegionName" type:"list"` } @@ -51195,7 +52277,7 @@ func (s *DescribeRegionsInput) SetRegionNames(v []*string) *DescribeRegionsInput type DescribeRegionsOutput struct { _ struct{} `type:"structure"` - // Information about one or more regions. + // Information about the Regions. Regions []*Region `locationName:"regionInfo" locationNameList:"item" type:"list"` } @@ -51422,7 +52504,7 @@ type DescribeReservedInstancesModificationsInput struct { // * modification-result.target-configuration.availability-zone - The Availability // Zone for the new Reserved Instances. // - // * modification-result.target-configuration.instance-count - The number + // * modification-result.target-configuration.instance-count - The number // of new Reserved Instances. // // * modification-result.target-configuration.instance-type - The instance @@ -51550,7 +52632,7 @@ type DescribeReservedInstancesOfferingsInput struct { // SUSE Linux (Amazon VPC) | Red Hat Enterprise Linux | Red Hat Enterprise // Linux (Amazon VPC) | Windows | Windows (Amazon VPC) | Windows with SQL // Server Standard | Windows with SQL Server Standard (Amazon VPC) | Windows - // with SQL Server Web | Windows with SQL Server Web (Amazon VPC) | Windows + // with SQL Server Web | Windows with SQL Server Web (Amazon VPC) | Windows // with SQL Server Enterprise | Windows with SQL Server Enterprise (Amazon // VPC)) // @@ -51858,7 +52940,7 @@ type DescribeRouteTablesInput struct { // The maximum number of results to return with a single call. To retrieve the // remaining results, make another call with the returned nextToken value. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // The token for the next page of results. NextToken *string `type:"string"` @@ -51879,6 +52961,19 @@ func (s DescribeRouteTablesInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeRouteTablesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeRouteTablesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeRouteTablesInput) SetDryRun(v bool) *DescribeRouteTablesInput { s.DryRun = &v @@ -51953,7 +53048,7 @@ type DescribeScheduledInstanceAvailabilityInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone (for example, us-west-2a). // @@ -52116,7 +53211,7 @@ type DescribeScheduledInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. + // The filters. // // * availability-zone - The Availability Zone (for example, us-west-2a). // @@ -52135,7 +53230,7 @@ type DescribeScheduledInstancesInput struct { // The token for the next set of results. NextToken *string `type:"string"` - // One or more Scheduled Instance IDs. + // The Scheduled Instance IDs. ScheduledInstanceIds []*string `locationName:"ScheduledInstanceId" locationNameList:"ScheduledInstanceId" type:"list"` // The time period for the first schedule to start. @@ -52231,7 +53326,7 @@ type DescribeSecurityGroupReferencesInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more security group IDs in your account. + // The IDs of the security groups in your account. // // GroupId is a required field GroupId []*string `locationNameList:"item" type:"list" required:"true"` @@ -52304,9 +53399,9 @@ type DescribeSecurityGroupsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. If using multiple filters for rules, the results include - // security groups for which any combination of rules - not necessarily a single - // rule - match all filters. + // The filters. If using multiple filters for rules, the results include security + // groups for which any combination of rules - not necessarily a single rule + // - match all filters. // // * description - The description of the security group. // @@ -52383,13 +53478,13 @@ type DescribeSecurityGroupsInput struct { // * vpc-id - The ID of the VPC specified when the security group was created. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` - // One or more security group IDs. Required for security groups in a nondefault + // The IDs of the security groups. Required for security groups in a nondefault // VPC. // // Default: Describes all your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` - // [EC2-Classic and default VPC only] One or more security group names. You + // [EC2-Classic and default VPC only] The names of the security groups. You // can specify either the security group name or the security group ID. For // security groups in a nondefault VPC, use the group-name filter to describe // security groups by name. @@ -52401,7 +53496,7 @@ type DescribeSecurityGroupsInput struct { // remaining results, make another request with the returned NextToken value. // This value can be between 5 and 1000. If this parameter is not specified, // then all results are returned. - MaxResults *int64 `type:"integer"` + MaxResults *int64 `min:"5" type:"integer"` // The token to request the next page of results. NextToken *string `type:"string"` @@ -52417,6 +53512,19 @@ func (s DescribeSecurityGroupsInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecurityGroupsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecurityGroupsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeSecurityGroupsInput) SetDryRun(v bool) *DescribeSecurityGroupsInput { s.DryRun = &v @@ -52460,7 +53568,7 @@ type DescribeSecurityGroupsOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // Information about one or more security groups. + // Information about the security groups. SecurityGroups []*SecurityGroup `locationName:"securityGroupInfo" locationNameList:"item" type:"list"` } @@ -52594,7 +53702,6 @@ func (s *DescribeSnapshotAttributeOutput) SetSnapshotId(v string) *DescribeSnaps return s } -// Contains the parameters for DescribeSnapshots. type DescribeSnapshotsInput struct { _ struct{} `type:"structure"` @@ -52604,13 +53711,16 @@ type DescribeSnapshotsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * description - A description of the snapshot. // - // * owner-alias - Value from an Amazon-maintained list (amazon | aws-marketplace - // | microsoft) of snapshot owners. Not to be confused with the user-configured - // AWS account alias, which is set from the IAM console. + // * encrypted - Indicates whether the snapshot is encrypted (true | false) + // + // * owner-alias - Value from an Amazon-maintained list (amazon | self | + // all | aws-marketplace | microsoft) of snapshot owners. Not to be confused + // with the user-configured AWS account alias, which is set from the IAM + // console. // // * owner-id - The ID of the AWS account that owns the snapshot. // @@ -52656,13 +53766,13 @@ type DescribeSnapshotsInput struct { // to return. NextToken *string `type:"string"` - // Describes the snapshots owned by one or more owners. + // Describes the snapshots owned by these owners. OwnerIds []*string `locationName:"Owner" locationNameList:"Owner" type:"list"` - // One or more AWS accounts IDs that can create volumes from the snapshot. + // The IDs of the AWS accounts that can create volumes from the snapshot. RestorableByUserIds []*string `locationName:"RestorableBy" type:"list"` - // One or more snapshot IDs. + // The snapshot IDs. // // Default: Describes the snapshots for which you have create volume permissions. SnapshotIds []*string `locationName:"SnapshotId" locationNameList:"SnapshotId" type:"list"` @@ -52720,7 +53830,6 @@ func (s *DescribeSnapshotsInput) SetSnapshotIds(v []*string) *DescribeSnapshotsI return s } -// Contains the output of DescribeSnapshots. type DescribeSnapshotsOutput struct { _ struct{} `type:"structure"` @@ -53695,6 +54804,13 @@ type DescribeSubnetsInput struct { // * vpc-id - The ID of the VPC for the subnet. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + // The maximum number of results to return with a single call. To retrieve the + // remaining results, make another call with the returned nextToken value. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + // One or more subnet IDs. // // Default: Describes all your subnets. @@ -53711,6 +54827,19 @@ func (s DescribeSubnetsInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSubnetsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSubnetsInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDryRun sets the DryRun field's value. func (s *DescribeSubnetsInput) SetDryRun(v bool) *DescribeSubnetsInput { s.DryRun = &v @@ -53723,6 +54852,18 @@ func (s *DescribeSubnetsInput) SetFilters(v []*Filter) *DescribeSubnetsInput { return s } +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeSubnetsInput) SetMaxResults(v int64) *DescribeSubnetsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSubnetsInput) SetNextToken(v string) *DescribeSubnetsInput { + s.NextToken = &v + return s +} + // SetSubnetIds sets the SubnetIds field's value. func (s *DescribeSubnetsInput) SetSubnetIds(v []*string) *DescribeSubnetsInput { s.SubnetIds = v @@ -53732,6 +54873,10 @@ func (s *DescribeSubnetsInput) SetSubnetIds(v []*string) *DescribeSubnetsInput { type DescribeSubnetsOutput struct { _ struct{} `type:"structure"` + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + // Information about one or more subnets. Subnets []*Subnet `locationName:"subnetSet" locationNameList:"item" type:"list"` } @@ -53746,6 +54891,12 @@ func (s DescribeSubnetsOutput) GoString() string { return s.String() } +// SetNextToken sets the NextToken field's value. +func (s *DescribeSubnetsOutput) SetNextToken(v string) *DescribeSubnetsOutput { + s.NextToken = &v + return s +} + // SetSubnets sets the Subnets field's value. func (s *DescribeSubnetsOutput) SetSubnets(v []*Subnet) *DescribeSubnetsOutput { s.Subnets = v @@ -53761,7 +54912,7 @@ type DescribeTagsInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * key - The tag key. // @@ -54482,7 +55633,6 @@ func (s *DescribeVolumeAttributeOutput) SetVolumeId(v string) *DescribeVolumeAtt return s } -// Contains the parameters for DescribeVolumeStatus. type DescribeVolumeStatusInput struct { _ struct{} `type:"structure"` @@ -54492,7 +55642,7 @@ type DescribeVolumeStatusInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * action.code - The action code for the event (for example, enable-volume-io). // @@ -54541,7 +55691,7 @@ type DescribeVolumeStatusInput struct { // more results to return. NextToken *string `type:"string"` - // One or more volume IDs. + // The IDs of the volumes. // // Default: Describes all your volumes. VolumeIds []*string `locationName:"VolumeId" locationNameList:"VolumeId" type:"list"` @@ -54587,7 +55737,6 @@ func (s *DescribeVolumeStatusInput) SetVolumeIds(v []*string) *DescribeVolumeSta return s } -// Contains the output of DescribeVolumeStatus. type DescribeVolumeStatusOutput struct { _ struct{} `type:"structure"` @@ -54595,7 +55744,7 @@ type DescribeVolumeStatusOutput struct { // when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // A list of volumes. + // Information about the status of the volumes. VolumeStatuses []*VolumeStatusItem `locationName:"volumeStatusSet" locationNameList:"item" type:"list"` } @@ -54621,7 +55770,6 @@ func (s *DescribeVolumeStatusOutput) SetVolumeStatuses(v []*VolumeStatusItem) *D return s } -// Contains the parameters for DescribeVolumes. type DescribeVolumesInput struct { _ struct{} `type:"structure"` @@ -54631,7 +55779,7 @@ type DescribeVolumesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more filters. + // The filters. // // * attachment.attach-time - The time stamp when the attachment initiated. // @@ -54650,7 +55798,7 @@ type DescribeVolumesInput struct { // // * create-time - The time stamp when the volume was created. // - // * encrypted - The encryption status of the volume. + // * encrypted - Indicates whether the volume is encrypted (true | false) // // * size - The size of the volume, in GiB. // @@ -54693,7 +55841,7 @@ type DescribeVolumesInput struct { // NextToken value. This value is null when there are no more results to return. NextToken *string `locationName:"nextToken" type:"string"` - // One or more volume IDs. + // The volume IDs. VolumeIds []*string `locationName:"VolumeId" locationNameList:"VolumeId" type:"list"` } @@ -54746,7 +55894,7 @@ type DescribeVolumesModificationsInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more filters. Supported filters: volume-id, modification-state, target-size, + // The filters. Supported filters: volume-id, modification-state, target-size, // target-iops, target-volume-type, original-size, original-iops, original-volume-type, // start-time. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` @@ -54758,7 +55906,7 @@ type DescribeVolumesModificationsInput struct { // The nextToken value returned by a previous paginated request. NextToken *string `type:"string"` - // One or more volume IDs for which in-progress modifications will be described. + // The IDs of the volumes for which in-progress modifications will be described. VolumeIds []*string `locationName:"VolumeId" locationNameList:"VolumeId" type:"list"` } @@ -54808,7 +55956,7 @@ type DescribeVolumesModificationsOutput struct { // Token for pagination, null if there are no more results NextToken *string `locationName:"nextToken" type:"string"` - // A list of returned VolumeModification objects. + // Information about the volume modifications. VolumesModifications []*VolumeModification `locationName:"volumeModificationSet" locationNameList:"item" type:"list"` } @@ -54834,7 +55982,6 @@ func (s *DescribeVolumesModificationsOutput) SetVolumesModifications(v []*Volume return s } -// Contains the output of DescribeVolumes. type DescribeVolumesOutput struct { _ struct{} `type:"structure"` @@ -55375,6 +56522,16 @@ type DescribeVpcEndpointServiceConfigurationsInput struct { // // * service-state - The state of the service (Pending | Available | Deleting // | Deleted | Failed). + // + // * tag:<key> - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of results to return for the request in a single page. @@ -55596,6 +56753,16 @@ type DescribeVpcEndpointServicesInput struct { // One or more filters. // // * service-name: The name of the service. + // + // * tag:<key> - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of items to return for this request. The request returns @@ -55716,6 +56883,16 @@ type DescribeVpcEndpointsInput struct { // // * vpc-endpoint-state: The state of the endpoint. (pending | available // | deleting | deleted) + // + // * tag:<key> - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + // + // * tag-key - The key of a tag assigned to the resource. Use this filter + // to find all resources assigned a tag with a specific key, regardless of + // the tag value. Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` // The maximum number of items to return for this request. The request returns @@ -56849,6 +58026,55 @@ func (s *DirectoryServiceAuthenticationRequest) SetDirectoryId(v string) *Direct return s } +type DisableEbsEncryptionByDefaultInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s DisableEbsEncryptionByDefaultInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableEbsEncryptionByDefaultInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *DisableEbsEncryptionByDefaultInput) SetDryRun(v bool) *DisableEbsEncryptionByDefaultInput { + s.DryRun = &v + return s +} + +type DisableEbsEncryptionByDefaultOutput struct { + _ struct{} `type:"structure"` + + // Account-level encryption status after performing the action. + EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` +} + +// String returns the string representation +func (s DisableEbsEncryptionByDefaultOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisableEbsEncryptionByDefaultOutput) GoString() string { + return s.String() +} + +// SetEbsEncryptionByDefault sets the EbsEncryptionByDefault field's value. +func (s *DisableEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) *DisableEbsEncryptionByDefaultOutput { + s.EbsEncryptionByDefault = &v + return s +} + type DisableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -57941,15 +59167,21 @@ type EbsBlockDevice struct { // Indicates whether the EBS volume is deleted on instance termination. DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"` - // Indicates whether the EBS volume is encrypted. Encrypted volumes can only - // be attached to instances that support Amazon EBS encryption. - // - // If you are creating a volume from a snapshot, you cannot specify an encryption - // value. This is because only blank volumes can be encrypted on creation. If - // you are creating a snapshot from an existing EBS volume, you cannot specify - // an encryption value that differs from that of the EBS volume. We recommend - // that you omit the encryption value from the block device mappings when creating - // an image from an instance. + // Indicates whether the encryption state of an EBS volume is changed while + // being restored from a backing snapshot. The default effect of setting the + // Encrypted parameter to true through the console, API, or CLI depends on the + // volume's origin (new or from a snapshot), starting encryption state, ownership, + // and whether account-level encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/account-level-encryption.html) + // is enabled. Each default case can be overridden by specifying a customer + // master key (CMK) with the KmsKeyId parameter in addition to setting Encrypted + // to true. For a complete list of possible encryption cases, see Amazon EBS + // Encryption (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) + // in the Amazon Elastic Compute Cloud User Guide. + // + // In no case can you remove encryption from an encrypted volume. + // + // Encrypted volumes can only be attached to instances that support Amazon EBS + // encryption. For more information, see Supported Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances). Encrypted *bool `locationName:"encrypted" type:"boolean"` // The number of I/O operations per second (IOPS) that the volume supports. @@ -57960,9 +59192,11 @@ type EbsBlockDevice struct { // in the Amazon Elastic Compute Cloud User Guide. // // Constraints: Range is 100-16,000 IOPS for gp2 volumes and 100 to 64,000IOPS - // for io1 volumes, in most Regions. The maximum IOPS for io1 of 64,000 is guaranteed + // for io1 volumes in most Regions. Maximum io1 IOPS of 64,000 is guaranteed // only on Nitro-based instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). - // Other instance families guarantee performance up to 32,000 IOPS. + // Other instance families guarantee performance up to 32,000 IOPS. For more + // information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) + // in the Amazon Elastic Compute Cloud User Guide. // // Condition: This parameter is required for requests to create io1 volumes; // it is not used in requests to create gp2, st1, sc1, or standard volumes. @@ -57982,17 +59216,17 @@ type EbsBlockDevice struct { // The size of the volume, in GiB. // + // Default: If you're creating the volume from a snapshot and don't specify + // a volume size, the default is the snapshot size. + // // Constraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned // IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for // Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify // a snapshot, the volume size must be equal to or larger than the snapshot // size. - // - // Default: If you're creating the volume from a snapshot and don't specify - // a volume size, the default is the snapshot size. VolumeSize *int64 `locationName:"volumeSize" type:"integer"` - // The volume type: gp2, io1, st1, sc1, or standard. + // The volume type. If you set the type to io1, you must also set the Iops property. // // Default: standard VolumeType *string `locationName:"volumeType" type:"string" enum:"VolumeType"` @@ -58468,6 +59702,55 @@ func (s *ElasticInferenceAcceleratorAssociation) SetElasticInferenceAcceleratorA return s } +type EnableEbsEncryptionByDefaultInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s EnableEbsEncryptionByDefaultInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableEbsEncryptionByDefaultInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *EnableEbsEncryptionByDefaultInput) SetDryRun(v bool) *EnableEbsEncryptionByDefaultInput { + s.DryRun = &v + return s +} + +type EnableEbsEncryptionByDefaultOutput struct { + _ struct{} `type:"structure"` + + // Account-level encryption status after performing the action. + EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` +} + +// String returns the string representation +func (s EnableEbsEncryptionByDefaultOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EnableEbsEncryptionByDefaultOutput) GoString() string { + return s.String() +} + +// SetEbsEncryptionByDefault sets the EbsEncryptionByDefault field's value. +func (s *EnableEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) *EnableEbsEncryptionByDefaultOutput { + s.EbsEncryptionByDefault = &v + return s +} + type EnableTransitGatewayRouteTablePropagationInput struct { _ struct{} `type:"structure"` @@ -58559,12 +59842,15 @@ func (s *EnableTransitGatewayRouteTablePropagationOutput) SetPropagation(v *Tran type EnableVgwRoutePropagationInput struct { _ struct{} `type:"structure"` - // The ID of the virtual private gateway. + // The ID of the virtual private gateway that is attached to a VPC. The virtual + // private gateway must be attached to the same VPC that the routing tables + // are associated with. // // GatewayId is a required field GatewayId *string `type:"string" required:"true"` - // The ID of the route table. + // The ID of the route table. The routing table must be associated with the + // same VPC that the virtual private gateway is attached to. // // RouteTableId is a required field RouteTableId *string `type:"string" required:"true"` @@ -58806,7 +60092,7 @@ func (s *EnableVpcClassicLinkOutput) SetReturn(v bool) *EnableVpcClassicLinkOutp return s } -// Describes a Spot Fleet event. +// Describes an EC2 Fleet or Spot Fleet event. type EventInformation struct { _ struct{} `type:"structure"` @@ -58817,8 +60103,8 @@ type EventInformation struct { // // The following are the error events: // - // * iamFleetRoleInvalid - The Spot Fleet did not have the required permissions - // either to launch or terminate an instance. + // * iamFleetRoleInvalid - The EC2 Fleet or Spot Fleet did not have the required + // permissions either to launch or terminate an instance. // // * spotFleetRequestConfigurationInvalid - The configuration is not valid. // For more information, see the description of the event. @@ -58828,33 +60114,35 @@ type EventInformation struct { // // The following are the fleetRequestChange events: // - // * active - The Spot Fleet has been validated and Amazon EC2 is attempting - // to maintain the target number of running Spot Instances. + // * active - The EC2 Fleet or Spot Fleet request has been validated and + // Amazon EC2 is attempting to maintain the target number of running Spot + // Instances. // - // * cancelled - The Spot Fleet is canceled and has no running Spot Instances. - // The Spot Fleet will be deleted two days after its instances were terminated. + // * cancelled - The EC2 Fleet or Spot Fleet request is canceled and has + // no running Spot Instances. The EC2 Fleet or Spot Fleet will be deleted + // two days after its instances were terminated. // - // * cancelled_running - The Spot Fleet is canceled and does not launch additional - // Spot Instances. Existing Spot Instances continue to run until they are - // interrupted or terminated. + // * cancelled_running - The EC2 Fleet or Spot Fleet request is canceled + // and does not launch additional Spot Instances. Existing Spot Instances + // continue to run until they are interrupted or terminated. // - // * cancelled_terminating - The Spot Fleet is canceled and its Spot Instances - // are terminating. + // * cancelled_terminating - The EC2 Fleet or Spot Fleet request is canceled + // and its Spot Instances are terminating. // - // * expired - The Spot Fleet request has expired. A subsequent event indicates - // that the instances were terminated, if the request was created with TerminateInstancesWithExpiration - // set. + // * expired - The EC2 Fleet or Spot Fleet request has expired. A subsequent + // event indicates that the instances were terminated, if the request was + // created with TerminateInstancesWithExpiration set. // - // * modify_in_progress - A request to modify the Spot Fleet request was - // accepted and is in progress. + // * modify_in_progress - A request to modify the EC2 Fleet or Spot Fleet + // request was accepted and is in progress. // - // * modify_successful - The Spot Fleet request was modified. + // * modify_successful - The EC2 Fleet or Spot Fleet request was modified. // // * price_update - The price for a launch configuration was adjusted because // it was too high. This change is permanent. // - // * submitted - The Spot Fleet request is being evaluated and Amazon EC2 - // is preparing to launch the target number of Spot Instances. + // * submitted - The EC2 Fleet or Spot Fleet request is being evaluated and + // Amazon EC2 is preparing to launch the target number of Spot Instances. // // The following are the instanceChange events: // @@ -59393,7 +60681,7 @@ type Filter struct { // The name of the filter. Filter names are case-sensitive. Name *string `type:"string"` - // One or more filter values. Filter values are case-sensitive. + // The filter values. Filter values are case-sensitive. Values []*string `locationName:"Value" locationNameList:"item" type:"list"` } @@ -60289,13 +61577,13 @@ type FpgaImageAttribute struct { // The ID of the AFI. FpgaImageId *string `locationName:"fpgaImageId" type:"string"` - // One or more load permissions. + // The load permissions. LoadPermissions []*LoadPermission `locationName:"loadPermissions" locationNameList:"item" type:"list"` // The name of the AFI. Name *string `locationName:"name" type:"string"` - // One or more product codes. + // The product codes. ProductCodes []*ProductCode `locationName:"productCodes" locationNameList:"item" type:"list"` } @@ -60576,6 +61864,105 @@ func (s *GetConsoleScreenshotOutput) SetInstanceId(v string) *GetConsoleScreensh return s } +type GetEbsDefaultKmsKeyIdInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s GetEbsDefaultKmsKeyIdInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetEbsDefaultKmsKeyIdInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *GetEbsDefaultKmsKeyIdInput { + s.DryRun = &v + return s +} + +type GetEbsDefaultKmsKeyIdOutput struct { + _ struct{} `type:"structure"` + + // The full ARN of the default CMK that your account uses to encrypt an EBS + // volume when no CMK is specified in the API call that creates the volume. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` +} + +// String returns the string representation +func (s GetEbsDefaultKmsKeyIdOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetEbsDefaultKmsKeyIdOutput) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *GetEbsDefaultKmsKeyIdOutput) SetKmsKeyId(v string) *GetEbsDefaultKmsKeyIdOutput { + s.KmsKeyId = &v + return s +} + +type GetEbsEncryptionByDefaultInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s GetEbsEncryptionByDefaultInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetEbsEncryptionByDefaultInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *GetEbsEncryptionByDefaultInput) SetDryRun(v bool) *GetEbsEncryptionByDefaultInput { + s.DryRun = &v + return s +} + +type GetEbsEncryptionByDefaultOutput struct { + _ struct{} `type:"structure"` + + // Indicates whether default encryption for EBS volumes is enabled or disabled. + EbsEncryptionByDefault *bool `locationName:"ebsEncryptionByDefault" type:"boolean"` +} + +// String returns the string representation +func (s GetEbsEncryptionByDefaultOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetEbsEncryptionByDefaultOutput) GoString() string { + return s.String() +} + +// SetEbsEncryptionByDefault sets the EbsEncryptionByDefault field's value. +func (s *GetEbsEncryptionByDefaultOutput) SetEbsEncryptionByDefault(v bool) *GetEbsEncryptionByDefaultOutput { + s.EbsEncryptionByDefault = &v + return s +} + type GetHostReservationPurchasePreviewInput struct { _ struct{} `type:"structure"` @@ -62641,22 +64028,23 @@ type ImportImageInput struct { // // * Key ID // - // * Key alias, in the form alias/ExampleAlias + // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed + // by the Region of the CMK, the AWS account ID of the CMK owner, the alias + // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the region of the CMK, the AWS account ID of the CMK owner, the key + // by the Region of the CMK, the AWS account ID of the CMK owner, the key // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the region of the CMK, the AWS account ID of the CMK owner, + // followed by the Region of the CMK, the AWS account ID of the CMK owner, // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. This action // will eventually report failure. // - // The specified CMK must exist in the region that the AMI is being copied to. + // The specified CMK must exist in the Region that the AMI is being copied to. KmsKeyId *string `type:"string"` // The license type to be used for the Amazon Machine Image (AMI) after importing. @@ -63137,10 +64525,10 @@ type ImportInstanceLaunchSpecification struct { // The architecture of the instance. Architecture *string `locationName:"architecture" type:"string" enum:"ArchitectureValues"` - // One or more security group IDs. + // The security group IDs. GroupIds []*string `locationName:"GroupId" locationNameList:"SecurityGroupId" type:"list"` - // One or more security group names. + // The security group names. GroupNames []*string `locationName:"GroupName" locationNameList:"SecurityGroup" type:"list"` // Indicates whether an instance stops or terminates when you initiate shutdown @@ -63281,7 +64669,7 @@ type ImportInstanceTaskDetails struct { // The instance operating system. Platform *string `locationName:"platform" type:"string" enum:"PlatformValues"` - // One or more volumes. + // The volumes. Volumes []*ImportInstanceVolumeDetailItem `locationName:"volumes" locationNameList:"item" type:"list"` } @@ -63535,22 +64923,23 @@ type ImportSnapshotInput struct { // // * Key ID // - // * Key alias, in the form alias/ExampleAlias + // * Key alias. The alias ARN contains the arn:aws:kms namespace, followed + // by the Region of the CMK, the AWS account ID of the CMK owner, the alias + // namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed - // by the region of the CMK, the AWS account ID of the CMK owner, the key + // by the Region of the CMK, the AWS account ID of the CMK owner, the key // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. // // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, - // followed by the region of the CMK, the AWS account ID of the CMK owner, + // followed by the Region of the CMK, the AWS account ID of the CMK owner, // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. // - // // AWS parses KmsKeyId asynchronously, meaning that the action you call may // appear to complete even though you provided an invalid identifier. This action // will eventually report failure. // - // The specified CMK must exist in the region that the snapshot is being copied + // The specified CMK must exist in the Region that the snapshot is being copied // to. KmsKeyId *string `type:"string"` @@ -63961,7 +65350,7 @@ type Instance struct { // The monitoring for the instance. Monitoring *Monitoring `locationName:"monitoring" type:"structure"` - // [EC2-VPC] One or more network interfaces for the instance. + // [EC2-VPC] The network interfaces for the instance. NetworkInterfaces []*InstanceNetworkInterface `locationName:"networkInterfaceSet" locationNameList:"item" type:"list"` // The location where the instance launched, if applicable. @@ -64004,7 +65393,7 @@ type Instance struct { // instance store volume. RootDeviceType *string `locationName:"rootDeviceType" type:"string" enum:"DeviceType"` - // One or more security groups for the instance. + // The security groups for the instance. SecurityGroups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` // Specifies whether to enable an instance launched in a VPC to perform NAT. @@ -64717,6 +66106,11 @@ type InstanceNetworkInterface struct { // One or more security groups. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` + // Describes the type of network interface. + // + // Valid values: interface | efa + InterfaceType *string `locationName:"interfaceType" type:"string"` + // One or more IPv6 addresses associated with the network interface. Ipv6Addresses []*InstanceIpv6Address `locationName:"ipv6AddressesSet" locationNameList:"item" type:"list"` @@ -64785,6 +66179,12 @@ func (s *InstanceNetworkInterface) SetGroups(v []*GroupIdentifier) *InstanceNetw return s } +// SetInterfaceType sets the InterfaceType field's value. +func (s *InstanceNetworkInterface) SetInterfaceType(v string) *InstanceNetworkInterface { + s.InterfaceType = &v + return s +} + // SetIpv6Addresses sets the Ipv6Addresses field's value. func (s *InstanceNetworkInterface) SetIpv6Addresses(v []*InstanceIpv6Address) *InstanceNetworkInterface { s.Ipv6Addresses = v @@ -64973,15 +66373,26 @@ type InstanceNetworkInterfaceSpecification struct { // interface when launching an instance. Description *string `locationName:"description" type:"string"` - // The index of the device on the instance for the network interface attachment. - // If you are specifying a network interface in a RunInstances request, you - // must provide the device index. + // The position of the network interface in the attachment order. A primary + // network interface has a device index of 0. + // + // If you specify a network interface when launching an instance, you must specify + // the device index. DeviceIndex *int64 `locationName:"deviceIndex" type:"integer"` // The IDs of the security groups for the network interface. Applies only if // creating a network interface when launching an instance. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` + // The type of network interface. To create an Elastic Fabric Adapter (EFA), + // specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // If you are not creating an EFA, specify interface or omit this parameter. + // + // Valid values: interface | efa + InterfaceType *string `type:"string"` + // A number of IPv6 addresses to assign to the network interface. Amazon EC2 // chooses the IPv6 addresses from the range of the subnet. You cannot specify // this option and the option to assign specific IPv6 addresses in the same @@ -65000,19 +66411,22 @@ type InstanceNetworkInterfaceSpecification struct { // The private IPv4 address of the network interface. Applies only if creating // a network interface when launching an instance. You cannot specify this option - // if you're launching more than one instance in a RunInstances request. + // if you're launching more than one instance in a RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) + // request. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` // One or more private IPv4 addresses to assign to the network interface. Only // one private IPv4 address can be designated as primary. You cannot specify // this option if you're launching more than one instance in a RunInstances + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) // request. PrivateIpAddresses []*PrivateIpAddressSpecification `locationName:"privateIpAddressesSet" queryName:"PrivateIpAddresses" locationNameList:"item" type:"list"` // The number of secondary private IPv4 addresses. You can't specify this option // and specify more than one private IP address using the private IP addresses // option. You cannot specify this option if you're launching more than one - // instance in a RunInstances request. + // instance in a RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) + // request. SecondaryPrivateIpAddressCount *int64 `locationName:"secondaryPrivateIpAddressCount" type:"integer"` // The ID of the subnet associated with the network string. Applies only if @@ -65060,6 +66474,12 @@ func (s *InstanceNetworkInterfaceSpecification) SetGroups(v []*string) *Instance return s } +// SetInterfaceType sets the InterfaceType field's value. +func (s *InstanceNetworkInterfaceSpecification) SetInterfaceType(v string) *InstanceNetworkInterfaceSpecification { + s.InterfaceType = &v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *InstanceNetworkInterfaceSpecification) SetIpv6AddressCount(v int64) *InstanceNetworkInterfaceSpecification { s.Ipv6AddressCount = &v @@ -65154,6 +66574,39 @@ func (s *InstancePrivateIpAddress) SetPrivateIpAddress(v string) *InstancePrivat return s } +// The instance details to specify which volumes should be snapshotted. +type InstanceSpecification struct { + _ struct{} `type:"structure"` + + // Excludes the root volume from being snapshotted. + ExcludeBootVolume *bool `type:"boolean"` + + // The instance to specify which volumes should be snapshotted. + InstanceId *string `type:"string"` +} + +// String returns the string representation +func (s InstanceSpecification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InstanceSpecification) GoString() string { + return s.String() +} + +// SetExcludeBootVolume sets the ExcludeBootVolume field's value. +func (s *InstanceSpecification) SetExcludeBootVolume(v bool) *InstanceSpecification { + s.ExcludeBootVolume = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *InstanceSpecification) SetInstanceId(v string) *InstanceSpecification { + s.InstanceId = &v + return s +} + // Describes the current state of an instance. type InstanceState struct { _ struct{} `type:"structure"` @@ -65571,33 +67024,34 @@ type IpPermission struct { // all ICMP/ICMPv6 types, you must specify all codes. FromPort *int64 `locationName:"fromPort" type:"integer"` - // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). // - // [EC2-VPC only] Use -1 to specify all protocols. When authorizing security - // group rules, specifying -1 or a protocol number other than tcp, udp, icmp, - // or 58 (ICMPv6) allows traffic on all ports, regardless of any port range - // you specify. For tcp, udp, and icmp, you must specify a port range. For 58 - // (ICMPv6), you can optionally specify a port range; if you don't, traffic - // for all types and codes is allowed when authorizing rules. + // [VPC only] Use -1 to specify all protocols. When authorizing security group + // rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 + // allows traffic on all ports, regardless of any port range you specify. For + // tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range + // is optional; if you omit the port range, traffic for all types and codes + // is allowed. IpProtocol *string `locationName:"ipProtocol" type:"string"` - // One or more IPv4 ranges. + // The IPv4 ranges. IpRanges []*IpRange `locationName:"ipRanges" locationNameList:"item" type:"list"` - // [EC2-VPC only] One or more IPv6 ranges. + // [VPC only] The IPv6 ranges. Ipv6Ranges []*Ipv6Range `locationName:"ipv6Ranges" locationNameList:"item" type:"list"` - // [EC2-VPC only] One or more prefix list IDs for an AWS service. With AuthorizeSecurityGroupEgress, - // this is the AWS service that you want to access through a VPC endpoint from - // instances associated with the security group. + // [VPC only] The prefix list IDs for an AWS service. With outbound rules, this + // is the AWS service to access through a VPC endpoint from instances associated + // with the security group. PrefixListIds []*PrefixListId `locationName:"prefixListIds" locationNameList:"item" type:"list"` // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. - // A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. - // If you specify all ICMP/ICMPv6 types, you must specify all codes. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. ToPort *int64 `locationName:"toPort" type:"integer"` - // One or more security group and AWS account ID pairs. + // The security group and AWS account ID pairs. UserIdGroupPairs []*UserIdGroupPair `locationName:"groups" locationNameList:"item" type:"list"` } @@ -66534,8 +67988,8 @@ type LaunchTemplateEbsBlockDeviceRequest struct { // volume. For gp2, this represents the baseline performance of the volume and // the rate at which the volume accumulates I/O credits for bursting. For more // information about General Purpose SSD baseline performance, I/O credits, - // and bursting, see Amazon EBS Volume Types in the Amazon Elastic Compute Cloud - // User Guide. + // and bursting, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) + // in the Amazon Elastic Compute Cloud User Guide. // // Condition: This parameter is required for requests to create io1 volumes; // it is not used in requests to create gp2, st1, sc1, or standard volumes. @@ -66879,6 +68333,9 @@ type LaunchTemplateInstanceNetworkInterfaceSpecification struct { // The IDs of one or more security groups. Groups []*string `locationName:"groupSet" locationNameList:"groupId" type:"list"` + // The type of network interface. + InterfaceType *string `locationName:"interfaceType" type:"string"` + // The number of IPv6 addresses for the network interface. Ipv6AddressCount *int64 `locationName:"ipv6AddressCount" type:"integer"` @@ -66941,6 +68398,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetGroups(v []*str return s } +// SetInterfaceType sets the InterfaceType field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetInterfaceType(v string) *LaunchTemplateInstanceNetworkInterfaceSpecification { + s.InterfaceType = &v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecification) SetIpv6AddressCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecification { s.Ipv6AddressCount = &v @@ -67002,6 +68465,15 @@ type LaunchTemplateInstanceNetworkInterfaceSpecificationRequest struct { // The IDs of one or more security groups. Groups []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` + // The type of network interface. To create an Elastic Fabric Adapter (EFA), + // specify efa. For more information, see Elastic Fabric Adapter (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) + // in the Amazon Elastic Compute Cloud User Guide. + // + // If you are not creating an EFA, specify interface or omit this parameter. + // + // Valid values: interface | efa + InterfaceType *string `type:"string"` + // The number of IPv6 addresses to assign to a network interface. Amazon EC2 // automatically selects the IPv6 addresses from the subnet range. You can't // use this option if specifying specific IPv6 addresses. @@ -67067,6 +68539,12 @@ func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetGroups(v return s } +// SetInterfaceType sets the InterfaceType field's value. +func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetInterfaceType(v string) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { + s.InterfaceType = &v + return s +} + // SetIpv6AddressCount sets the Ipv6AddressCount field's value. func (s *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest) SetIpv6AddressCount(v int64) *LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { s.Ipv6AddressCount = &v @@ -67586,7 +69064,7 @@ type LaunchTemplateTagSpecificationRequest struct { // The type of resource to tag. Currently, the resource types that support tagging // on creation are instance and volume. To tag a resource after it has been - // created, see CreateTags. + // created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). ResourceType *string `type:"string" enum:"ResourceType"` // The tags to apply to the resource. @@ -68192,6 +69670,98 @@ func (s *ModifyClientVpnEndpointOutput) SetReturn(v bool) *ModifyClientVpnEndpoi return s } +type ModifyEbsDefaultKmsKeyIdInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // An identifier for the AWS Key Management Service (AWS KMS) customer master + // key (CMK) to use to encrypt the volume. This parameter is only required if + // you want to use a non-default CMK; if this parameter is not specified, the + // default CMK for EBS is used. If a KmsKeyId is specified, the Encrypted flag + // must also be set. + // + // The CMK identifier may be provided in any of the following formats: + // + // * Key ID + // + // * Key alias + // + // * ARN using key ID. The ID ARN contains the arn:aws:kms namespace, followed + // by the Region of the CMK, the AWS account ID of the CMK owner, the key + // namespace, and then the CMK ID. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. + // + // * ARN using key alias. The alias ARN contains the arn:aws:kms namespace, + // followed by the Region of the CMK, the AWS account ID of the CMK owner, + // the alias namespace, and then the CMK alias. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. + // + // KmsKeyId is a required field + KmsKeyId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s ModifyEbsDefaultKmsKeyIdInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyEbsDefaultKmsKeyIdInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyEbsDefaultKmsKeyIdInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyEbsDefaultKmsKeyIdInput"} + if s.KmsKeyId == nil { + invalidParams.Add(request.NewErrParamRequired("KmsKeyId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *ModifyEbsDefaultKmsKeyIdInput { + s.DryRun = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ModifyEbsDefaultKmsKeyIdInput) SetKmsKeyId(v string) *ModifyEbsDefaultKmsKeyIdInput { + s.KmsKeyId = &v + return s +} + +type ModifyEbsDefaultKmsKeyIdOutput struct { + _ struct{} `type:"structure"` + + // The full ARN of the default CMK that your account uses to encrypt an EBS + // volume when no CMK is specified in the API call that creates the volume. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` +} + +// String returns the string representation +func (s ModifyEbsDefaultKmsKeyIdOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyEbsDefaultKmsKeyIdOutput) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ModifyEbsDefaultKmsKeyIdOutput) SetKmsKeyId(v string) *ModifyEbsDefaultKmsKeyIdOutput { + s.KmsKeyId = &v + return s +} + type ModifyFleetInput struct { _ struct{} `type:"structure"` @@ -68324,17 +69894,16 @@ type ModifyFpgaImageAttributeInput struct { // The operation type. OperationType *string `type:"string" enum:"OperationType"` - // One or more product codes. After you add a product code to an AFI, it can't - // be removed. This parameter is valid only when modifying the productCodes - // attribute. + // The product codes. After you add a product code to an AFI, it can't be removed. + // This parameter is valid only when modifying the productCodes attribute. ProductCodes []*string `locationName:"ProductCode" locationNameList:"ProductCode" type:"list"` - // One or more user groups. This parameter is valid only when modifying the - // loadPermission attribute. + // The user groups. This parameter is valid only when modifying the loadPermission + // attribute. UserGroups []*string `locationName:"UserGroup" locationNameList:"UserGroup" type:"list"` - // One or more AWS account IDs. This parameter is valid only when modifying - // the loadPermission attribute. + // The AWS account IDs. This parameter is valid only when modifying the loadPermission + // attribute. UserIds []*string `locationName:"UserId" locationNameList:"UserId" type:"list"` } @@ -68724,16 +70293,16 @@ type ModifyImageAttributeInput struct { // is launchPermission. OperationType *string `type:"string" enum:"OperationType"` - // One or more DevPay product codes. After you add a product code to an AMI, - // it can't be removed. + // The DevPay product codes. After you add a product code to an AMI, it can't + // be removed. ProductCodes []*string `locationName:"ProductCode" locationNameList:"ProductCode" type:"list"` - // One or more user groups. This parameter can be used only when the Attribute - // parameter is launchPermission. + // The user groups. This parameter can be used only when the Attribute parameter + // is launchPermission. UserGroups []*string `locationName:"UserGroup" locationNameList:"UserGroup" type:"list"` - // One or more AWS account IDs. This parameter can be used only when the Attribute - // parameter is launchPermission. + // The AWS account IDs. This parameter can be used only when the Attribute parameter + // is launchPermission. UserIds []*string `locationName:"UserId" locationNameList:"UserId" type:"list"` // The value of the attribute being modified. This parameter can be used only @@ -69967,10 +71536,8 @@ type ModifySubnetAttributeInput struct { // or later of the Amazon EC2 API. AssignIpv6AddressOnCreation *AttributeBooleanValue `type:"structure"` - // Specify true to indicate that network interfaces created in the specified - // subnet should be assigned a public IPv4 address. This includes a network - // interface that's created when launching an instance into the subnet (the - // instance therefore receives a public IPv4 address). + // Specify true to indicate that ENIs attached to instances created in the specified + // subnet should be assigned a public IPv4 address. MapPublicIpOnLaunch *AttributeBooleanValue `type:"structure"` // The ID of the subnet. @@ -71071,6 +72638,97 @@ func (s *ModifyVpcTenancyOutput) SetReturnValue(v bool) *ModifyVpcTenancyOutput return s } +type ModifyVpnConnectionInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the transit gateway. + TransitGatewayId *string `type:"string"` + + // The ID of the VPN connection. + // + // VpnConnectionId is a required field + VpnConnectionId *string `type:"string" required:"true"` + + // The ID of the virtual private gateway at the AWS side of the VPN connection. + VpnGatewayId *string `type:"string"` +} + +// String returns the string representation +func (s ModifyVpnConnectionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnConnectionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyVpnConnectionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyVpnConnectionInput"} + if s.VpnConnectionId == nil { + invalidParams.Add(request.NewErrParamRequired("VpnConnectionId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyVpnConnectionInput) SetDryRun(v bool) *ModifyVpnConnectionInput { + s.DryRun = &v + return s +} + +// SetTransitGatewayId sets the TransitGatewayId field's value. +func (s *ModifyVpnConnectionInput) SetTransitGatewayId(v string) *ModifyVpnConnectionInput { + s.TransitGatewayId = &v + return s +} + +// SetVpnConnectionId sets the VpnConnectionId field's value. +func (s *ModifyVpnConnectionInput) SetVpnConnectionId(v string) *ModifyVpnConnectionInput { + s.VpnConnectionId = &v + return s +} + +// SetVpnGatewayId sets the VpnGatewayId field's value. +func (s *ModifyVpnConnectionInput) SetVpnGatewayId(v string) *ModifyVpnConnectionInput { + s.VpnGatewayId = &v + return s +} + +type ModifyVpnConnectionOutput struct { + _ struct{} `type:"structure"` + + // Describes a VPN connection. + VpnConnection *VpnConnection `locationName:"vpnConnection" type:"structure"` +} + +// String returns the string representation +func (s ModifyVpnConnectionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifyVpnConnectionOutput) GoString() string { + return s.String() +} + +// SetVpnConnection sets the VpnConnection field's value. +func (s *ModifyVpnConnectionOutput) SetVpnConnection(v *VpnConnection) *ModifyVpnConnectionOutput { + s.VpnConnection = v + return s +} + type MonitorInstancesInput struct { _ struct{} `type:"structure"` @@ -71080,7 +72738,7 @@ type MonitorInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more instance IDs. + // The IDs of the instances. // // InstanceIds is a required field InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list" required:"true"` @@ -71720,7 +73378,7 @@ type NetworkInterface struct { // Any security groups for the network interface. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` - // The type of interface. + // The type of network interface. InterfaceType *string `locationName:"interfaceType" type:"string" enum:"NetworkInterfaceType"` // The IPv6 addresses associated with the network interface. @@ -72546,6 +74204,9 @@ type Placement struct { Affinity *string `locationName:"affinity" type:"string"` // The Availability Zone of the instance. + // + // If not specified, an Availability Zone will be automatically chosen for you + // based on the load balancing criteria for the Region. AvailabilityZone *string `locationName:"availabilityZone" type:"string"` // The name of the placement group the instance is in. @@ -73075,7 +74736,7 @@ type ProvisionByoipCidrInput struct { // The public IPv4 address range, in CIDR notation. The most specific prefix // that you can specify is /24. The address range cannot overlap with another - // address range that you've brought to this or another region. + // address range that you've brought to this or another Region. // // Cidr is a required field Cidr *string `type:"string" required:"true"` @@ -73757,7 +75418,7 @@ type PurchaseScheduledInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `type:"boolean"` - // One or more purchase requests. + // The purchase requests. // // PurchaseRequests is a required field PurchaseRequests []*PurchaseRequest `locationName:"PurchaseRequest" locationNameList:"PurchaseRequest" min:"1" type:"list" required:"true"` @@ -73850,7 +75511,7 @@ type RebootInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more instance IDs. + // The instance IDs. // // InstanceIds is a required field InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list" required:"true"` @@ -73938,14 +75599,14 @@ func (s *RecurringCharge) SetFrequency(v string) *RecurringCharge { return s } -// Describes a region. +// Describes a Region. type Region struct { _ struct{} `type:"structure"` - // The region service endpoint. + // The Region service endpoint. Endpoint *string `locationName:"regionEndpoint" type:"string"` - // The name of the region. + // The name of the Region. RegionName *string `locationName:"regionName" type:"string"` } @@ -73986,7 +75647,7 @@ type RegisterImageInput struct { // use of an AMI. BillingProducts []*string `locationName:"BillingProduct" locationNameList:"item" type:"list"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // A description for your AMI. @@ -74005,7 +75666,10 @@ type RegisterImageInput struct { // PV AMI can make instances launched from the AMI unreachable. EnaSupport *bool `locationName:"enaSupport" type:"boolean"` - // The full path to your AMI manifest in Amazon S3 storage. + // The full path to your AMI manifest in Amazon S3 storage. The specified bucket + // must have the aws-exec-read canned access control list (ACL) to ensure that + // it can be accessed by Amazon EC2. For more information, see Canned ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) + // in the Amazon S3 Service Developer Guide. ImageLocation *string `type:"string"` // The ID of the kernel. @@ -75213,12 +76877,12 @@ type ReportInstanceStatusInput struct { // The time at which the reported instance health state ended. EndTime *time.Time `locationName:"endTime" type:"timestamp"` - // One or more instances. + // The instances. // // Instances is a required field Instances []*string `locationName:"instanceId" locationNameList:"InstanceId" type:"list" required:"true"` - // One or more reason codes that describe the health state of your instance. + // The reason codes that describe the health state of your instance. // // * instance-stuck-in-state: My instance is stuck in a state. // @@ -75366,8 +77030,11 @@ type RequestLaunchTemplateData struct { // only. CreditSpecification *CreditSpecificationRequest `type:"structure"` - // If set to true, you can't terminate the instance using the Amazon EC2 console, - // CLI, or API. To change this attribute to false after launch, use ModifyInstanceAttribute. + // If you set this parameter to true, you can't terminate the instance using + // the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute + // after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + // Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + // you can terminate the instance by running the shutdown command from the instance. DisableApiTermination *bool `type:"boolean"` // Indicates whether the instance is optimized for Amazon EBS I/O. This optimization @@ -75393,7 +77060,7 @@ type RequestLaunchTemplateData struct { // The IAM instance profile. IamInstanceProfile *LaunchTemplateIamInstanceProfileSpecificationRequest `type:"structure"` - // The ID of the AMI, which you can get by using DescribeImages. + // The ID of the AMI. ImageId *string `type:"string"` // Indicates whether an instance stops or terminates when you initiate shutdown @@ -75416,8 +77083,8 @@ type RequestLaunchTemplateData struct { // in the Amazon Elastic Compute Cloud User Guide. KernelId *string `type:"string"` - // The name of the key pair. You can create a key pair using CreateKeyPair or - // ImportKeyPair. + // The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + // or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). // // If you do not specify a key pair, you can't connect to the instance unless // you choose an AMI that is configured to allow users another way to log in. @@ -75429,7 +77096,8 @@ type RequestLaunchTemplateData struct { // The monitoring for the instance. Monitoring *LaunchTemplatesMonitoringRequest `type:"structure"` - // One or more network interfaces. + // One or more network interfaces. If you specify a network interface, you must + // specify any security groups as part of the network interface. NetworkInterfaces []*LaunchTemplateInstanceNetworkInterfaceSpecificationRequest `locationName:"NetworkInterface" locationNameList:"InstanceNetworkInterfaceSpecification" type:"list"` // The placement for the instance. @@ -75442,7 +77110,8 @@ type RequestLaunchTemplateData struct { // in the Amazon Elastic Compute Cloud User Guide. RamDiskId *string `type:"string"` - // One or more security group IDs. You can create a security group using CreateSecurityGroup. + // One or more security group IDs. You can create a security group using CreateSecurityGroup + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). // You cannot specify both a security group ID and security name in the same // request. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` @@ -75455,7 +77124,7 @@ type RequestLaunchTemplateData struct { // The tags to apply to the resources during launch. You can only tag instances // and volumes on launch. The specified tags are applied to all instances or // volumes that are created during launch. To tag a resource after it has been - // created, see CreateTags. + // created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). TagSpecifications []*LaunchTemplateTagSpecificationRequest `locationName:"TagSpecification" locationNameList:"LaunchTemplateTagSpecificationRequest" type:"list"` // The Base64-encoded user data to make available to the instance. For more @@ -76014,7 +77683,8 @@ type RequestSpotLaunchSpecification struct { // The ID of the subnet in which to launch the instance. SubnetId *string `locationName:"subnetId" type:"string"` - // The Base64-encoded user data for the instance. + // The Base64-encoded user data for the instance. User data is limited to 16 + // KB. UserData *string `locationName:"userData" type:"string"` } @@ -76143,10 +77813,10 @@ func (s *RequestSpotLaunchSpecification) SetUserData(v string) *RequestSpotLaunc type Reservation struct { _ struct{} `type:"structure"` - // [EC2-Classic only] One or more security groups. + // [EC2-Classic only] The security groups. Groups []*GroupIdentifier `locationName:"groupSet" locationNameList:"item" type:"list"` - // One or more instances. + // The instances. Instances []*Instance `locationName:"instancesSet" locationNameList:"item" type:"list"` // The ID of the AWS account that owns the reservation. @@ -76508,7 +78178,7 @@ type ReservedInstancesConfiguration struct { // EC2-Classic or EC2-VPC. Platform *string `locationName:"platform" type:"string"` - // Whether the Reserved Instance is applied to instances in a region or instances + // Whether the Reserved Instance is applied to instances in a Region or instances // in a specific Availability Zone. Scope *string `locationName:"scope" type:"string" enum:"scope"` } @@ -76867,7 +78537,7 @@ type ReservedInstancesOffering struct { // GetReservedInstancesExchangeQuote to confirm that an exchange can be made. ReservedInstancesOfferingId *string `locationName:"reservedInstancesOfferingId" type:"string"` - // Whether the Reserved Instance is applied to instances in a region or an Availability + // Whether the Reserved Instance is applied to instances in a Region or an Availability // Zone. Scope *string `locationName:"scope" type:"string" enum:"scope"` @@ -76975,6 +78645,56 @@ func (s *ReservedInstancesOffering) SetUsagePrice(v float64) *ReservedInstancesO return s } +type ResetEbsDefaultKmsKeyIdInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` +} + +// String returns the string representation +func (s ResetEbsDefaultKmsKeyIdInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ResetEbsDefaultKmsKeyIdInput) GoString() string { + return s.String() +} + +// SetDryRun sets the DryRun field's value. +func (s *ResetEbsDefaultKmsKeyIdInput) SetDryRun(v bool) *ResetEbsDefaultKmsKeyIdInput { + s.DryRun = &v + return s +} + +type ResetEbsDefaultKmsKeyIdOutput struct { + _ struct{} `type:"structure"` + + // The full ARN of the default CMK that your account uses to encrypt an EBS + // volume when no CMK is specified in the API call that creates the volume. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` +} + +// String returns the string representation +func (s ResetEbsDefaultKmsKeyIdOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ResetEbsDefaultKmsKeyIdOutput) GoString() string { + return s.String() +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *ResetEbsDefaultKmsKeyIdOutput) SetKmsKeyId(v string) *ResetEbsDefaultKmsKeyIdOutput { + s.KmsKeyId = &v + return s +} + type ResetFpgaImageAttributeInput struct { _ struct{} `type:"structure"` @@ -77860,8 +79580,8 @@ type RevokeSecurityGroupEgressInput struct { // GroupId is a required field GroupId *string `locationName:"groupId" type:"string" required:"true"` - // One or more sets of IP permissions. You can't specify a destination security - // group and a CIDR IP address range in the same set of permissions. + // The sets of IP permissions. You can't specify a destination security group + // and a CIDR IP address range in the same set of permissions. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` // Not supported. Use a set of IP permissions to specify the protocol name or @@ -77997,8 +79717,8 @@ type RevokeSecurityGroupIngressInput struct { // either the security group ID or the security group name in the request. GroupName *string `type:"string"` - // One or more sets of IP permissions. You can't specify a source security group - // and a CIDR IP address range in the same set of permissions. + // The sets of IP permissions. You can't specify a source security group and + // a CIDR IP address range in the same set of permissions. IpPermissions []*IpPermission `locationNameList:"item" type:"list"` // The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). @@ -78386,8 +80106,8 @@ type RunInstancesInput struct { // Reserved. AdditionalInfo *string `locationName:"additionalInfo" type:"string"` - // One or more block device mapping entries. You can't specify both a snapshot - // ID and an encryption value. This is because only blank volumes can be encrypted + // The block device mapping entries. You can't specify both a snapshot ID and + // an encryption value. This is because only blank volumes can be encrypted // on creation. If a snapshot is the basis for a volume, it is not blank and // its encryption status is used for the volume encryption status. BlockDeviceMappings []*BlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` @@ -78409,8 +80129,9 @@ type RunInstancesInput struct { // in the Amazon Elastic Compute Cloud User Guide. CpuOptions *CpuOptionsRequest `type:"structure"` - // The credit option for CPU usage of the instance. Valid values are standard - // and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification. + // The credit option for CPU usage of the T2 or T3 instance. Valid values are + // standard and unlimited. To change this attribute after launch, use ModifyInstanceCreditSpecification + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). // For more information, see Burstable Performance Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) // in the Amazon Elastic Compute Cloud User Guide. // @@ -78419,9 +80140,9 @@ type RunInstancesInput struct { // If you set this parameter to true, you can't terminate the instance using // the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute - // to false after launch, use ModifyInstanceAttribute. Alternatively, if you - // set InstanceInitiatedShutdownBehavior to terminate, you can terminate the - // instance by running the shutdown command from the instance. + // after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + // Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + // you can terminate the instance by running the shutdown command from the instance. // // Default: false DisableApiTermination *bool `locationName:"disableApiTermination" type:"boolean"` @@ -78441,10 +80162,15 @@ type RunInstancesInput struct { // Default: false EbsOptimized *bool `locationName:"ebsOptimized" type:"boolean"` - // An elastic GPU to associate with the instance. + // An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource + // that you can attach to your Windows instance to accelerate the graphics performance + // of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) + // in the Amazon Elastic Compute Cloud User Guide. ElasticGpuSpecification []*ElasticGpuSpecification `locationNameList:"item" type:"list"` - // An elastic inference accelerator. + // An elastic inference accelerator to associate with the instance. Elastic + // inference accelerators are a resource you can attach to your Amazon EC2 instances + // to accelerate your Deep Learning (DL) inference workloads. ElasticInferenceAccelerators []*ElasticInferenceAccelerator `locationName:"ElasticInferenceAccelerator" locationNameList:"item" type:"list"` // Indicates whether an instance is enabled for hibernation. For more information, @@ -78455,9 +80181,8 @@ type RunInstancesInput struct { // The IAM instance profile. IamInstanceProfile *IamInstanceProfileSpecification `locationName:"iamInstanceProfile" type:"structure"` - // The ID of the AMI, which you can get by calling DescribeImages. An AMI is - // required to launch an instance and must be specified here or in a launch - // template. + // The ID of the AMI. An AMI ID is required to launch an instance and must be + // specified here or in a launch template. ImageId *string `type:"string"` // Indicates whether an instance stops or terminates when you initiate shutdown @@ -78478,7 +80203,7 @@ type RunInstancesInput struct { // Default: m1.small InstanceType *string `type:"string" enum:"InstanceType"` - // [EC2-VPC] A number of IPv6 addresses to associate with the primary network + // [EC2-VPC] The number of IPv6 addresses to associate with the primary network // interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. // You cannot specify this option and the option to assign specific IPv6 addresses // in the same request. You can specify this option if you've specified a minimum @@ -78488,11 +80213,10 @@ type RunInstancesInput struct { // request. Ipv6AddressCount *int64 `type:"integer"` - // [EC2-VPC] Specify one or more IPv6 addresses from the range of the subnet - // to associate with the primary network interface. You cannot specify this - // option and the option to assign a number of IPv6 addresses in the same request. - // You cannot specify this option if you've specified a minimum number of instances - // to launch. + // [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with + // the primary network interface. You cannot specify this option and the option + // to assign a number of IPv6 addresses in the same request. You cannot specify + // this option if you've specified a minimum number of instances to launch. // // You cannot specify this option and the network interfaces option in the same // request. @@ -78501,12 +80225,12 @@ type RunInstancesInput struct { // The ID of the kernel. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more - // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) // in the Amazon Elastic Compute Cloud User Guide. KernelId *string `type:"string"` - // The name of the key pair. You can create a key pair using CreateKeyPair or - // ImportKeyPair. + // The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + // or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). // // If you do not specify a key pair, you can't connect to the instance unless // you choose an AMI that is configured to allow users another way to log in. @@ -78544,13 +80268,11 @@ type RunInstancesInput struct { // MinCount is a required field MinCount *int64 `type:"integer" required:"true"` - // The monitoring for the instance. + // Specifies whether detailed monitoring is enabled for the instance. Monitoring *RunInstancesMonitoringEnabled `type:"structure"` - // One or more network interfaces. - // - // You cannot specify this option and the network interfaces option in the same - // request. + // The network interfaces to associate with the instance. If you specify a network + // interface, you must specify any security groups as part of the network interface. NetworkInterfaces []*InstanceNetworkInterfaceSpecification `locationName:"networkInterface" locationNameList:"item" type:"list"` // The placement for the instance. @@ -78568,26 +80290,28 @@ type RunInstancesInput struct { // request. PrivateIpAddress *string `locationName:"privateIpAddress" type:"string"` - // The ID of the RAM disk. + // The ID of the RAM disk to select. Some kernels require additional drivers + // at launch. Check the kernel requirements for information about whether you + // need to specify a RAM disk. To find kernel requirements, go to the AWS Resource + // Center and search for the kernel ID. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more - // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + // information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) // in the Amazon Elastic Compute Cloud User Guide. RamdiskId *string `type:"string"` - // One or more security group IDs. You can create a security group using CreateSecurityGroup. - // - // Default: Amazon EC2 uses the default security group. + // The IDs of the security groups. You can create a security group using CreateSecurityGroup + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). // - // You cannot specify this option and the network interfaces option in the same - // request. + // If you specify a network interface, you must specify any security groups + // as part of the network interface. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` - // [EC2-Classic, default VPC] One or more security group names. For a nondefault + // [EC2-Classic, default VPC] The names of the security groups. For a nondefault // VPC, you must use security group IDs instead. // - // You cannot specify this option and the network interfaces option in the same - // request. + // If you specify a network interface, you must specify any security groups + // as part of the network interface. // // Default: Amazon EC2 uses the default security group. SecurityGroups []*string `locationName:"SecurityGroup" locationNameList:"SecurityGroup" type:"list"` @@ -78601,7 +80325,7 @@ type RunInstancesInput struct { // The tags to apply to the resources during launch. You can only tag instances // and volumes on launch. The specified tags are applied to all instances or // volumes that are created during launch. To tag a resource after it has been - // created, see CreateTags. + // created, see CreateTags (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html). TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` // The user data to make available to the instance. For more information, see @@ -78609,7 +80333,7 @@ type RunInstancesInput struct { // (Linux) and Adding User Data (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html#instancedata-add-user-data) // (Windows). If you are using a command line tool, base64-encoding is performed // for you, and you can load the text from a file. Otherwise, you must provide - // base64-encoded text. + // base64-encoded text. User data is limited to 16 KB. UserData *string `type:"string"` } @@ -79732,7 +81456,7 @@ func (s *ScheduledInstancesIpv6Address) SetIpv6Address(v string) *ScheduledInsta type ScheduledInstancesLaunchSpecification struct { _ struct{} `type:"structure"` - // One or more block device mapping entries. + // The block device mapping entries. BlockDeviceMappings []*ScheduledInstancesBlockDeviceMapping `locationName:"BlockDeviceMapping" locationNameList:"BlockDeviceMapping" type:"list"` // Indicates whether the instances are optimized for EBS I/O. This optimization @@ -79764,7 +81488,7 @@ type ScheduledInstancesLaunchSpecification struct { // Enable or disable monitoring for the instances. Monitoring *ScheduledInstancesMonitoring `type:"structure"` - // One or more network interfaces. + // The network interfaces. NetworkInterfaces []*ScheduledInstancesNetworkInterface `locationName:"NetworkInterface" locationNameList:"NetworkInterface" type:"list"` // The placement information. @@ -79773,7 +81497,7 @@ type ScheduledInstancesLaunchSpecification struct { // The ID of the RAM disk. RamdiskId *string `type:"string"` - // The IDs of one or more security groups. + // The IDs of the security groups. SecurityGroupIds []*string `locationName:"SecurityGroupId" locationNameList:"SecurityGroupId" type:"list"` // The ID of the subnet in which to launch the instances. @@ -79934,14 +81658,14 @@ type ScheduledInstancesNetworkInterface struct { // The index of the device for the network interface attachment. DeviceIndex *int64 `type:"integer"` - // The IDs of one or more security groups. + // The IDs of the security groups. Groups []*string `locationName:"Group" locationNameList:"SecurityGroupId" type:"list"` // The number of IPv6 addresses to assign to the network interface. The IPv6 // addresses are automatically selected from the subnet range. Ipv6AddressCount *int64 `type:"integer"` - // One or more specific IPv6 addresses from the subnet range. + // The specific IPv6 addresses from the subnet range. Ipv6Addresses []*ScheduledInstancesIpv6Address `locationName:"Ipv6Address" locationNameList:"Ipv6Address" type:"list"` // The ID of the network interface. @@ -80256,10 +81980,10 @@ type SecurityGroup struct { // The name of the security group. GroupName *string `locationName:"groupName" type:"string"` - // One or more inbound rules associated with the security group. + // The inbound rules associated with the security group. IpPermissions []*IpPermission `locationName:"ipPermissions" locationNameList:"item" type:"list"` - // [EC2-VPC] One or more outbound rules associated with the security group. + // [VPC only] The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` // The AWS account ID of the owner of the security group. @@ -80268,7 +81992,7 @@ type SecurityGroup struct { // Any tags assigned to the security group. Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` - // [EC2-VPC] The ID of the VPC for the security group. + // [VPC only] The ID of the VPC for the security group. VpcId *string `locationName:"vpcId" type:"string"` } @@ -80419,6 +82143,10 @@ type ServiceConfiguration struct { // The DNS names for the service. BaseEndpointDnsNames []*string `locationName:"baseEndpointDnsNameSet" locationNameList:"item" type:"list"` + // Indicates whether the service manages it's VPC endpoints. Management of the + // service VPC endpoints using the VPC endpoint API is restricted. + ManagesVpcEndpoints *bool `locationName:"managesVpcEndpoints" type:"boolean"` + // The Amazon Resource Names (ARNs) of the Network Load Balancers for the service. NetworkLoadBalancerArns []*string `locationName:"networkLoadBalancerArnSet" locationNameList:"item" type:"list"` @@ -80436,6 +82164,9 @@ type ServiceConfiguration struct { // The type of service. ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"` + + // Any tags assigned to the service. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -80466,6 +82197,12 @@ func (s *ServiceConfiguration) SetBaseEndpointDnsNames(v []*string) *ServiceConf return s } +// SetManagesVpcEndpoints sets the ManagesVpcEndpoints field's value. +func (s *ServiceConfiguration) SetManagesVpcEndpoints(v bool) *ServiceConfiguration { + s.ManagesVpcEndpoints = &v + return s +} + // SetNetworkLoadBalancerArns sets the NetworkLoadBalancerArns field's value. func (s *ServiceConfiguration) SetNetworkLoadBalancerArns(v []*string) *ServiceConfiguration { s.NetworkLoadBalancerArns = v @@ -80502,6 +82239,12 @@ func (s *ServiceConfiguration) SetServiceType(v []*ServiceTypeDetail) *ServiceCo return s } +// SetTags sets the Tags field's value. +func (s *ServiceConfiguration) SetTags(v []*Tag) *ServiceConfiguration { + s.Tags = v + return s +} + // Describes a VPC endpoint service. type ServiceDetail struct { _ struct{} `type:"structure"` @@ -80516,18 +82259,28 @@ type ServiceDetail struct { // The DNS names for the service. BaseEndpointDnsNames []*string `locationName:"baseEndpointDnsNameSet" locationNameList:"item" type:"list"` + // Indicates whether the service manages it's VPC endpoints. Management of the + // service VPC endpoints using the VPC endpoint API is restricted. + ManagesVpcEndpoints *bool `locationName:"managesVpcEndpoints" type:"boolean"` + // The AWS account ID of the service owner. Owner *string `locationName:"owner" type:"string"` // The private DNS name for the service. PrivateDnsName *string `locationName:"privateDnsName" type:"string"` + // The ID of the endpoint service. + ServiceId *string `locationName:"serviceId" type:"string"` + // The Amazon Resource Name (ARN) of the service. ServiceName *string `locationName:"serviceName" type:"string"` // The type of service. ServiceType []*ServiceTypeDetail `locationName:"serviceType" locationNameList:"item" type:"list"` + // Any tags assigned to the service. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // Indicates whether the service supports endpoint policies. VpcEndpointPolicySupported *bool `locationName:"vpcEndpointPolicySupported" type:"boolean"` } @@ -80560,6 +82313,12 @@ func (s *ServiceDetail) SetBaseEndpointDnsNames(v []*string) *ServiceDetail { return s } +// SetManagesVpcEndpoints sets the ManagesVpcEndpoints field's value. +func (s *ServiceDetail) SetManagesVpcEndpoints(v bool) *ServiceDetail { + s.ManagesVpcEndpoints = &v + return s +} + // SetOwner sets the Owner field's value. func (s *ServiceDetail) SetOwner(v string) *ServiceDetail { s.Owner = &v @@ -80572,6 +82331,12 @@ func (s *ServiceDetail) SetPrivateDnsName(v string) *ServiceDetail { return s } +// SetServiceId sets the ServiceId field's value. +func (s *ServiceDetail) SetServiceId(v string) *ServiceDetail { + s.ServiceId = &v + return s +} + // SetServiceName sets the ServiceName field's value. func (s *ServiceDetail) SetServiceName(v string) *ServiceDetail { s.ServiceName = &v @@ -80584,6 +82349,12 @@ func (s *ServiceDetail) SetServiceType(v []*ServiceTypeDetail) *ServiceDetail { return s } +// SetTags sets the Tags field's value. +func (s *ServiceDetail) SetTags(v []*Tag) *ServiceDetail { + s.Tags = v + return s +} + // SetVpcEndpointPolicySupported sets the VpcEndpointPolicySupported field's value. func (s *ServiceDetail) SetVpcEndpointPolicySupported(v bool) *ServiceDetail { s.VpcEndpointPolicySupported = &v @@ -80726,9 +82497,9 @@ type Snapshot struct { // volume. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` - // Value from an Amazon-maintained list (amazon | aws-marketplace | microsoft) - // of snapshot owners. Not to be confused with the user-configured AWS account - // alias, which is set from the IAM console. + // Value from an Amazon-maintained list (amazon | self | all | aws-marketplace + // | microsoft) of snapshot owners. Not to be confused with the user-configured + // AWS account alias, which is set from the IAM console. OwnerAlias *string `locationName:"ownerAlias" type:"string"` // The AWS account ID of the EBS snapshot owner. @@ -81019,6 +82790,113 @@ func (s *SnapshotDiskContainer) SetUserBucket(v *UserBucket) *SnapshotDiskContai return s } +// Object that contains information about a snapshot. +type SnapshotInfo struct { + _ struct{} `type:"structure"` + + // Description specified by the CreateSnapshotRequest that has been applied + // to all snapshots. + Description *string `locationName:"description" type:"string"` + + // Boolean that specifies whether or not this snapshot is encrypted. + Encrypted *bool `locationName:"encrypted" type:"boolean"` + + // Account id used when creating this snapshot. + OwnerId *string `locationName:"ownerId" type:"string"` + + // Progress this snapshot has made towards completing. + Progress *string `locationName:"progress" type:"string"` + + // Snapshot id that can be used to describe this snapshot. + SnapshotId *string `locationName:"snapshotId" type:"string"` + + // Time this snapshot was started. This is the same for all snapshots initiated + // by the same request. + StartTime *time.Time `locationName:"startTime" type:"timestamp"` + + // Current state of the snapshot. + State *string `locationName:"state" type:"string" enum:"SnapshotState"` + + // Tags associated with this snapshot. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // Source volume from which this snapshot was created. + VolumeId *string `locationName:"volumeId" type:"string"` + + // Size of the volume from which this snapshot was created. + VolumeSize *int64 `locationName:"volumeSize" type:"integer"` +} + +// String returns the string representation +func (s SnapshotInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SnapshotInfo) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SnapshotInfo) SetDescription(v string) *SnapshotInfo { + s.Description = &v + return s +} + +// SetEncrypted sets the Encrypted field's value. +func (s *SnapshotInfo) SetEncrypted(v bool) *SnapshotInfo { + s.Encrypted = &v + return s +} + +// SetOwnerId sets the OwnerId field's value. +func (s *SnapshotInfo) SetOwnerId(v string) *SnapshotInfo { + s.OwnerId = &v + return s +} + +// SetProgress sets the Progress field's value. +func (s *SnapshotInfo) SetProgress(v string) *SnapshotInfo { + s.Progress = &v + return s +} + +// SetSnapshotId sets the SnapshotId field's value. +func (s *SnapshotInfo) SetSnapshotId(v string) *SnapshotInfo { + s.SnapshotId = &v + return s +} + +// SetStartTime sets the StartTime field's value. +func (s *SnapshotInfo) SetStartTime(v time.Time) *SnapshotInfo { + s.StartTime = &v + return s +} + +// SetState sets the State field's value. +func (s *SnapshotInfo) SetState(v string) *SnapshotInfo { + s.State = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SnapshotInfo) SetTags(v []*Tag) *SnapshotInfo { + s.Tags = v + return s +} + +// SetVolumeId sets the VolumeId field's value. +func (s *SnapshotInfo) SetVolumeId(v string) *SnapshotInfo { + s.VolumeId = &v + return s +} + +// SetVolumeSize sets the VolumeSize field's value. +func (s *SnapshotInfo) SetVolumeSize(v int64) *SnapshotInfo { + s.VolumeSize = &v + return s +} + // Details about the import snapshot task. type SnapshotTaskDetail struct { _ struct{} `type:"structure"` @@ -81194,17 +83072,20 @@ func (s *SpotDatafeedSubscription) SetState(v string) *SpotDatafeedSubscription return s } -// Describes the launch specification for one or more Spot Instances. +// Describes the launch specification for one or more Spot Instances. If you +// include On-Demand capacity in your fleet request, you can't use SpotFleetLaunchSpecification; +// you must use LaunchTemplateConfig (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_LaunchTemplateConfig.html). type SpotFleetLaunchSpecification struct { _ struct{} `type:"structure"` // Deprecated. AddressingType *string `locationName:"addressingType" type:"string"` - // One or more block device mapping entries. You can't specify both a snapshot - // ID and an encryption value. This is because only blank volumes can be encrypted - // on creation. If a snapshot is the basis for a volume, it is not blank and - // its encryption status is used for the volume encryption status. + // One or more block devices that are mapped to the Spot instances. You can't + // specify both a snapshot ID and an encryption value. This is because only + // blank volumes can be encrypted on creation. If a snapshot is the basis for + // a volume, it is not blank and its encryption status is used for the volume + // encryption status. BlockDeviceMappings []*BlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` // Indicates whether the instances are optimized for EBS I/O. This optimization @@ -81241,7 +83122,10 @@ type SpotFleetLaunchSpecification struct { // The placement information. Placement *SpotPlacement `locationName:"placement" type:"structure"` - // The ID of the RAM disk. + // The ID of the RAM disk. Some kernels require additional drivers at launch. + // Check the kernel requirements for information about whether you need to specify + // a RAM disk. To find kernel requirements, refer to the AWS Resource Center + // and search for the kernel ID. RamdiskId *string `locationName:"ramdiskId" type:"string"` // One or more security groups. When requesting instances in a VPC, you must @@ -81262,16 +83146,16 @@ type SpotFleetLaunchSpecification struct { // The tags to apply during creation. TagSpecifications []*SpotFleetTagSpecification `locationName:"tagSpecificationSet" locationNameList:"item" type:"list"` - // The Base64-encoded user data to make available to the instances. + // The Base64-encoded user data that instances use when starting up. UserData *string `locationName:"userData" type:"string"` // The number of units provided by the specified instance type. These are the - // same units that you chose to set the target capacity in terms (instances - // or a performance characteristic such as vCPUs, memory, or I/O). + // same units that you chose to set the target capacity in terms of instances, + // or a performance characteristic such as vCPUs, memory, or I/O. // - // If the target capacity divided by this value is not a whole number, we round - // the number of instances to the next whole number. If this value is not specified, - // the default is 1. + // If the target capacity divided by this value is not a whole number, Amazon + // EC2 rounds the number of instances to the next whole number. If this value + // is not specified, the default is 1. WeightedCapacity *float64 `locationName:"weightedCapacity" type:"double"` } @@ -81496,18 +83380,23 @@ type SpotFleetRequestConfigData struct { // see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). ClientToken *string `locationName:"clientToken" type:"string"` - // Indicates whether running Spot Instances should be terminated if the target - // capacity of the Spot Fleet request is decreased below the current size of - // the Spot Fleet. + // Indicates whether running Spot Instances should be terminated if you decrease + // the target capacity of the Spot Fleet request below the current size of the + // Spot Fleet. ExcessCapacityTerminationPolicy *string `locationName:"excessCapacityTerminationPolicy" type:"string" enum:"ExcessCapacityTerminationPolicy"` // The number of units fulfilled by this request compared to the set target // capacity. You cannot set this value. FulfilledCapacity *float64 `locationName:"fulfilledCapacity" type:"double"` - // Grants the Spot Fleet permission to terminate Spot Instances on your behalf - // when you cancel its Spot Fleet request using CancelSpotFleetRequests or when - // the Spot Fleet request expires, if you set terminateInstancesWithExpiration. + // The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) + // role that grants the Spot Fleet the permission to request, launch, terminate, + // and tag instances on your behalf. For more information, see Spot Fleet Prerequisites + // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-requests.html#spot-fleet-prerequisites) + // in the Amazon EC2 User Guide for Linux Instances. Spot Fleet can terminate + // Spot Instances on your behalf when you cancel its Spot Fleet request using + // CancelSpotFleetRequests or when the Spot Fleet request expires, if you set + // TerminateInstancesWithExpiration. // // IamFleetRole is a required field IamFleetRole *string `locationName:"iamFleetRole" type:"string" required:"true"` @@ -81521,10 +83410,14 @@ type SpotFleetRequestConfigData struct { // across the number of Spot pools that you specify. InstancePoolsToUseCount *int64 `locationName:"instancePoolsToUseCount" type:"integer"` - // The launch specifications for the Spot Fleet request. + // The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, + // you can't specify LaunchTemplateConfigs. If you include On-Demand capacity + // in your request, you must use LaunchTemplateConfigs. LaunchSpecifications []*SpotFleetLaunchSpecification `locationName:"launchSpecifications" locationNameList:"item" type:"list"` - // The launch template and overrides. + // The launch template and overrides. If you specify LaunchTemplateConfigs, + // you can't specify LaunchSpecifications. If you include On-Demand capacity + // in your request, you must use LaunchTemplateConfigs. LaunchTemplateConfigs []*LaunchTemplateConfig `locationName:"launchTemplateConfigs" locationNameList:"item" type:"list"` // One or more Classic Load Balancers and target groups to attach to the Spot @@ -81562,17 +83455,17 @@ type SpotFleetRequestConfigData struct { // The default is the On-Demand price. SpotPrice *string `locationName:"spotPrice" type:"string"` - // The number of units to request. You can choose to set the target capacity - // in terms of instances or a performance characteristic that is important to - // your application workload, such as vCPUs, memory, or I/O. If the request - // type is maintain, you can specify a target capacity of 0 and add capacity - // later. + // The number of units to request for the Spot Fleet. You can choose to set + // the target capacity in terms of instances or a performance characteristic + // that is important to your application workload, such as vCPUs, memory, or + // I/O. If the request type is maintain, you can specify a target capacity of + // 0 and add capacity later. // // TargetCapacity is a required field TargetCapacity *int64 `locationName:"targetCapacity" type:"integer" required:"true"` - // Indicates whether running Spot Instances should be terminated when the Spot - // Fleet request expires. + // Indicates whether running Spot Instances are terminated when the Spot Fleet + // request expires. TerminateInstancesWithExpiration *bool `locationName:"terminateInstancesWithExpiration" type:"boolean"` // The type of request. Indicates whether the Spot Fleet only requests the target @@ -81585,14 +83478,14 @@ type SpotFleetRequestConfigData struct { // Default: maintain. instant is listed but is not used by Spot Fleet. Type *string `locationName:"type" type:"string" enum:"FleetType"` - // The start date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). - // The default is to start fulfilling the request immediately. + // The start date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). + // By default, Amazon EC2 starts fulfilling the request immediately. ValidFrom *time.Time `locationName:"validFrom" type:"timestamp"` - // The end date and time of the request, in UTC format (for example, YYYY-MM-DDTHH:MM:SSZ). - // At this point, no new Spot Instance requests are placed or able to fulfill - // the request. If no value is specified, the Spot Fleet request remains until - // you cancel it. + // The end date and time of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). + // After the end date and time, no new Spot Instance requests are placed or + // able to fulfill the request. If no value is specified, the Spot Fleet request + // remains until you cancel it. ValidUntil *time.Time `locationName:"validUntil" type:"timestamp"` } @@ -82408,19 +84301,19 @@ type StaleIpPermission struct { // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). IpProtocol *string `locationName:"ipProtocol" type:"string"` - // One or more IP ranges. Not applicable for stale security group rules. + // The IP ranges. Not applicable for stale security group rules. IpRanges []*string `locationName:"ipRanges" locationNameList:"item" type:"list"` - // One or more prefix list IDs for an AWS service. Not applicable for stale - // security group rules. + // The prefix list IDs for an AWS service. Not applicable for stale security + // group rules. PrefixListIds []*string `locationName:"prefixListIds" locationNameList:"item" type:"list"` // The end of the port range for the TCP and UDP protocols, or an ICMP type // number. A value of -1 indicates all ICMP types. ToPort *int64 `locationName:"toPort" type:"integer"` - // One or more security group pairs. Returns the ID of the referenced security - // group and VPC, and the ID and status of the VPC peering connection. + // The security group pairs. Returns the ID of the referenced security group + // and VPC, and the ID and status of the VPC peering connection. UserIdGroupPairs []*UserIdGroupPair `locationName:"groups" locationNameList:"item" type:"list"` } @@ -82551,7 +84444,7 @@ type StartInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more instance IDs. + // The IDs of the instances. // // InstanceIds is a required field InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list" required:"true"` @@ -82601,7 +84494,7 @@ func (s *StartInstancesInput) SetInstanceIds(v []*string) *StartInstancesInput { type StartInstancesOutput struct { _ struct{} `type:"structure"` - // Information about one or more started instances. + // Information about the started instances. StartingInstances []*InstanceStateChange `locationName:"instancesSet" locationNameList:"item" type:"list"` } @@ -82717,7 +84610,7 @@ type StopInstancesInput struct { // Default: false Hibernate *bool `type:"boolean"` - // One or more instance IDs. + // The IDs of the instances. // // InstanceIds is a required field InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list" required:"true"` @@ -82773,7 +84666,7 @@ func (s *StopInstancesInput) SetInstanceIds(v []*string) *StopInstancesInput { type StopInstancesOutput struct { _ struct{} `type:"structure"` - // Information about one or more stopped instances. + // Information about the stopped instances. StoppingInstances []*InstanceStateChange `locationName:"instancesSet" locationNameList:"item" type:"list"` } @@ -83756,7 +85649,7 @@ type TerminateInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more instance IDs. + // The IDs of the instances. // // Constraints: Up to 1000 instance IDs. We recommend breaking up this request // into smaller batches. @@ -83803,7 +85696,7 @@ func (s *TerminateInstancesInput) SetInstanceIds(v []*string) *TerminateInstance type TerminateInstancesOutput struct { _ struct{} `type:"structure"` - // Information about one or more terminated instances. + // Information about the terminated instances. TerminatingInstances []*InstanceStateChange `locationName:"instancesSet" locationNameList:"item" type:"list"` } @@ -84932,7 +86825,7 @@ type UnmonitorInstancesInput struct { // it is UnauthorizedOperation. DryRun *bool `locationName:"dryRun" type:"boolean"` - // One or more instance IDs. + // The IDs of the instances. // // InstanceIds is a required field InstanceIds []*string `locationName:"InstanceId" locationNameList:"InstanceId" type:"list" required:"true"` @@ -86458,6 +88351,9 @@ type VpcEndpoint struct { // hosted zone. PrivateDnsEnabled *bool `locationName:"privateDnsEnabled" type:"boolean"` + // Indicates whether the VPC endpoint is being managed by its service. + RequesterManaged *bool `locationName:"requesterManaged" type:"boolean"` + // (Gateway endpoint) One or more route tables associated with the endpoint. RouteTableIds []*string `locationName:"routeTableIdSet" locationNameList:"item" type:"list"` @@ -86470,6 +88366,9 @@ type VpcEndpoint struct { // (Interface endpoint) One or more subnets in which the endpoint is located. SubnetIds []*string `locationName:"subnetIdSet" locationNameList:"item" type:"list"` + // Any tags assigned to the VPC endpoint. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + // The ID of the VPC endpoint. VpcEndpointId *string `locationName:"vpcEndpointId" type:"string"` @@ -86526,6 +88425,12 @@ func (s *VpcEndpoint) SetPrivateDnsEnabled(v bool) *VpcEndpoint { return s } +// SetRequesterManaged sets the RequesterManaged field's value. +func (s *VpcEndpoint) SetRequesterManaged(v bool) *VpcEndpoint { + s.RequesterManaged = &v + return s +} + // SetRouteTableIds sets the RouteTableIds field's value. func (s *VpcEndpoint) SetRouteTableIds(v []*string) *VpcEndpoint { s.RouteTableIds = v @@ -86550,6 +88455,12 @@ func (s *VpcEndpoint) SetSubnetIds(v []*string) *VpcEndpoint { return s } +// SetTags sets the Tags field's value. +func (s *VpcEndpoint) SetTags(v []*Tag) *VpcEndpoint { + s.Tags = v + return s +} + // SetVpcEndpointId sets the VpcEndpointId field's value. func (s *VpcEndpoint) SetVpcEndpointId(v string) *VpcEndpoint { s.VpcEndpointId = &v @@ -86839,7 +88750,7 @@ type VpcPeeringConnectionVpcInfo struct { // requester VPC. PeeringOptions *VpcPeeringConnectionOptionsDescription `locationName:"peeringOptions" type:"structure"` - // The region in which the VPC is located. + // The Region in which the VPC is located. Region *string `locationName:"region" type:"string"` // The ID of the VPC. @@ -87742,6 +89653,11 @@ const ( ) const ( + // CopyTagsFromSourceVolume is a CopyTagsFromSource enum value + CopyTagsFromSourceVolume = "volume" +) + +const ( // CurrencyCodeValuesUsd is a CurrencyCodeValues enum value CurrencyCodeValuesUsd = "USD" ) @@ -88268,6 +90184,27 @@ const ( // InstanceTypeT32xlarge is a InstanceType enum value InstanceTypeT32xlarge = "t3.2xlarge" + // InstanceTypeT3aNano is a InstanceType enum value + InstanceTypeT3aNano = "t3a.nano" + + // InstanceTypeT3aMicro is a InstanceType enum value + InstanceTypeT3aMicro = "t3a.micro" + + // InstanceTypeT3aSmall is a InstanceType enum value + InstanceTypeT3aSmall = "t3a.small" + + // InstanceTypeT3aMedium is a InstanceType enum value + InstanceTypeT3aMedium = "t3a.medium" + + // InstanceTypeT3aLarge is a InstanceType enum value + InstanceTypeT3aLarge = "t3a.large" + + // InstanceTypeT3aXlarge is a InstanceType enum value + InstanceTypeT3aXlarge = "t3a.xlarge" + + // InstanceTypeT3a2xlarge is a InstanceType enum value + InstanceTypeT3a2xlarge = "t3a.2xlarge" + // InstanceTypeM1Small is a InstanceType enum value InstanceTypeM1Small = "m1.small" @@ -88934,6 +90871,11 @@ const ( ) const ( + // NetworkInterfaceCreationTypeEfa is a NetworkInterfaceCreationType enum value + NetworkInterfaceCreationTypeEfa = "efa" +) + +const ( // NetworkInterfacePermissionStateCodePending is a NetworkInterfacePermissionStateCode enum value NetworkInterfacePermissionStateCodePending = "pending" @@ -88970,6 +90912,9 @@ const ( // NetworkInterfaceTypeNatGateway is a NetworkInterfaceType enum value NetworkInterfaceTypeNatGateway = "natGateway" + + // NetworkInterfaceTypeEfa is a NetworkInterfaceType enum value + NetworkInterfaceTypeEfa = "efa" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go index e669ba46..3978e852 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/api.go @@ -63,11 +63,11 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // account. // // For more information about scheduling and canceling deletion of a CMK, see -// Deleting Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -83,7 +83,8 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -98,7 +99,7 @@ func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *requ // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion @@ -168,7 +169,7 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // ConnectCustomKeyStore API operation for AWS Key Management Service. // -// Connects or reconnects a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) +// Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // to its associated AWS CloudHSM cluster. // // The custom key store must be connected before you can create customer master @@ -177,8 +178,8 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // To connect a custom key store, its associated AWS CloudHSM cluster must have // at least one active HSM. To get the number of active HSMs in a cluster, use -// the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters) -// operation. To add HSMs to the cluster, use the CreateHsm (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm) +// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. // // The connection process can take an extended amount of time to complete; up @@ -192,8 +193,8 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // During the connection process, AWS KMS finds the AWS CloudHSM cluster that // is associated with the custom key store, creates the connection infrastructure, // connects to the cluster, logs into the AWS CloudHSM client as the kmsuser -// (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// crypto user (CU), and rotates its password. +// crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// (CU), and rotates its password. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode @@ -204,7 +205,7 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // if necessary, and then use ConnectCustomKeyStore again. // // If you are having trouble connecting or disconnecting a custom key store, -// see Troubleshooting a Custom Key Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -219,7 +220,7 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started -// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" @@ -251,21 +252,35 @@ func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (r // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. The cluster -// must be configured with private subnets in at least two different Availability -// Zones in the Region. Also, it must contain at least as many HSMs as the operation -// requires. -// -// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, -// the AWS CloudHSM cluster must have at least two active HSMs, each in a different -// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM -// must contain at least one active HSM. -// -// For information about creating a private subnet for a AWS CloudHSM cluster, -// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm -// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. +// not meet the configuration requirements for a custom key store. +// +// * The cluster must be configured with private subnets in at least two +// different Availability Zones in the Region. +// +// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the cluster. +// Do not delete or change them. To get information about a particular security +// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// * The cluster must contain at least as many HSMs as the operation requires. +// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the AWS CloudHSM cluster must have at least two active HSMs, +// each in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the AWS CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an AWS CloudHSM cluster that is +// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. For information about +// creating a private subnet for an AWS CloudHSM cluster, see Create a Private +// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the AWS CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStore(input *ConnectCustomKeyStoreInput) (*ConnectCustomKeyStoreOutput, error) { @@ -334,8 +349,9 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // CreateAlias API operation for AWS Key Management Service. // -// Creates a display name for a customer master key (CMK). You can use an alias -// to identify a CMK in selected operations, such as Encrypt and GenerateDataKey. +// Creates a display name for a customer managed customer master key (CMK). +// You can use an alias to identify a CMK in selected operations, such as Encrypt +// and GenerateDataKey. // // Each CMK can have multiple aliases, but each alias points to only one CMK. // The alias name must be unique in the AWS account and region. To simplify @@ -347,10 +363,10 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // the response from the DescribeKey operation. To get the aliases of all CMKs, // use the ListAliases operation. // -// An alias must start with the word alias followed by a forward slash (alias/). -// The alias name can contain only alphanumeric characters, forward slashes -// (/), underscores (_), and dashes (-). Alias names cannot begin with aws; -// that alias name prefix is reserved by Amazon Web Services (AWS). +// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. +// It can contain only alphanumeric characters, forward slashes (/), underscores +// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ +// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // The alias and the CMK it is mapped to must be in the same AWS account and // the same region. You cannot perform this operation on an alias in a different @@ -359,7 +375,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // To map an existing alias to a different CMK, call UpdateAlias. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -391,7 +407,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" @@ -399,7 +415,7 @@ func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias @@ -468,71 +484,29 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // CreateCustomKeyStore API operation for AWS Key Management Service. // -// Creates a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) -// that is associated with an AWS CloudHSM cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) +// Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// that is associated with an AWS CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) // that you own and manage. // -// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // +// Before you create the custom key store, you must assemble the required elements, +// including an AWS CloudHSM cluster that fulfills the requirements for a custom +// key store. For details about the required elements, see Assemble the Prerequisites +// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. +// // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use // the ConnectCustomKeyStore operation to connect the new key store to its AWS -// CloudHSM cluster. -// -// The CreateCustomKeyStore operation requires the following elements. -// -// * You must specify an active AWS CloudHSM cluster in the same account -// and AWS Region as the custom key store. You can use an existing cluster -// or create and activate a new AWS CloudHSM cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-cluster.html) -// for the key store. AWS KMS does not require exclusive use of the cluster. -// -// * You must include the content of the trust anchor certificate for the -// cluster. You created this certificate, and saved it in the customerCA.crt -// file, when you initialized the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr). -// -// * You must provide the password of the dedicated kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// crypto user (CU) account in the cluster. -// -// Before you create the custom key store, use the createUser (http://docs.aws.amazon.com/cloudhsm/latest/userguide/cloudhsm_mgmt_util-createUser.html) -// command in cloudhsm_mgmt_util to create a crypto user (CU) named (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser)kmsuserin -// specified AWS CloudHSM cluster. AWS KMS uses the kmsuser CU account to -// create and manage key material on your behalf. For instructions, see Create -// the kmsuser Crypto User (http://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) -// in the AWS Key Management Service Developer Guide. -// -// The AWS CloudHSM cluster that you specify must meet the following requirements. -// -// * The cluster must be active and be in the same AWS account and Region -// as the custom key store. +// CloudHSM cluster. Even if you are not going to use your custom key store +// immediately, you might want to connect it to verify that all settings are +// correct and then disconnect it until you are ready to use it. // -// * Each custom key store must be associated with a different AWS CloudHSM -// cluster. The cluster cannot be associated with another custom key store -// or have the same cluster certificate as a cluster that is associated with -// another custom key store. To view the cluster certificate, use the AWS -// CloudHSM DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. Clusters that share a backup history have the same cluster -// certificate. -// -// * The cluster must be configured with subnets in at least two different -// Availability Zones in the Region. Because AWS CloudHSM is not supported -// in all Availability Zones, we recommend that the cluster have subnets -// in all Availability Zones in the Region. -// -// * The cluster must contain at least two active HSMs, each in a different -// Availability Zone. -// -// New custom key stores are not automatically connected. After you create your -// custom key store, use the ConnectCustomKeyStore operation to connect the -// custom key store to its associated AWS CloudHSM cluster. Even if you are -// not going to use your custom key store immediately, you might want to connect -// it to verify that all settings are correct and then disconnect it until you -// are ready to use it. -// -// If this operation succeeds, it returns the ID of the new custom key store. -// For help with failures, see Troubleshoot a Custom Key Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) -// in the AWS KMS Developer Guide. +// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) +// in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -549,7 +523,7 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // associated with a different AWS CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // * ErrCodeCustomKeyStoreNameInUseException "CustomKeyStoreNameInUseException" @@ -570,34 +544,48 @@ func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started -// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeIncorrectTrustAnchorException "IncorrectTrustAnchorException" // The request was rejected because the trust anchor certificate in the request // is not the trust anchor certificate for the specified AWS CloudHSM cluster. // -// When you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), +// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. The cluster -// must be configured with private subnets in at least two different Availability -// Zones in the Region. Also, it must contain at least as many HSMs as the operation -// requires. -// -// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, -// the AWS CloudHSM cluster must have at least two active HSMs, each in a different -// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM -// must contain at least one active HSM. -// -// For information about creating a private subnet for a AWS CloudHSM cluster, -// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm -// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. +// not meet the configuration requirements for a custom key store. +// +// * The cluster must be configured with private subnets in at least two +// different Availability Zones in the Region. +// +// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the cluster. +// Do not delete or change them. To get information about a particular security +// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// * The cluster must contain at least as many HSMs as the operation requires. +// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the AWS CloudHSM cluster must have at least two active HSMs, +// each in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the AWS CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an AWS CloudHSM cluster that is +// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. For information about +// creating a private subnet for an AWS CloudHSM cluster, see Create a Private +// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the AWS CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { @@ -665,17 +653,21 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // CreateGrant API operation for AWS Key Management Service. // -// Adds a grant to a customer master key (CMK). The grant specifies who can -// use the CMK and under what conditions. When setting permissions, grants are -// an alternative to key policies. +// Adds a grant to a customer master key (CMK). The grant allows the grantee +// principal to use the CMK when the conditions specified in the grant are met. +// When setting permissions, grants are an alternative to key policies. +// +// To create a grant that allows a cryptographic operation only when the encryption +// context in the operation request matches or includes a specified encryption +// context, use the Constraints parameter. For details, see GrantConstraints. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. For more information about grants, -// see Grants (http://docs.aws.amazon.com/kms/latest/developerguide/grants.html) -// in the AWS Key Management Service Developer Guide. +// see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) +// in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -698,7 +690,8 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request @@ -709,7 +702,7 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" @@ -717,7 +710,7 @@ func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant @@ -786,27 +779,21 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // CreateKey API operation for AWS Key Management Service. // -// Creates a customer master key (CMK) in the caller's AWS account. -// -// You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, -// but CMKs are more commonly used to encrypt data keys, which are used to encrypt -// raw data. For more information about data keys and the difference between -// CMKs and data keys, see the following: -// -// * The GenerateDataKey operation +// Creates a customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) +// (CMK) in your AWS account. // -// * AWS Key Management Service Concepts (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) -// in the AWS Key Management Service Developer Guide +// You can use a CMK to encrypt small amounts of data (up to 4096 bytes) directly. +// But CMKs are more commonly used to encrypt the data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) +// that are used to encrypt data. // -// If you plan to import key material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html), -// use the Origin parameter with a value of EXTERNAL to create a CMK with no -// key material. +// To create a CMK for imported key material, use the Origin parameter with +// a value of EXTERNAL. // -// To create a CMK in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html), -// use CustomKeyStoreId parameter to specify the custom key store. You must +// To create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), +// use the CustomKeyStoreId parameter to specify the custom key store. You must // also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM // cluster that is associated with the custom key store must have at least two -// active HSMs, each in a different Availability Zone in the Region. +// active HSMs in different Availability Zones in the AWS Region. // // You cannot use this operation to create a CMK in a different AWS account. // @@ -827,7 +814,8 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or @@ -839,7 +827,7 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" @@ -870,21 +858,35 @@ func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, out // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. The cluster -// must be configured with private subnets in at least two different Availability -// Zones in the Region. Also, it must contain at least as many HSMs as the operation -// requires. -// -// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, -// the AWS CloudHSM cluster must have at least two active HSMs, each in a different -// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM -// must contain at least one active HSM. -// -// For information about creating a private subnet for a AWS CloudHSM cluster, -// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm -// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. +// not meet the configuration requirements for a custom key store. +// +// * The cluster must be configured with private subnets in at least two +// different Availability Zones in the Region. +// +// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the cluster. +// Do not delete or change them. To get information about a particular security +// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// * The cluster must contain at least as many HSMs as the operation requires. +// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the AWS CloudHSM cluster must have at least two active HSMs, +// each in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the AWS CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an AWS CloudHSM cluster that is +// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. For information about +// creating a private subnet for an AWS CloudHSM cluster, see Create a Private +// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the AWS CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { @@ -961,17 +963,16 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // // * Encrypt // -// Note that if a caller has been granted access permissions to all keys (through, -// for example, IAM user policies that grant Decrypt permission on all resources), -// then ciphertext encrypted by using keys in other accounts where the key grants -// access to the caller can be decrypted. To remedy this, we recommend that -// you do not grant Decrypt access in an IAM user policy. Instead grant Decrypt -// access only in key policies. If you must grant Decrypt access in an IAM user -// policy, you should scope the resource to specific keys or to specific trusted -// accounts. +// Whenever possible, use key policies to give users permission to call the +// Decrypt operation on the CMK, instead of IAM policies. Otherwise, you might +// create an IAM user policy that gives the user Decrypt permission on all CMKs. +// This user could decrypt ciphertext that was encrypted by CMKs in other accounts +// if the key policy for the cross-account CMK permits it. If you must use an +// IAM policy for Decrypt permissions, limit the user to particular CMKs or +// particular trusted accounts. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1014,7 +1015,7 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt @@ -1121,7 +1122,7 @@ func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias @@ -1191,19 +1192,19 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // DeleteCustomKeyStore API operation for AWS Key Management Service. // -// Deletes a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html). +// Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // This operation does not delete the AWS CloudHSM cluster that is associated // with the custom key store, or affect any users or keys in the cluster. // // The custom key store that you delete cannot contain any AWS KMS customer -// master keys (CMKs) (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). +// master keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). // Before deleting the key store, verify that you will never need to use any // of the CMKs in the key store for any cryptographic operations. Then, use // ScheduleKeyDeletion to delete the AWS KMS customer master keys (CMKs) from // the key store. When the scheduled waiting period expires, the ScheduleKeyDeletion // operation deletes the CMKs. Then it makes a best effort to delete the key // material from the associated cluster. However, you might need to manually -// delete the orphaned key material (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // // After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to @@ -1217,7 +1218,7 @@ func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // @@ -1331,7 +1332,7 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // // Deletes key material that you previously imported. This operation makes the // specified customer master key (CMK) unusable. For more information about -// importing key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. You cannot perform this // operation on a CMK in a different AWS account. // @@ -1342,7 +1343,7 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // the same key material into the CMK. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1354,7 +1355,8 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or @@ -1377,7 +1379,7 @@ func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialI // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial @@ -1446,10 +1448,10 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // DescribeCustomKeyStores API operation for AWS Key Management Service. // -// Gets information about custom key stores (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) +// Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the account and region. // -// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // @@ -1471,7 +1473,7 @@ func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput // and contains the minimum number of HSMs required for the operation, if any. // // For help repairing your custom key store, see the Troubleshooting Custom -// Key Stores (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore-html) +// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // topic in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1558,8 +1560,9 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // // Provides detailed information about the specified customer master key (CMK). // -// If you use DescribeKey on a predefined AWS alias, that is, an AWS alias with -// no key ID, AWS KMS associates the alias with an AWS managed CMK (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) +// You can use DescribeKey on a predefined AWS alias, that is, an AWS alias +// with no key ID. When you do, AWS KMS associates the alias with an AWS managed +// CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // and returns its KeyId and Arn in the response. // // To perform this operation on a CMK in a different AWS account, specify the @@ -1578,7 +1581,8 @@ func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -1660,11 +1664,11 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // a CMK in a different AWS account. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) -// in the AWS Key Management Service Developer Guide. +// Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1680,7 +1684,8 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -1695,7 +1700,7 @@ func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, o // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey @@ -1765,12 +1770,12 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // DisableKeyRotation API operation for AWS Key Management Service. // -// Disables automatic rotation of the key material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) +// Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified customer master key (CMK). You cannot perform this operation // on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1789,7 +1794,8 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -1804,7 +1810,7 @@ func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *re // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" @@ -1878,7 +1884,7 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // DisconnectCustomKeyStore API operation for AWS Key Management Service. // -// Disconnects the custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) +// Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // from its associated AWS CloudHSM cluster. While a custom key store is disconnected, // you can manage the custom key store and its customer master keys (CMKs), // but you cannot create or use CMKs in the custom key store. You can reconnect @@ -1889,11 +1895,15 @@ func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInp // operations will fail. This action can prevent users from storing and accessing // sensitive data. // -// To find the connection state of a custom key store, use the DescribeCustomKeyStoresoperation. To reconnect a custom key store, use the ConnectCustomKeyStoreoperation. +// To find the connection state of a custom key store, use the DescribeCustomKeyStores +// operation. To reconnect a custom key store, use the ConnectCustomKeyStore +// operation. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// feature in AWS KMS, which combines the convenience and extensive integration +// of AWS KMS with the isolation and control of a single-tenant key store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2002,7 +2012,7 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // operation on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2018,7 +2028,8 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -2030,7 +2041,7 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" @@ -2038,7 +2049,7 @@ func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, out // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey @@ -2108,15 +2119,15 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // EnableKeyRotation API operation for AWS Key Management Service. // -// Enables automatic rotation of the key material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) +// Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified customer master key (CMK). You cannot perform this operation // on a CMK in a different AWS account. // // You cannot enable automatic rotation of CMKs with imported key material or -// CMKs in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html). +// CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2135,7 +2146,8 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -2150,7 +2162,7 @@ func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *requ // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" @@ -2229,28 +2241,28 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such // as an RSA key, a database password, or other sensitive information. // -// * To move encrypted data from one AWS region to another, you can use this -// operation to encrypt in the new region the plaintext data key that was -// used to encrypt the data in the original region. This provides you with -// an encrypted copy of the data key that can be decrypted in the new region -// and used there to decrypt the encrypted data. +// * You can use the Encrypt operation to move encrypted data from one AWS +// region to another. In the first region, generate a data key and use the +// plaintext key to encrypt the data. Then, in the new region, call the Encrypt +// method on same plaintext data key. Now, you can safely move the encrypted +// data and encrypted data key to the new region, and decrypt in the new +// region when necessary. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. -// -// Unless you are moving encrypted data from one region to another, you don't -// use this operation to encrypt a generated data key within a region. To get -// data keys that are already encrypted, call the GenerateDataKey or GenerateDataKeyWithoutPlaintext -// operation. Data keys don't need to be encrypted again by calling Encrypt. +// You don't need use this operation to encrypt a data key within a region. +// The GenerateDataKey and GenerateDataKeyWithoutPlaintext operations return +// an encrypted data key. // -// To encrypt data locally in your application, use the GenerateDataKey operation -// to return a plaintext data encryption key and a copy of the key encrypted -// under the CMK of your choosing. +// Also, you don't need to use this operation to encrypt data in your application. +// You can use the plaintext and encrypted data keys that the GenerateDataKey +// operation returns. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // +// To perform this operation on a CMK in a different AWS account, specify the +// key ARN or alias ARN in the value of the KeyId parameter. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2289,7 +2301,7 @@ func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt @@ -2358,55 +2370,58 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // GenerateDataKey API operation for AWS Key Management Service. // -// Returns a data encryption key that you can use in your application to encrypt -// data locally. +// Generates a unique data key. This operation returns a plaintext copy of the +// data key and a copy that is encrypted under a customer master key (CMK) that +// you specify. You can use the plaintext key to encrypt your data outside of +// KMS and store the encrypted data key with the encrypted data. +// +// GenerateDataKey returns a unique data key for each request. The bytes in +// the key are not related to the caller or CMK that is used to encrypt the +// data key. // -// You must specify the customer master key (CMK) under which to generate the -// data key. You must also specify the length of the data key using either the -// KeySpec or NumberOfBytes field. You must specify one field or the other, -// but not both. For common key lengths (128-bit and 256-bit symmetric keys), -// we recommend that you use KeySpec. To perform this operation on a CMK in -// a different AWS account, specify the key ARN or alias ARN in the value of -// the KeyId parameter. +// To generate a data key, you need to specify the customer master key (CMK) +// that will be used to encrypt the data key. You must also specify the length +// of the data key using either the KeySpec or NumberOfBytes field (but not +// both). For common key lengths (128-bit and 256-bit symmetric keys), we recommend +// that you use KeySpec. To perform this operation on a CMK in a different AWS +// account, specify the key ARN or alias ARN in the value of the KeyId parameter. // -// This operation returns a plaintext copy of the data key in the Plaintext -// field of the response, and an encrypted copy of the data key in the CiphertextBlob -// field. The data key is encrypted under the CMK specified in the KeyId field -// of the request. +// You will find the plaintext copy of the data key in the Plaintext field of +// the response, and the encrypted copy of the data key in the CiphertextBlob +// field. // // We recommend that you use the following pattern to encrypt data locally in // your application: // -// Use this operation (GenerateDataKey) to get a data encryption key. +// Use the GenerateDataKey operation to get a data encryption key. // -// Use the plaintext data encryption key (returned in the Plaintext field of -// the response) to encrypt data locally, then erase the plaintext data key -// from memory. +// Use the plaintext data key (returned in the Plaintext field of the response) +// to encrypt data locally, then erase the plaintext data key from memory. // // Store the encrypted data key (returned in the CiphertextBlob field of the // response) alongside the locally encrypted data. // // To decrypt data locally: // -// Use the Decrypt operation to decrypt the encrypted data key into a plaintext -// copy of the data key. +// Use the Decrypt operation to decrypt the encrypted data key. The operation +// returns a plaintext copy of the data key. // // Use the plaintext data key to decrypt data locally, then erase the plaintext // data key from memory. // -// To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. -// To return a random byte string that is cryptographically secure, use GenerateRandom. +// To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. +// To get a cryptographically secure random byte string, use GenerateRandom. // -// If you use the optional EncryptionContext field, you must store at least -// enough information to be able to reconstruct the full encryption context -// when you later send the ciphertext to the Decrypt operation. It is a good -// practice to choose an encryption context that you can reconstruct on the -// fly to better secure the ciphertext. For more information, see Encryption -// Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) -// in the AWS Key Management Service Developer Guide. +// You can use the optional encryption context to add additional security to +// your encryption operation. When you specify an EncryptionContext in the GenerateDataKey +// operation, you must specify the same encryption context (a case-sensitive +// exact match) in your request to Decrypt the data key. Otherwise, the request +// to decrypt fails with an InvalidCiphertextException. For more information, +// see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) +// in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2447,7 +2462,7 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request. // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey @@ -2516,27 +2531,30 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. // -// Returns a data encryption key encrypted under a customer master key (CMK). -// This operation is identical to GenerateDataKey but returns only the encrypted -// copy of the data key. +// Generates a unique data key. This operation returns a data key that is encrypted +// under a customer master key (CMK) that you specify. GenerateDataKeyWithoutPlaintext +// is identical to GenerateDataKey except that returns only the encrypted copy +// of the data key. // -// To perform this operation on a CMK in a different AWS account, specify the -// key ARN or alias ARN in the value of the KeyId parameter. +// Like GenerateDataKey, GenerateDataKeyWithoutPlaintext returns a unique data +// key for each request. The bytes in the key are not related to the caller +// or CMK that is used to encrypt the data key. // -// This operation is useful in a system that has multiple components with different -// degrees of trust. For example, consider a system that stores encrypted data -// in containers. Each container stores the encrypted data and an encrypted -// copy of the data key. One component of the system, called the control plane, -// creates new containers. When it creates a new container, it uses this operation -// (GenerateDataKeyWithoutPlaintext) to get an encrypted data key and then stores -// it in the container. Later, a different component of the system, called the -// data plane, puts encrypted data into the containers. To do this, it passes -// the encrypted data key to the Decrypt operation, then uses the returned plaintext -// data key to encrypt data, and finally stores the encrypted data in the container. -// In this system, the control plane never sees the plaintext data key. +// This operation is useful for systems that need to encrypt data at some point, +// but not immediately. When you need to encrypt the data, you call the Decrypt +// operation on the encrypted copy of the key. +// +// It's also useful in distributed systems with different levels of trust. For +// example, you might store encrypted data in containers. One component of your +// system creates new containers and stores an encrypted data key with each +// container. Then, a different component puts the data into the containers. +// That component first decrypts the data key, uses the plaintext data key to +// encrypt data, puts the encrypted data into the container, and then destroys +// the plaintext data key. In this system, the component that creates the containers +// never sees the plaintext data key. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2577,7 +2595,7 @@ func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWitho // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext @@ -2650,7 +2668,7 @@ func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Re // // By default, the random byte string is generated in AWS KMS. To generate the // byte string in the AWS CloudHSM cluster that is associated with a custom -// key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html), +// key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // specify the custom key store ID. // // For more information about entropy and random number generation, see the @@ -2778,7 +2796,8 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -2793,7 +2812,7 @@ func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Reques // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy @@ -2863,11 +2882,11 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // GetKeyRotationStatus API operation for AWS Key Management Service. // // Gets a Boolean value that indicates whether automatic rotation of the key -// material (http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) +// material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // is enabled for the specified customer master key (CMK). // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * Disabled: The key rotation status does not change when you disable a @@ -2894,7 +2913,8 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -2909,7 +2929,7 @@ func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" @@ -2984,7 +3004,7 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // // Returns the items you need in order to import key material into AWS KMS from // your existing key management infrastructure. For more information about importing -// key material into AWS KMS, see Importing Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // You must specify the key ID of the customer master key (CMK) into which you @@ -3001,7 +3021,7 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // To get new ones, send another GetParametersForImport request. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3013,7 +3033,8 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or @@ -3036,7 +3057,7 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport @@ -3110,7 +3131,7 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // was created without key material. You cannot perform this operation on a // CMK in a different AWS account. For more information about creating CMKs // with no key material and then importing key material, see Importing Key Material -// (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) +// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // Before using this operation, call GetParametersForImport. Its response includes @@ -3120,10 +3141,9 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // When calling this operation, you must specify the following values: // // * The key ID or key ARN of a CMK with no key material. Its Origin must -// be EXTERNAL. -// -// To create a CMK with no key material, call CreateKey and set the value of -// its Origin parameter to EXTERNAL. To get the Origin of a CMK, call DescribeKey.) +// be EXTERNAL. To create a CMK with no key material, call CreateKey and +// set the value of its Origin parameter to EXTERNAL. To get the Origin of +// a CMK, call DescribeKey.) // // * The encrypted key material. To get the public key to encrypt the key // material, call GetParametersForImport. @@ -3144,7 +3164,7 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // that CMK, but you cannot import different key material. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3156,7 +3176,8 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or @@ -3179,7 +3200,7 @@ func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *requ // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidCiphertextException "InvalidCiphertextException" @@ -3273,17 +3294,22 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // ListAliases API operation for AWS Key Management Service. // -// Gets a list of all aliases in the caller's AWS account and region. You cannot +// Gets a list of aliases in the caller's AWS account and region. You cannot // list aliases in other accounts. For more information about aliases, see CreateAlias. // // By default, the ListAliases command returns all aliases in the account and // region. To get only the aliases that point to a particular customer master // key (CMK), use the KeyId parameter. // -// The ListAliases response might include several aliases have no TargetKeyId -// field. These are predefined aliases that AWS has created but has not yet -// associated with a CMK. Aliases that AWS creates in your account, including -// predefined aliases, do not count against your AWS KMS aliases limit (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). +// The ListAliases response can include aliases that you created and associated +// with your customer managed CMKs, and aliases that AWS created and associated +// with AWS managed CMKs in your account. You can recognize AWS aliases because +// their names have the format aws/<service-name>, such as aws/dynamodb. +// +// The response might also include aliases that have no TargetKeyId field. These +// are predefined aliases that AWS has created but has not yet associated with +// a CMK. Aliases that AWS creates in your account, including predefined aliases, +// do not count against your AWS KMS aliases limit (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3306,7 +3332,8 @@ func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, // can be retried. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not @@ -3345,7 +3372,7 @@ func (c *KMS) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, o // // Example iterating over at most 3 pages of a ListAliases operation. // pageNum := 0 // err := client.ListAliasesPages(params, -// func(page *ListAliasesOutput, lastPage bool) bool { +// func(page *kms.ListAliasesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3460,7 +3487,8 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // should next begin is not valid. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request @@ -3471,7 +3499,7 @@ func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, o // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants @@ -3507,7 +3535,7 @@ func (c *KMS) ListGrantsWithContext(ctx aws.Context, input *ListGrantsInput, opt // // Example iterating over at most 3 pages of a ListGrants operation. // pageNum := 0 // err := client.ListGrantsPages(params, -// func(page *ListGrantsResponse, lastPage bool) bool { +// func(page *kms.ListGrantsResponse, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3614,7 +3642,8 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -3629,7 +3658,7 @@ func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request. // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies @@ -3665,7 +3694,7 @@ func (c *KMS) ListKeyPoliciesWithContext(ctx aws.Context, input *ListKeyPolicies // // Example iterating over at most 3 pages of a ListKeyPolicies operation. // pageNum := 0 // err := client.ListKeyPoliciesPages(params, -// func(page *ListKeyPoliciesOutput, lastPage bool) bool { +// func(page *kms.ListKeyPoliciesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3810,7 +3839,7 @@ func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts .. // // Example iterating over at most 3 pages of a ListKeys operation. // pageNum := 0 // err := client.ListKeysPages(params, -// func(page *ListKeysOutput, lastPage bool) bool { +// func(page *kms.ListKeysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3914,7 +3943,8 @@ func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *reques // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination @@ -4009,7 +4039,8 @@ func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req * // should next begin is not valid. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not @@ -4089,7 +4120,7 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // Attaches a key policy to the specified customer master key (CMK). You cannot // perform this operation on a CMK in a different AWS account. // -// For more information about key policies, see Key Policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) +// For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4105,7 +4136,8 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" // The request was rejected because the specified policy is not syntactically @@ -4125,7 +4157,7 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" @@ -4133,7 +4165,7 @@ func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Reques // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy @@ -4211,14 +4243,14 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // // Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom // on the source CMK and once as ReEncryptTo on the destination CMK. We recommend -// that you include the "kms:ReEncrypt*" permission in your key policies (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) +// that you include the "kms:ReEncrypt*" permission in your key policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) // to permit reencryption from or to the CMK. This permission is automatically -// included in the key policy when you create a CMK through the console, but +// included in the key policy when you create a CMK through the console. But // you must include it manually when you create a CMK programmatically or when // you set a key policy with the PutKeyPolicy operation. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4264,7 +4296,7 @@ func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, out // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt @@ -4360,7 +4392,8 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. @@ -4385,7 +4418,7 @@ func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant @@ -4478,7 +4511,8 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInvalidGrantIdException "InvalidGrantIdException" // The request was rejected because the specified GrantId is not valid. @@ -4492,7 +4526,7 @@ func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant @@ -4574,21 +4608,21 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. // To prevent the use of a CMK without deleting it, use DisableKey. // -// If you schedule deletion of a CMK from a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html), +// If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // when the waiting period expires, ScheduleKeyDeletion deletes the CMK from // AWS KMS. Then AWS KMS makes a best effort to delete the key material from // the associated AWS CloudHSM cluster. However, you might need to manually -// delete the orphaned key material (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) +// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // // You cannot perform this operation on a CMK in a different AWS account. // // For more information about scheduling a CMK for deletion, see Deleting Customer -// Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) +// Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4604,7 +4638,8 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -4619,7 +4654,7 @@ func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req * // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion @@ -4699,11 +4734,11 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // AWS KMS replaces the current tag value with the specified value. // // For information about the rules that apply to tag keys and tag values, see -// User-Defined Tag Restrictions (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) +// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the AWS Billing and Cost Management User Guide. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4723,19 +4758,20 @@ func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, -// see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) +// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" @@ -4815,7 +4851,7 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // tag key, use TagResource. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4835,14 +4871,15 @@ func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Requ // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" @@ -4929,15 +4966,13 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // appear in the response from the DescribeKey operation. To get the aliases // of all CMKs in the account, use the ListAliases operation. // -// An alias name can contain only alphanumeric characters, forward slashes (/), -// underscores (_), and dashes (-). An alias must start with the word alias -// followed by a forward slash (alias/). The alias name can contain only alphanumeric -// characters, forward slashes (/), underscores (_), and dashes (-). Alias names -// cannot begin with aws; that alias name prefix is reserved by Amazon Web Services -// (AWS). +// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. +// It can contain only alphanumeric characters, forward slashes (/), underscores +// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ +// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4965,7 +5000,7 @@ func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias @@ -5045,45 +5080,28 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // the connection state of a custom key store, use the DescribeCustomKeyStores // operation. // -// Use the NewCustomKeyStoreName parameter to change the friendly name of the -// custom key store to the value that you specify. -// -// Use the KeyStorePassword parameter tell AWS KMS the current password of the -// kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) -// crypto user (CU) in the associated AWS CloudHSM cluster. You can use this -// parameter to fix connection failures that occur when AWS KMS cannot log into -// the associated cluster because the kmsuser password has changed. This value -// does not change the password in the AWS CloudHSM cluster. +// Use the parameters of UpdateCustomKeyStore to edit your keystore settings. // -// Use the CloudHsmClusterId parameter to associate the custom key store with -// a related AWS CloudHSM cluster, that is, a cluster that shares a backup history -// with the original cluster. You can use this parameter to repair a custom -// key store if its AWS CloudHSM cluster becomes corrupted or is deleted, or -// when you need to create or restore a cluster from a backup. +// * Use the NewCustomKeyStoreName parameter to change the friendly name +// of the custom key store to the value that you specify. // -// The cluster ID must identify a AWS CloudHSM cluster with the following requirements. +// * Use the KeyStorePassword parameter tell AWS KMS the current password +// of the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) +// in the associated AWS CloudHSM cluster. You can use this parameter to +// fix connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) +// that occur when AWS KMS cannot log into the associated cluster because +// the kmsuser password has changed. This value does not change the password +// in the AWS CloudHSM cluster. // -// * The cluster must be active and be in the same AWS account and Region -// as the custom key store. -// -// * The cluster must have the same cluster certificate as the original cluster. -// You cannot use this parameter to associate the custom key store with an -// unrelated cluster. To view the cluster certificate, use the AWS CloudHSM -// DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) -// operation. Clusters that share a backup history have the same cluster -// certificate. -// -// * The cluster must be configured with subnets in at least two different -// Availability Zones in the Region. Because AWS CloudHSM is not supported -// in all Availability Zones, we recommend that the cluster have subnets -// in all Availability Zones in the Region. -// -// * The cluster must contain at least two active HSMs, each in a different -// Availability Zone. +// * Use the CloudHsmClusterId parameter to associate the custom key store +// with a different, but related, AWS CloudHSM cluster. You can use this +// parameter to repair a custom key store if its AWS CloudHSM cluster becomes +// corrupted or is deleted, or when you need to create or restore a cluster +// from a backup. // // If the operation succeeds, it returns a JSON object with no properties. // -// This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) +// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // @@ -5115,7 +5133,7 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // cluster. // // Clusters that share a backup history have the same cluster certificate. To -// view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) +// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" @@ -5145,26 +5163,40 @@ func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started -// (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) +// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did -// not meet the configuration requirements for a custom key store. The cluster -// must be configured with private subnets in at least two different Availability -// Zones in the Region. Also, it must contain at least as many HSMs as the operation -// requires. -// -// For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, -// the AWS CloudHSM cluster must have at least two active HSMs, each in a different -// Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM -// must contain at least one active HSM. -// -// For information about creating a private subnet for a AWS CloudHSM cluster, -// see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) -// in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm -// (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) -// operation. +// not meet the configuration requirements for a custom key store. +// +// * The cluster must be configured with private subnets in at least two +// different Availability Zones in the Region. +// +// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound +// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound +// rules and the Destination in the outbound rules must match the security +// group ID. These rules are set by default when you create the cluster. +// Do not delete or change them. To get information about a particular security +// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) +// operation. +// +// * The cluster must contain at least as many HSMs as the operation requires. +// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) +// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey +// operations, the AWS CloudHSM cluster must have at least two active HSMs, +// each in a different Availability Zone. For the ConnectCustomKeyStore operation, +// the AWS CloudHSM must contain at least one active HSM. +// +// For information about the requirements for an AWS CloudHSM cluster that is +// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) +// in the AWS Key Management Service Developer Guide. For information about +// creating a private subnet for an AWS CloudHSM cluster, see Create a Private +// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) +// in the AWS CloudHSM User Guide. For information about cluster security groups, +// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) +// in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { @@ -5233,13 +5265,13 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // UpdateKeyDescription API operation for AWS Key Management Service. // -// Updates the description of a customer master key (CMK). To see the decription +// Updates the description of a customer master key (CMK). To see the description // of a CMK, use DescribeKey. // // You cannot perform this operation on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, -// see How Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5255,7 +5287,8 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // be found. // // * ErrCodeInvalidArnException "InvalidArnException" -// The request was rejected because a specified ARN was not valid. +// The request was rejected because a specified ARN, or an ARN in a key policy, +// is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can @@ -5270,7 +5303,7 @@ func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req // valid for this request. // // For more information about how key state affects the use of a CMK, see How -// Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) +// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription @@ -5302,7 +5335,7 @@ type AliasListEntry struct { // String that contains the key ARN. AliasArn *string `min:"20" type:"string"` - // String that contains the alias. + // String that contains the alias. This value begins with alias/. AliasName *string `min:"1" type:"string"` // String that contains the key identifier referred to by the alias. @@ -5471,25 +5504,17 @@ func (s ConnectCustomKeyStoreOutput) GoString() string { type CreateAliasInput struct { _ struct{} `type:"structure"` - // String that contains the display name. The name must start with the word - // "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" - // are reserved. + // Specifies the alias name. This value must begin with alias/ followed by a + // name, such as alias/ExampleAlias. The alias name cannot begin with alias/aws/. + // The alias/aws/ prefix is reserved for AWS managed CMKs. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Identifies the CMK for which you are creating the alias. This value cannot - // be an alias. - // - // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. - // - // For example: - // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab - // - // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. + // Identifies the CMK to which the alias refers. Specify the key ID or the Amazon + // Resource Name (ARN) of the CMK. You cannot specify another alias. For help + // finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) + // in the AWS Key Management Service Developer Guide. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` @@ -5558,7 +5583,7 @@ type CreateCustomKeyStoreInput struct { // Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster // ID of any active AWS CloudHSM cluster that is not already associated with - // a custom key store. To find the cluster ID, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // a custom key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // CloudHsmClusterId is a required field @@ -5570,9 +5595,9 @@ type CreateCustomKeyStoreInput struct { // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` - // Enter the password of the kmsuser (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) - // crypto user (CU) account in the specified AWS CloudHSM cluster. AWS KMS logs - // into the cluster as this user to manage key material on your behalf. + // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) + // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this + // user to manage key material on your behalf. // // This parameter tells AWS KMS the kmsuser account password; it does not change // the password in the AWS CloudHSM cluster. @@ -5582,7 +5607,7 @@ type CreateCustomKeyStoreInput struct { // Enter the content of the trust anchor certificate for the cluster. This is // the content of the customerCA.crt file that you created when you initialized - // the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). + // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). // // TrustAnchorCertificate is a required field TrustAnchorCertificate *string `min:"1" type:"string" required:"true"` @@ -5682,26 +5707,26 @@ func (s *CreateCustomKeyStoreOutput) SetCustomKeyStoreId(v string) *CreateCustom type CreateGrantInput struct { _ struct{} `type:"structure"` - // A structure that you can use to allow certain operations in the grant only - // when the desired encryption context is present. For more information about - // encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) - // in the AWS Key Management Service Developer Guide. + // Allows a cryptographic operation only when the encryption context matches + // or includes the encryption context specified in this structure. For more + // information about encryption context, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) + // in the AWS Key Management Service Developer Guide . Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // The principal that is given permission to perform the operations that the // grant permits. // - // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, IAM roles, federated users, and assumed role users. For examples of // the ARN syntax to use for specifying a principal, see AWS Identity and Access - // Management (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the AWS General Reference. // // GranteePrincipal is a required field @@ -5724,8 +5749,8 @@ type CreateGrantInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // A friendly name for identifying the grant. Use this value to prevent unintended - // creation of duplicate grants when retrying this request. + // A friendly name for identifying the grant. Use this value to prevent the + // unintended creation of duplicate grants when retrying this request. // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. @@ -5746,11 +5771,11 @@ type CreateGrantInput struct { // The principal that is given permission to retire the grant by using RetireGrant // operation. // - // To specify the principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, federated users, and assumed role users. For examples of the ARN syntax // to use for specifying a principal, see AWS Identity and Access Management - // (IAM) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the AWS General Reference. RetiringPrincipal *string `min:"1" type:"string"` } @@ -5848,7 +5873,7 @@ type CreateGrantOutput struct { // The grant token. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` } @@ -5883,8 +5908,8 @@ type CreateKeyInput struct { // Setting this value to true increases the risk that the CMK becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section in the AWS Key Management Service Developer Guide. + // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section in the AWS Key Management Service Developer Guide . // // Use this parameter only when you include a policy in the request and you // intend to prevent the principal that is making the request from making a @@ -5893,7 +5918,7 @@ type CreateKeyInput struct { // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` - // Creates the CMK in the specified custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) + // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and the key material in its associated AWS CloudHSM cluster. To create a // CMK in a custom key store, you must also specify the Origin parameter with // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with @@ -5905,7 +5930,7 @@ type CreateKeyInput struct { // The response includes the custom key store ID and the ID of the AWS CloudHSM // cluster. // - // This operation is part of the Custom Key Store feature (http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) + // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -5916,13 +5941,13 @@ type CreateKeyInput struct { // a task. Description *string `type:"string"` - // The intended use of the CMK. - // - // You can use CMKs only for symmetric encryption and decryption. + // The cryptographic operations for which you can use the CMK. The only valid + // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and + // decrypt data. KeyUsage *string `type:"string" enum:"KeyUsageType"` - // The source of the CMK's key material. You cannot change the origin after - // you create the CMK. + // The source of the key material for the CMK. You cannot change the origin + // after you create the CMK. // // The default is AWS_KMS, which means AWS KMS creates the key material in its // own key store. @@ -5930,11 +5955,11 @@ type CreateKeyInput struct { // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material // so that you can import key material from your existing key management infrastructure. // For more information about importing key material into AWS KMS, see Importing - // Key Material (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) + // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // - // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in a AWS - // KMS custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) + // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS + // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and creates its key material in the associated AWS CloudHSM cluster. You // must also use the CustomKeyStoreId parameter to identify the custom key store. Origin *string `type:"string" enum:"OriginType"` @@ -5947,8 +5972,8 @@ type CreateKeyInput struct { // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) - // section of the AWS Key Management Service Developer Guide. + // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // section of the AWS Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to AWS KMS. @@ -5956,11 +5981,11 @@ type CreateKeyInput struct { // you might need to enforce a delay before including the new principal in // a key policy because the new principal might not be immediately visible // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // // If you do not provide a key policy, AWS KMS attaches a default key policy - // to the CMK. For more information, see Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) + // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the AWS Key Management Service Developer Guide. // // The key policy size limit is 32 kilobytes (32768 bytes). @@ -6093,6 +6118,10 @@ type CustomKeyStoresListEntry struct { // not contain any active HSMs. To connect a custom key store to its AWS // CloudHSM cluster, the cluster must contain at least one active HSM. // + // * INTERNAL_ERROR - AWS KMS could not complete the request due to an internal + // error. Retry the request. For ConnectCustomKeyStore requests, disconnect + // the custom key store before trying to connect again. + // // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for // the kmsuser crypto user in the AWS CloudHSM cluster. // @@ -6106,7 +6135,7 @@ type CustomKeyStoresListEntry struct { // for the custom key store. // // For help with connection failures, see Troubleshooting Custom Key Stores - // (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` @@ -6123,7 +6152,7 @@ type CustomKeyStoresListEntry struct { // // A value of FAILED indicates that an attempt to connect was unsuccessful. // For help resolving a connection failure, see Troubleshooting a Custom Key - // Store (http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) + // Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` @@ -6137,7 +6166,7 @@ type CustomKeyStoresListEntry struct { CustomKeyStoreName *string `min:"1" type:"string"` // The trust anchor certificate of the associated AWS CloudHSM cluster. When - // you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. TrustAnchorCertificate *string `min:"1" type:"string"` } @@ -6206,12 +6235,12 @@ type DecryptInput struct { // The encryption context. If this was specified in the Encrypt function, it // must be specified here or the decryption operation will fail. For more information, - // see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). + // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` } @@ -6268,7 +6297,7 @@ type DecryptOutput struct { KeyId *string `min:"1" type:"string"` // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encdoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -6299,8 +6328,8 @@ func (s *DecryptOutput) SetPlaintext(v []byte) *DecryptOutput { type DeleteAliasInput struct { _ struct{} `type:"structure"` - // The alias to be deleted. The name must start with the word "alias" followed - // by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved. + // The alias to be deleted. The alias name must begin with alias/ followed by + // the alias name, such as alias/ExampleAlias. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` @@ -6411,8 +6440,8 @@ func (s DeleteCustomKeyStoreOutput) GoString() string { type DeleteImportedKeyMaterialInput struct { _ struct{} `type:"structure"` - // The identifier of the CMK whose key material to delete. The CMK's Origin - // must be EXTERNAL. + // Identifies the CMK from which you are deleting imported key material. The + // Origin of the CMK must be EXTERNAL. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -6574,7 +6603,7 @@ type DescribeCustomKeyStoresOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -6612,14 +6641,14 @@ type DescribeKeyInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // Describes the specified customer master key (CMK). // // If you specify a predefined AWS alias (an AWS alias with no key ID), KMS - // associates the alias with an AWS managed CMK (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) + // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // and returns its KeyId and Arn in the response. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, @@ -7026,12 +7055,12 @@ type EncryptInput struct { // Name-value pair that specifies the encryption context to be used for authenticated // encryption. If used here, the same value must be supplied to the Decrypt // API or decryption will fail. For more information, see Encryption Context - // (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). + // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -7125,7 +7154,7 @@ type EncryptOutput struct { _ struct{} `type:"structure"` // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value - // is Base64-encdoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -7161,18 +7190,17 @@ type GenerateDataKeyInput struct { // A set of key-value pairs that represents additional authenticated data. // - // For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The identifier of the CMK under which to generate and encrypt the data encryption - // key. + // An identifier for the CMK that encrypts the data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify @@ -7194,14 +7222,14 @@ type GenerateDataKeyInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The length of the data encryption key. Use AES_128 to generate a 128-bit - // symmetric key, or AES_256 to generate a 256-bit symmetric key. + // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, + // or AES_256 to generate a 256-bit symmetric key. KeySpec *string `type:"string" enum:"DataKeySpec"` - // The length of the data encryption key in bytes. For example, use the value - // 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key - // lengths (128-bit and 256-bit symmetric keys), we recommend that you use the - // KeySpec field instead of this one. + // The length of the data key in bytes. For example, use the value 64 to generate + // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit + // and 256-bit symmetric keys), we recommend that you use the KeySpec field + // instead of this one. NumberOfBytes *int64 `min:"1" type:"integer"` } @@ -7267,19 +7295,18 @@ func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` - // The encrypted data encryption key. When you use the HTTP API or the AWS CLI, - // the value is Base64-encdoded. Otherwise, it is not encoded. + // The encrypted copy of the data key. When you use the HTTP API or the AWS + // CLI, the value is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` - // The identifier of the CMK under which the data encryption key was generated - // and encrypted. + // The identifier of the CMK that encrypted the data key. KeyId *string `min:"1" type:"string"` - // The data encryption key. When you use the HTTP API or the AWS CLI, the value - // is Base64-encdoded. Otherwise, it is not encoded. Use this data key for local - // encryption and decryption, then remove it from memory as soon as possible. + // The plaintext data key. When you use the HTTP API or the AWS CLI, the value + // is Base64-encoded. Otherwise, it is not encoded. Use this data key to encrypt + // your data outside of KMS. Then, remove it from memory as soon as possible. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -7318,18 +7345,17 @@ type GenerateDataKeyWithoutPlaintextInput struct { // A set of key-value pairs that represents additional authenticated data. // - // For more information, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) + // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` - // The identifier of the customer master key (CMK) under which to generate and - // encrypt the data encryption key. + // The identifier of the customer master key (CMK) that encrypts the data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify @@ -7351,14 +7377,14 @@ type GenerateDataKeyWithoutPlaintextInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The length of the data encryption key. Use AES_128 to generate a 128-bit - // symmetric key, or AES_256 to generate a 256-bit symmetric key. + // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, + // or AES_256 to generate a 256-bit symmetric key. KeySpec *string `type:"string" enum:"DataKeySpec"` - // The length of the data encryption key in bytes. For example, use the value - // 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key - // lengths (128-bit and 256-bit symmetric keys), we recommend that you use the - // KeySpec field instead of this one. + // The length of the data key in bytes. For example, use the value 64 to generate + // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit + // and 256-bit symmetric keys), we recommend that you use the KeySpec field + // instead of this one. NumberOfBytes *int64 `min:"1" type:"integer"` } @@ -7424,14 +7450,13 @@ func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *Genera type GenerateDataKeyWithoutPlaintextOutput struct { _ struct{} `type:"structure"` - // The encrypted data encryption key. When you use the HTTP API or the AWS CLI, - // the value is Base64-encdoded. Otherwise, it is not encoded. + // The encrypted data key. When you use the HTTP API or the AWS CLI, the value + // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` - // The identifier of the CMK under which the data encryption key was generated - // and encrypted. + // The identifier of the CMK that encrypted the data key. KeyId *string `min:"1" type:"string"` } @@ -7461,7 +7486,7 @@ type GenerateRandomInput struct { _ struct{} `type:"structure"` // Generates the random byte string in the AWS CloudHSM cluster that is associated - // with the specified custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html). + // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. CustomKeyStoreId *string `min:"1" type:"string"` @@ -7511,7 +7536,7 @@ type GenerateRandomOutput struct { _ struct{} `type:"structure"` // The random byte string. When you use the HTTP API or the AWS CLI, the value - // is Base64-encdoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` @@ -7721,7 +7746,7 @@ type GetParametersForImportInput struct { // The algorithm you will use to encrypt the key material before importing it // with ImportKeyMaterial. For more information, see Encrypt the Key Material - // (http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) + // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) // in the AWS Key Management Service Developer Guide. // // WrappingAlgorithm is a required field @@ -7842,33 +7867,51 @@ func (s *GetParametersForImportOutput) SetPublicKey(v []byte) *GetParametersForI return s } -// A structure that you can use to allow certain operations in the grant only -// when the desired encryption context is present. For more information about -// encryption context, see Encryption Context (http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html) -// in the AWS Key Management Service Developer Guide. +// Use this structure to allow cryptographic operations in the grant only when +// the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). +// +// AWS KMS applies the grant constraints only when the grant allows a cryptographic +// operation that accepts an encryption context as input, such as the following. +// +// * Encrypt +// +// * Decrypt // -// Grant constraints apply only to operations that accept encryption context -// as input. For example, the DescribeKey operation does not accept encryption -// context as input. A grant that allows the DescribeKey operation does so regardless -// of the grant constraints. In constrast, the Encrypt operation accepts encryption -// context as input. A grant that allows the Encrypt operation does so only -// when the encryption context of the Encrypt operation satisfies the grant -// constraints. +// * GenerateDataKey +// +// * GenerateDataKeyWithoutPlaintext +// +// * ReEncrypt +// +// AWS KMS does not apply the grant constraints to other operations, such as +// DescribeKey or ScheduleKeyDeletion. +// +// In a cryptographic operation, the encryption context in the decryption operation +// must be an exact, case-sensitive match for the keys and values in the encryption +// context of the encryption operation. Only the order of the pairs can vary. +// +// However, in a grant constraint, the key in each key-value pair is not case +// sensitive, but the value is case sensitive. +// +// To avoid confusion, do not use multiple encryption context pairs that differ +// only by case. To require a fully case-sensitive encryption context, use the +// kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM +// or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) +// in the AWS Key Management Service Developer Guide . type GrantConstraints struct { _ struct{} `type:"structure"` - // A list of key-value pairs that must be present in the encryption context - // of certain subsequent operations that the grant allows. When certain subsequent - // operations allowed by the grant include encryption context that matches this - // list, the grant allows the operation. Otherwise, the grant does not allow - // the operation. + // A list of key-value pairs that must match the encryption context in the cryptographic + // operation request. The grant allows the operation only when the encryption + // context in the request is the same as the encryption context specified in + // this constraint. EncryptionContextEquals map[string]*string `type:"map"` - // A list of key-value pairs, all of which must be present in the encryption - // context of certain subsequent operations that the grant allows. When certain - // subsequent operations allowed by the grant include encryption context that - // matches this list or is a superset of this list, the grant allows the operation. - // Otherwise, the grant does not allow the operation. + // A list of key-value pairs that must be included in the encryption context + // of the cryptographic operation request. The grant allows the cryptographic + // operation only when the encryption context in the request includes the key-value + // pairs specified in this constraint, although it can include additional key-value + // pairs. EncryptionContextSubset map[string]*string `type:"map"` } @@ -8168,12 +8211,12 @@ type KeyMetadata struct { AWSAccountId *string `type:"string"` // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management - // Service (AWS KMS) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) + // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) // in the Example ARNs section of the AWS General Reference. Arn *string `min:"20" type:"string"` // The cluster ID of the AWS CloudHSM cluster that contains the key material - // for the CMK. When you create a CMK in a custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html), + // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM // cluster. This value is present only when the CMK is created in a custom key // store. @@ -8182,7 +8225,7 @@ type KeyMetadata struct { // The date and time when the CMK was created. CreationDate *time.Time `type:"timestamp"` - // A unique identifier for the custom key store (http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html) + // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // that contains the CMK. This value is present only when the CMK is created // in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` @@ -8207,21 +8250,22 @@ type KeyMetadata struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The CMK's manager. CMKs are either customer-managed or AWS-managed. For more - // information about the difference, see Customer Master Keys (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) + // The manager of the CMK. CMKs in your AWS account are either customer managed + // or AWS managed. For more information about the difference, see Customer Master + // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // in the AWS Key Management Service Developer Guide. KeyManager *string `type:"string" enum:"KeyManagerType"` // The state of the CMK. // // For more information about how key state affects the use of a CMK, see How - // Key State Affects the Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` - // The cryptographic operations for which you can use the CMK. Currently the - // only allowed value is ENCRYPT_DECRYPT, which means you can use the CMK for - // the Encrypt and Decrypt operations. + // The cryptographic operations for which you can use the CMK. The only valid + // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and + // decrypt data. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS @@ -8422,7 +8466,7 @@ type ListAliasesOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -8550,7 +8594,7 @@ type ListGrantsResponse struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -8608,7 +8652,7 @@ type ListKeyPoliciesInput struct { // This value is optional. If you include a value, it must be between 1 and // 1000, inclusive. If you do not include a value, it defaults to 100. // - // Currently only 1 policy can be attached to a key. + // Only one policy can be attached to a key. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with @@ -8674,13 +8718,12 @@ type ListKeyPoliciesOutput struct { // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` - // A list of key policy names. Currently, there is only one key policy per CMK - // and it is always named default. + // A list of key policy names. The only valid value is default. PolicyNames []*string `type:"list"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -8780,7 +8823,7 @@ type ListKeysOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -8912,7 +8955,7 @@ type ListResourceTagsOutput struct { // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, - // pass the value of the NextMarker element in this response to the Marker parameter + // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } @@ -8963,11 +9006,11 @@ type ListRetirableGrantsInput struct { // The retiring principal for which to list grants. // - // To specify the retiring principal, use the Amazon Resource Name (ARN) (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, federated users, and assumed role users. For examples of the ARN syntax // for specifying a principal, see AWS Identity and Access Management (IAM) - // (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) + // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the Amazon Web Services General Reference. // // RetiringPrincipal is a required field @@ -9032,7 +9075,7 @@ type PutKeyPolicyInput struct { // Setting this value to true increases the risk that the CMK becomes unmanageable. // Do not set this value to true indiscriminately. // - // For more information, refer to the scenario in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section in the AWS Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is @@ -9064,7 +9107,7 @@ type PutKeyPolicyInput struct { // must allow the principal that is making the PutKeyPolicy request to make // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that // the CMK becomes unmanageable. For more information, refer to the scenario - // in the Default Key Policy (http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) + // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section of the AWS Key Management Service Developer Guide. // // * Each statement in the key policy must contain one or more principals. @@ -9073,7 +9116,7 @@ type PutKeyPolicyInput struct { // you might need to enforce a delay before including the new principal in // a key policy because the new principal might not be immediately visible // to AWS KMS. For more information, see Changes that I make are not always - // immediately visible (http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) + // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // // The key policy size limit is 32 kilobytes (32768 bytes). @@ -9200,7 +9243,7 @@ type ReEncryptInput struct { // A list of grant tokens. // - // For more information, see Grant Tokens (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) + // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` @@ -9275,7 +9318,7 @@ type ReEncryptOutput struct { _ struct{} `type:"structure"` // The reencrypted data. When you use the HTTP API or the AWS CLI, the value - // is Base64-encdoded. Otherwise, it is not encoded. + // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` @@ -9581,7 +9624,7 @@ func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutpu // tag values are both required, but tag values can be empty (null) strings. // // For information about the rules that apply to tag keys and tag values, see -// User-Defined Tag Restrictions (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) +// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the AWS Billing and Cost Management User Guide. type Tag struct { _ struct{} `type:"structure"` @@ -9809,14 +9852,14 @@ func (s UntagResourceOutput) GoString() string { type UpdateAliasInput struct { _ struct{} `type:"structure"` - // String that contains the name of the alias to be modified. The name must - // start with the word "alias" followed by a forward slash (alias/). Aliases - // that begin with "alias/aws" are reserved. + // Specifies the name of the alias to change. This value must begin with alias/ + // followed by the alias name, such as alias/ExampleAlias. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` - // Unique identifier of the customer master key to be mapped to the alias. + // Unique identifier of the customer master key (CMK) to be mapped to the alias. + // When the update operation completes, the alias will point to this CMK. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // @@ -9898,12 +9941,12 @@ type UpdateCustomKeyStoreInput struct { // Associates the custom key store with a related AWS CloudHSM cluster. // // Enter the cluster ID of the cluster that you used to create the custom key - // store or a cluster that shares a backup history with the original cluster. - // You cannot use this parameter to associate a custom key store with a different - // cluster. - // - // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // store or a cluster that shares a backup history and has the same cluster + // certificate as the original cluster. You cannot use this parameter to associate + // a custom key store with an unrelated cluster. In addition, the replacement + // cluster must fulfill the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // for a cluster associated with a custom key store. To view the cluster certificate + // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. CloudHsmClusterId *string `min:"19" type:"string"` @@ -10100,6 +10143,9 @@ const ( // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" + // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value + ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" + // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go index fad9002e..c4c21250 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/doc.go @@ -6,7 +6,7 @@ // AWS Key Management Service (AWS KMS) is an encryption and key management // web service. This guide describes the AWS KMS operations that you can call // programmatically. For general information about AWS KMS, see the AWS Key -// Management Service Developer Guide (http://docs.aws.amazon.com/kms/latest/developerguide/). +// Management Service Developer Guide (https://docs.aws.amazon.com/kms/latest/developerguide/). // // AWS provides SDKs that consist of libraries and sample code for various programming // languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs @@ -30,11 +30,11 @@ // Requests must be signed by using an access key ID and a secret access key. // We strongly recommend that you do not use your AWS account (root) access // key ID and secret key for everyday work with AWS KMS. Instead, use the access -// key ID and secret access key for an IAM user, or you can use the AWS Security +// key ID and secret access key for an IAM user. You can also use the AWS Security // Token Service to generate temporary security credentials that you can use // to sign requests. // -// All AWS KMS operations require Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// All AWS KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // Logging API Requests // @@ -43,29 +43,29 @@ // you specify. By using the information collected by CloudTrail, you can determine // what requests were made to AWS KMS, who made the request, when it was made, // and so on. To learn more about CloudTrail, including how to turn it on and -// find your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// find your log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). // // Additional Resources // // For more information about credentials and request signing, see the following: // -// * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) -// - This topic provides general information about the of credentials used -// for accessing AWS. +// * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) +// - This topic provides general information about the types of credentials +// used for accessing AWS. // -// * Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) +// * Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) // - This section of the IAM User Guide describes how to create and use temporary // security credentials. // -// * Signature Version 4 Signing Process (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) +// * Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) // - This set of topics walks you through the process of signing a request // using an access key ID and a secret access key. // -// Commonly Used APIs +// Commonly Used API Operations // -// Of the APIs discussed in this guide, the following will prove the most useful -// for most applications. You will likely perform actions other than these, -// such as creating keys and assigning policies, by using the console. +// Of the API operations discussed in this guide, the following will prove the +// most useful for most applications. You will likely perform operations other +// than these, such as creating keys and assigning policies, by using the console. // // * Encrypt // diff --git a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go index e41edf66..e8ce42f3 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kms/errors.go @@ -20,7 +20,7 @@ const ( // associated with a different AWS CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterInUseException = "CloudHsmClusterInUseException" @@ -28,21 +28,35 @@ const ( // "CloudHsmClusterInvalidConfigurationException". // // The request was rejected because the associated AWS CloudHSM cluster did - // not meet the configuration requirements for a custom key store. The cluster - // must be configured with private subnets in at least two different Availability - // Zones in the Region. Also, it must contain at least as many HSMs as the operation - // requires. - // - // For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, - // the AWS CloudHSM cluster must have at least two active HSMs, each in a different - // Availability Zone. For the ConnectCustomKeyStore operation, the AWS CloudHSM - // must contain at least one active HSM. - // - // For information about creating a private subnet for a AWS CloudHSM cluster, - // see Create a Private Subnet (http://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) - // in the AWS CloudHSM User Guide. To add HSMs, use the AWS CloudHSM CreateHsm - // (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) - // operation. + // not meet the configuration requirements for a custom key store. + // + // * The cluster must be configured with private subnets in at least two + // different Availability Zones in the Region. + // + // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) + // (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound + // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound + // rules and the Destination in the outbound rules must match the security + // group ID. These rules are set by default when you create the cluster. + // Do not delete or change them. To get information about a particular security + // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) + // operation. + // + // * The cluster must contain at least as many HSMs as the operation requires. + // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) + // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey + // operations, the AWS CloudHSM cluster must have at least two active HSMs, + // each in a different Availability Zone. For the ConnectCustomKeyStore operation, + // the AWS CloudHSM must contain at least one active HSM. + // + // For information about the requirements for an AWS CloudHSM cluster that is + // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) + // in the AWS Key Management Service Developer Guide. For information about + // creating a private subnet for an AWS CloudHSM cluster, see Create a Private + // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) + // in the AWS CloudHSM User Guide. For information about cluster security groups, + // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) + // in the AWS CloudHSM User Guide . ErrCodeCloudHsmClusterInvalidConfigurationException = "CloudHsmClusterInvalidConfigurationException" // ErrCodeCloudHsmClusterNotActiveException for service response error code @@ -51,7 +65,7 @@ const ( // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started - // (http://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) + // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. ErrCodeCloudHsmClusterNotActiveException = "CloudHsmClusterNotActiveException" @@ -76,7 +90,7 @@ const ( // cluster. // // Clusters that share a backup history have the same cluster certificate. To - // view the cluster certificate of a cluster, use the DescribeClusters (http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) + // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. ErrCodeCloudHsmClusterNotRelatedException = "CloudHsmClusterNotRelatedException" @@ -161,7 +175,7 @@ const ( // The request was rejected because the trust anchor certificate in the request // is not the trust anchor certificate for the specified AWS CloudHSM cluster. // - // When you initialize the cluster (http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), + // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. ErrCodeIncorrectTrustAnchorException = "IncorrectTrustAnchorException" @@ -182,7 +196,8 @@ const ( // ErrCodeInvalidArnException for service response error code // "InvalidArnException". // - // The request was rejected because a specified ARN was not valid. + // The request was rejected because a specified ARN, or an ARN in a key policy, + // is not valid. ErrCodeInvalidArnException = "InvalidArnException" // ErrCodeInvalidCiphertextException for service response error code @@ -232,7 +247,7 @@ const ( // valid for this request. // // For more information about how key state affects the use of a CMK, see How - // Key State Affects Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) + // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. ErrCodeInvalidStateException = "KMSInvalidStateException" @@ -247,7 +262,7 @@ const ( // "LimitExceededException". // // The request was rejected because a limit was exceeded. For more information, - // see Limits (http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) + // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. ErrCodeLimitExceededException = "LimitExceededException" diff --git a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go index 9ff532ab..eac6c94d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/secretsmanager/api.go @@ -213,27 +213,27 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req // also creates an initial secret version and automatically attaches the staging // label AWSCURRENT to the new version. // -// If you call an operation that needs to encrypt or decrypt the SecretString -// or SecretBinary for a secret in the same account as the calling user and -// that secret doesn't specify a AWS KMS encryption key, Secrets Manager uses -// the account's default AWS managed customer master key (CMK) with the alias -// aws/secretsmanager. If this key doesn't already exist in your account then -// Secrets Manager creates it for you automatically. All users and roles in -// the same AWS account automatically have access to use the default CMK. Note -// that if an Secrets Manager API call results in AWS having to create the account's -// AWS-managed CMK, it can result in a one-time significant delay in returning -// the result. -// -// If the secret is in a different AWS account from the credentials calling -// an API that requires encryption or decryption of the secret value then you -// must create and use a custom AWS KMS CMK because you can't access the default -// CMK for the account using credentials from a different AWS account. Store -// the ARN of the CMK in the secret when you create the secret or when you update -// it by including it in the KMSKeyId. If you call an API that must encrypt -// or decrypt SecretString or SecretBinary using credentials from a different -// account then the AWS KMS key policy must grant cross-account access to that -// other account's user or role for both the kms:GenerateDataKey and kms:Decrypt -// operations. +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. // // Minimum permissions // @@ -251,7 +251,6 @@ func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *req // // * secretsmanager:TagResource - needed only if you include the Tags parameter. // -// // Related operations // // * To delete a secret, use DeleteSecret. @@ -509,15 +508,15 @@ func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *req // scheduled for deletion. If you need to access that information, you must // cancel the deletion with RestoreSecret and then retrieve the information. // -// There is no explicit operation to delete a version of a secret. Instead, -// remove all staging labels from the VersionStage field of a version. That -// marks the version as deprecated and allows Secrets Manager to delete it as -// needed. Versions that do not have any staging labels do not show up in ListSecretVersionIds -// unless you specify IncludeDeprecated. +// * There is no explicit operation to delete a version of a secret. Instead, +// remove all staging labels from the VersionStage field of a version. That +// marks the version as deprecated and allows Secrets Manager to delete it +// as needed. Versions that do not have any staging labels do not show up +// in ListSecretVersionIds unless you specify IncludeDeprecated. // -// The permanent secret deletion at the end of the waiting period is performed -// as a background task with low priority. There is no guarantee of a specific -// time after the recovery window for the actual delete operation to occur. +// * The permanent secret deletion at the end of the waiting period is performed +// as a background task with low priority. There is no guarantee of a specific +// time after the recovery window for the actual delete operation to occur. // // Minimum permissions // @@ -1142,7 +1141,7 @@ func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input // // Example iterating over at most 3 pages of a ListSecretVersionIds operation. // pageNum := 0 // err := client.ListSecretVersionIdsPages(params, -// func(page *ListSecretVersionIdsOutput, lastPage bool) bool { +// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -1302,7 +1301,7 @@ func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecr // // Example iterating over at most 3 pages of a ListSecrets operation. // pageNum := 0 // err := client.ListSecretsPages(params, -// func(page *ListSecretsOutput, lastPage bool) bool { +// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -1539,27 +1538,27 @@ func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req // However, if the secret data is different, then the operation fails because // you cannot modify an existing version; you can only create new ones. // -// If you call an operation that needs to encrypt or decrypt the SecretString -// or SecretBinary for a secret in the same account as the calling user and -// that secret doesn't specify a AWS KMS encryption key, Secrets Manager uses -// the account's default AWS managed customer master key (CMK) with the alias -// aws/secretsmanager. If this key doesn't already exist in your account then -// Secrets Manager creates it for you automatically. All users and roles in -// the same AWS account automatically have access to use the default CMK. Note -// that if an Secrets Manager API call results in AWS having to create the account's -// AWS-managed CMK, it can result in a one-time significant delay in returning -// the result. -// -// If the secret is in a different AWS account from the credentials calling -// an API that requires encryption or decryption of the secret value then you -// must create and use a custom AWS KMS CMK because you can't access the default -// CMK for the account using credentials from a different AWS account. Store -// the ARN of the CMK in the secret when you create the secret or when you update -// it by including it in the KMSKeyId. If you call an API that must encrypt -// or decrypt SecretString or SecretBinary using credentials from a different -// account then the AWS KMS key policy must grant cross-account access to that -// other account's user or role for both the kms:GenerateDataKey and kms:Decrypt -// operations. +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. // // Minimum permissions // @@ -2215,7 +2214,7 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req // UpdateSecret API operation for AWS Secrets Manager. // // Modifies many of the details of the specified secret. If you include a ClientRequestToken -// and eitherSecretString or SecretBinary then it also creates a new version +// and either SecretString or SecretBinary then it also creates a new version // attached to the secret. // // To modify the rotation configuration of a secret, use RotateSecret instead. @@ -2233,27 +2232,27 @@ func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *req // Secrets Manager automatically attaches the staging label AWSCURRENT to // the new version. // -// If you call an operation that needs to encrypt or decrypt the SecretString -// or SecretBinary for a secret in the same account as the calling user and -// that secret doesn't specify a AWS KMS encryption key, Secrets Manager uses -// the account's default AWS managed customer master key (CMK) with the alias -// aws/secretsmanager. If this key doesn't already exist in your account then -// Secrets Manager creates it for you automatically. All users and roles in -// the same AWS account automatically have access to use the default CMK. Note -// that if an Secrets Manager API call results in AWS having to create the account's -// AWS-managed CMK, it can result in a one-time significant delay in returning -// the result. -// -// If the secret is in a different AWS account from the credentials calling -// an API that requires encryption or decryption of the secret value then you -// must create and use a custom AWS KMS CMK because you can't access the default -// CMK for the account using credentials from a different AWS account. Store -// the ARN of the CMK in the secret when you create the secret or when you update -// it by including it in the KMSKeyId. If you call an API that must encrypt -// or decrypt SecretString or SecretBinary using credentials from a different -// account then the AWS KMS key policy must grant cross-account access to that -// other account's user or role for both the kms:GenerateDataKey and kms:Decrypt -// operations. +// * If you call an operation that needs to encrypt or decrypt the SecretString +// or SecretBinary for a secret in the same account as the calling user and +// that secret doesn't specify a AWS KMS encryption key, Secrets Manager +// uses the account's default AWS managed customer master key (CMK) with +// the alias aws/secretsmanager. If this key doesn't already exist in your +// account then Secrets Manager creates it for you automatically. All users +// and roles in the same AWS account automatically have access to use the +// default CMK. Note that if an Secrets Manager API call results in AWS having +// to create the account's AWS-managed CMK, it can result in a one-time significant +// delay in returning the result. +// +// * If the secret is in a different AWS account from the credentials calling +// an API that requires encryption or decryption of the secret value then +// you must create and use a custom AWS KMS CMK because you can't access +// the default CMK for the account using credentials from a different AWS +// account. Store the ARN of the CMK in the secret when you create the secret +// or when you update it by including it in the KMSKeyId. If you call an +// API that must encrypt or decrypt SecretString or SecretBinary using credentials +// from a different account then the AWS KMS key policy must grant cross-account +// access to that other account's user or role for both the kms:GenerateDataKey +// and kms:Decrypt operations. // // Minimum permissions // @@ -2696,14 +2695,14 @@ type CreateSecretInput struct { // secret. Each tag is a "Key" and "Value" pair of strings. This operation only // appends tags to the existing list of tags. To remove tags, you must use UntagResource. // - // Secrets Manager tag key names are case sensitive. A tag with the key "ABC" - // is a different tag from one with key "abc". + // * Secrets Manager tag key names are case sensitive. A tag with the key + // "ABC" is a different tag from one with key "abc". // - // If you check tags in IAM policy Condition elements as part of your security - // strategy, then adding or removing a tag can change permissions. If the successful - // completion of this operation would result in you losing your permissions - // for this secret, then this operation is blocked and returns an Access Denied - // error. + // * If you check tags in IAM policy Condition elements as part of your security + // strategy, then adding or removing a tag can change permissions. If the + // successful completion of this operation would result in you losing your + // permissions for this secret, then this operation is blocked and returns + // an Access Denied error. // // This parameter requires a JSON text string argument. For information on how // to format a JSON parameter for the various command line tool environments, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go index 7222e181..56615369 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/api.go @@ -59,8 +59,8 @@ func (c *SSM) AddTagsToResourceRequest(input *AddTagsToResourceInput) (req *requ // AddTagsToResource API operation for Amazon Simple Systems Manager (SSM). // // Adds or overwrites one or more tags for the specified resource. Tags are -// metadata that you can assign to your documents, managed instances, Maintenance -// Windows, Parameter Store parameters, and patch baselines. Tags enable you +// metadata that you can assign to your documents, managed instances, maintenance +// windows, Parameter Store parameters, and patch baselines. Tags enable you // to categorize your resources in different ways, for example, by purpose, // owner, or environment. Each tag consists of a key and an optional value, // both of which you define. For example, you could define a set of tags for @@ -273,7 +273,7 @@ func (c *SSM) CancelMaintenanceWindowExecutionRequest(input *CancelMaintenanceWi // CancelMaintenanceWindowExecution API operation for Amazon Simple Systems Manager (SSM). // -// Stops a Maintenance Window execution that is already in progress and cancels +// Stops a maintenance window execution that is already in progress and cancels // any tasks in the window that have not already starting running. (Tasks already // in progress will continue to completion.) // @@ -289,8 +289,8 @@ func (c *SSM) CancelMaintenanceWindowExecutionRequest(input *CancelMaintenanceWi // An error occurred on the server side. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -364,8 +364,8 @@ func (c *SSM) CreateActivationRequest(input *CreateActivationInput) (req *reques // Registers your on-premises server or virtual machine with Amazon EC2 so that // you can manage these resources using Run Command. An on-premises server or // virtual machine that has been registered with EC2 is called a managed instance. -// For more information about activations, see Setting Up Systems Manager in -// Hybrid Environments (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html). +// For more information about activations, see Setting Up AWS Systems Manager +// for Hybrid Environments (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -807,7 +807,7 @@ func (c *SSM) CreateMaintenanceWindowRequest(input *CreateMaintenanceWindowInput // CreateMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Creates a new Maintenance Window. +// Creates a new maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -823,7 +823,7 @@ func (c *SSM) CreateMaintenanceWindowRequest(input *CreateMaintenanceWindowInput // // * ErrCodeResourceLimitExceededException "ResourceLimitExceededException" // Error returned when the caller has exceeded the default resource limits. -// For example, too many Maintenance Windows or Patch baselines have been created. +// For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -916,7 +916,7 @@ func (c *SSM) CreatePatchBaselineRequest(input *CreatePatchBaselineInput) (req * // // * ErrCodeResourceLimitExceededException "ResourceLimitExceededException" // Error returned when the caller has exceeded the default resource limits. -// For example, too many Maintenance Windows or Patch baselines have been created. +// For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -1484,7 +1484,7 @@ func (c *SSM) DeleteMaintenanceWindowRequest(input *DeleteMaintenanceWindowInput // DeleteMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Deletes a Maintenance Window. +// Deletes a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2075,7 +2075,7 @@ func (c *SSM) DeregisterTargetFromMaintenanceWindowRequest(input *DeregisterTarg // DeregisterTargetFromMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Removes a target from a Maintenance Window. +// Removes a target from a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2086,8 +2086,8 @@ func (c *SSM) DeregisterTargetFromMaintenanceWindowRequest(input *DeregisterTarg // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -2165,7 +2165,7 @@ func (c *SSM) DeregisterTaskFromMaintenanceWindowRequest(input *DeregisterTaskFr // DeregisterTaskFromMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Removes a task from a Maintenance Window. +// Removes a task from a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2176,8 +2176,8 @@ func (c *SSM) DeregisterTaskFromMaintenanceWindowRequest(input *DeregisterTaskFr // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -2312,7 +2312,7 @@ func (c *SSM) DescribeActivationsWithContext(ctx aws.Context, input *DescribeAct // // Example iterating over at most 3 pages of a DescribeActivations operation. // pageNum := 0 // err := client.DescribeActivationsPages(params, -// func(page *DescribeActivationsOutput, lastPage bool) bool { +// func(page *ssm.DescribeActivationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3225,8 +3225,8 @@ func (c *SSM) DescribeEffectivePatchesForPatchBaselineRequest(input *DescribeEff // try again. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -3487,7 +3487,7 @@ func (c *SSM) DescribeInstanceInformationWithContext(ctx aws.Context, input *Des // // Example iterating over at most 3 pages of a DescribeInstanceInformation operation. // pageNum := 0 // err := client.DescribeInstanceInformationPages(params, -// func(page *DescribeInstanceInformationOutput, lastPage bool) bool { +// func(page *ssm.DescribeInstanceInformationOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -3855,7 +3855,7 @@ func (c *SSM) DescribeInventoryDeletionsRequest(input *DescribeInventoryDeletion // An error occurred on the server side. // // * ErrCodeInvalidDeletionIdException "InvalidDeletionIdException" -// The ID specified for the delete operation does not exist or is not valide. +// The ID specified for the delete operation does not exist or is not valid. // Verify the ID and try again. // // * ErrCodeInvalidNextToken "InvalidNextToken" @@ -3928,7 +3928,7 @@ func (c *SSM) DescribeMaintenanceWindowExecutionTaskInvocationsRequest(input *De // DescribeMaintenanceWindowExecutionTaskInvocations API operation for Amazon Simple Systems Manager (SSM). // // Retrieves the individual task executions (one per target) for a particular -// task run as part of a Maintenance Window execution. +// task run as part of a maintenance window execution. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3939,8 +3939,8 @@ func (c *SSM) DescribeMaintenanceWindowExecutionTaskInvocationsRequest(input *De // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -4014,7 +4014,7 @@ func (c *SSM) DescribeMaintenanceWindowExecutionTasksRequest(input *DescribeMain // DescribeMaintenanceWindowExecutionTasks API operation for Amazon Simple Systems Manager (SSM). // -// For a given Maintenance Window execution, lists the tasks that were run. +// For a given maintenance window execution, lists the tasks that were run. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4025,8 +4025,8 @@ func (c *SSM) DescribeMaintenanceWindowExecutionTasksRequest(input *DescribeMain // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -4100,9 +4100,9 @@ func (c *SSM) DescribeMaintenanceWindowExecutionsRequest(input *DescribeMaintena // DescribeMaintenanceWindowExecutions API operation for Amazon Simple Systems Manager (SSM). // -// Lists the executions of a Maintenance Window. This includes information about -// when the Maintenance Window was scheduled to be active, and information about -// tasks registered and run with the Maintenance Window. +// Lists the executions of a maintenance window. This includes information about +// when the maintenance window was scheduled to be active, and information about +// tasks registered and run with the maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4181,7 +4181,7 @@ func (c *SSM) DescribeMaintenanceWindowScheduleRequest(input *DescribeMaintenanc // DescribeMaintenanceWindowSchedule API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves information about upcoming executions of a Maintenance Window. +// Retrieves information about upcoming executions of a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4195,8 +4195,8 @@ func (c *SSM) DescribeMaintenanceWindowScheduleRequest(input *DescribeMaintenanc // An error occurred on the server side. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -4267,7 +4267,7 @@ func (c *SSM) DescribeMaintenanceWindowTargetsRequest(input *DescribeMaintenance // DescribeMaintenanceWindowTargets API operation for Amazon Simple Systems Manager (SSM). // -// Lists the targets registered with the Maintenance Window. +// Lists the targets registered with the maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4278,8 +4278,8 @@ func (c *SSM) DescribeMaintenanceWindowTargetsRequest(input *DescribeMaintenance // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -4353,7 +4353,7 @@ func (c *SSM) DescribeMaintenanceWindowTasksRequest(input *DescribeMaintenanceWi // DescribeMaintenanceWindowTasks API operation for Amazon Simple Systems Manager (SSM). // -// Lists the tasks in a Maintenance Window. +// Lists the tasks in a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4364,8 +4364,8 @@ func (c *SSM) DescribeMaintenanceWindowTasksRequest(input *DescribeMaintenanceWi // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -4439,7 +4439,7 @@ func (c *SSM) DescribeMaintenanceWindowsRequest(input *DescribeMaintenanceWindow // DescribeMaintenanceWindows API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves the Maintenance Windows in an AWS account. +// Retrieves the maintenance windows in an AWS account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4518,7 +4518,7 @@ func (c *SSM) DescribeMaintenanceWindowsForTargetRequest(input *DescribeMaintena // DescribeMaintenanceWindowsForTarget API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves information about the Maintenance Windows targets or tasks that +// Retrieves information about the maintenance window targets or tasks that // an instance is associated with. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4671,7 +4671,7 @@ func (c *SSM) DescribeParametersWithContext(ctx aws.Context, input *DescribePara // // Example iterating over at most 3 pages of a DescribeParameters operation. // pageNum := 0 // err := client.DescribeParametersPages(params, -// func(page *DescribeParametersOutput, lastPage bool) bool { +// func(page *ssm.DescribeParametersOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -4950,6 +4950,120 @@ func (c *SSM) DescribePatchGroupsWithContext(ctx aws.Context, input *DescribePat return out, req.Send() } +const opDescribePatchProperties = "DescribePatchProperties" + +// DescribePatchPropertiesRequest generates a "aws/request.Request" representing the +// client's request for the DescribePatchProperties operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribePatchProperties for more information on using the DescribePatchProperties +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribePatchPropertiesRequest method. +// req, resp := client.DescribePatchPropertiesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchProperties +func (c *SSM) DescribePatchPropertiesRequest(input *DescribePatchPropertiesInput) (req *request.Request, output *DescribePatchPropertiesOutput) { + op := &request.Operation{ + Name: opDescribePatchProperties, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DescribePatchPropertiesInput{} + } + + output = &DescribePatchPropertiesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribePatchProperties API operation for Amazon Simple Systems Manager (SSM). +// +// Lists the properties of available patches organized by product, product family, +// classification, severity, and other properties of available patches. You +// can use the reported properties in the filters you specify in requests for +// actions such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, +// and DescribePatchBaselines. +// +// The following section lists the properties that can be used in filters for +// each major operating system type: +// +// WINDOWS +// +// Valid properties: PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, MSRC_SEVERITY +// +// AMAZON_LINUX +// +// Valid properties: PRODUCT, CLASSIFICATION, SEVERITY +// +// AMAZON_LINUX_2 +// +// Valid properties: PRODUCT, CLASSIFICATION, SEVERITY +// +// UBUNTU +// +// Valid properties: PRODUCT, PRIORITY +// +// REDHAT_ENTERPRISE_LINUX +// +// Valid properties: PRODUCT, CLASSIFICATION, SEVERITY +// +// SUSE +// +// Valid properties: PRODUCT, CLASSIFICATION, SEVERITY +// +// CENTOS +// +// Valid properties: PRODUCT, CLASSIFICATION, SEVERITY +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Systems Manager (SSM)'s +// API operation DescribePatchProperties for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInternalServerError "InternalServerError" +// An error occurred on the server side. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribePatchProperties +func (c *SSM) DescribePatchProperties(input *DescribePatchPropertiesInput) (*DescribePatchPropertiesOutput, error) { + req, out := c.DescribePatchPropertiesRequest(input) + return out, req.Send() +} + +// DescribePatchPropertiesWithContext is the same as DescribePatchProperties with the addition of +// the ability to pass a context and additional request options. +// +// See DescribePatchProperties for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSM) DescribePatchPropertiesWithContext(ctx aws.Context, input *DescribePatchPropertiesInput, opts ...request.Option) (*DescribePatchPropertiesOutput, error) { + req, out := c.DescribePatchPropertiesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeSessions = "DescribeSessions" // DescribeSessionsRequest generates a "aws/request.Request" representing the @@ -5199,7 +5313,7 @@ func (c *SSM) GetCommandInvocationRequest(input *GetCommandInvocationInput) (req // // * ErrCodeInvocationDoesNotExist "InvocationDoesNotExist" // The command ID and instance ID you specified did not match any invocations. -// Verify the command ID adn the instance ID and try again. +// Verify the command ID and the instance ID and try again. // // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetCommandInvocation func (c *SSM) GetCommandInvocation(input *GetCommandInvocationInput) (*GetCommandInvocationOutput, error) { @@ -5450,6 +5564,13 @@ func (c *SSM) GetDeployablePatchSnapshotForInstanceRequest(input *GetDeployableP // not supported for the operating system. Valid operating systems include: // Windows, AmazonLinux, RedhatEnterpriseLinux, and Ubuntu. // +// * ErrCodeUnsupportedFeatureRequiredException "UnsupportedFeatureRequiredException" +// Microsoft application patching is only available on EC2 instances and Advanced +// Instances. To patch Microsoft applications on on-premises servers and VMs, +// you must enable Advanced Instances. For more information, see Using the Advanced-Instances +// Tier (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances-advanced.html) +// in the AWS Systems Manager User Guide. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetDeployablePatchSnapshotForInstance func (c *SSM) GetDeployablePatchSnapshotForInstance(input *GetDeployablePatchSnapshotForInstanceInput) (*GetDeployablePatchSnapshotForInstanceOutput, error) { req, out := c.GetDeployablePatchSnapshotForInstanceRequest(input) @@ -5786,7 +5907,7 @@ func (c *SSM) GetMaintenanceWindowRequest(input *GetMaintenanceWindowInput) (req // GetMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves a Maintenance Window. +// Retrieves a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5797,8 +5918,8 @@ func (c *SSM) GetMaintenanceWindowRequest(input *GetMaintenanceWindowInput) (req // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -5872,7 +5993,7 @@ func (c *SSM) GetMaintenanceWindowExecutionRequest(input *GetMaintenanceWindowEx // GetMaintenanceWindowExecution API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves details about a specific task run as part of a Maintenance Window +// Retrieves details about a specific task run as part of a maintenance window // execution. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5884,8 +6005,8 @@ func (c *SSM) GetMaintenanceWindowExecutionRequest(input *GetMaintenanceWindowEx // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -5959,8 +6080,8 @@ func (c *SSM) GetMaintenanceWindowExecutionTaskRequest(input *GetMaintenanceWind // GetMaintenanceWindowExecutionTask API operation for Amazon Simple Systems Manager (SSM). // -// Retrieves the details about a specific task run as part of a Maintenance -// Window execution. +// Retrieves the details about a specific task run as part of a maintenance +// window execution. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5971,8 +6092,8 @@ func (c *SSM) GetMaintenanceWindowExecutionTaskRequest(input *GetMaintenanceWind // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -6047,7 +6168,7 @@ func (c *SSM) GetMaintenanceWindowExecutionTaskInvocationRequest(input *GetMaint // GetMaintenanceWindowExecutionTaskInvocation API operation for Amazon Simple Systems Manager (SSM). // // Retrieves a task invocation. A task invocation is a specific task running -// on a specific target. Maintenance Windows report status for all invocations. +// on a specific target. maintenance windows report status for all invocations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6058,8 +6179,8 @@ func (c *SSM) GetMaintenanceWindowExecutionTaskInvocationRequest(input *GetMaint // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -6133,7 +6254,7 @@ func (c *SSM) GetMaintenanceWindowTaskRequest(input *GetMaintenanceWindowTaskInp // GetMaintenanceWindowTask API operation for Amazon Simple Systems Manager (SSM). // -// Lists the tasks in a Maintenance Window. +// Lists the tasks in a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6144,8 +6265,8 @@ func (c *SSM) GetMaintenanceWindowTaskRequest(input *GetMaintenanceWindowTaskInp // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -6370,7 +6491,7 @@ func (c *SSM) GetParameterHistoryWithContext(ctx aws.Context, input *GetParamete // // Example iterating over at most 3 pages of a GetParameterHistory operation. // pageNum := 0 // err := client.GetParameterHistoryPages(params, -// func(page *GetParameterHistoryOutput, lastPage bool) bool { +// func(page *ssm.GetParameterHistoryOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -6616,7 +6737,7 @@ func (c *SSM) GetParametersByPathWithContext(ctx aws.Context, input *GetParamete // // Example iterating over at most 3 pages of a GetParametersByPath operation. // pageNum := 0 // err := client.GetParametersByPathPages(params, -// func(page *GetParametersByPathOutput, lastPage bool) bool { +// func(page *ssm.GetParametersByPathOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -6710,8 +6831,8 @@ func (c *SSM) GetPatchBaselineRequest(input *GetPatchBaselineInput) (req *reques // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -7227,7 +7348,7 @@ func (c *SSM) ListAssociationsWithContext(ctx aws.Context, input *ListAssociatio // // Example iterating over at most 3 pages of a ListAssociations operation. // pageNum := 0 // err := client.ListAssociationsPages(params, -// func(page *ListAssociationsOutput, lastPage bool) bool { +// func(page *ssm.ListAssociationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -7389,7 +7510,7 @@ func (c *SSM) ListCommandInvocationsWithContext(ctx aws.Context, input *ListComm // // Example iterating over at most 3 pages of a ListCommandInvocations operation. // pageNum := 0 // err := client.ListCommandInvocationsPages(params, -// func(page *ListCommandInvocationsOutput, lastPage bool) bool { +// func(page *ssm.ListCommandInvocationsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -7547,7 +7668,7 @@ func (c *SSM) ListCommandsWithContext(ctx aws.Context, input *ListCommandsInput, // // Example iterating over at most 3 pages of a ListCommands operation. // pageNum := 0 // err := client.ListCommandsPages(params, -// func(page *ListCommandsOutput, lastPage bool) bool { +// func(page *ssm.ListCommandsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -7958,7 +8079,7 @@ func (c *SSM) ListDocumentsWithContext(ctx aws.Context, input *ListDocumentsInpu // // Example iterating over at most 3 pages of a ListDocuments operation. // pageNum := 0 // err := client.ListDocumentsPages(params, -// func(page *ListDocumentsOutput, lastPage bool) bool { +// func(page *ssm.ListDocumentsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -8832,6 +8953,22 @@ func (c *SSM) PutParameterRequest(input *PutParameterInput) (req *request.Reques // * ErrCodeUnsupportedParameterType "UnsupportedParameterType" // The parameter type is not supported. // +// * ErrCodePoliciesLimitExceededException "PoliciesLimitExceededException" +// You specified more than the maximum number of allowed policies for the parameter. +// The maximum is 10. +// +// * ErrCodeInvalidPolicyTypeException "InvalidPolicyTypeException" +// The policy type is not supported. Parameter Store supports the following +// policy types: Expiration, ExpirationNotification, and NoChangeNotification. +// +// * ErrCodeInvalidPolicyAttributeException "InvalidPolicyAttributeException" +// A policy attribute or its value is invalid. +// +// * ErrCodeIncompatiblePolicyException "IncompatiblePolicyException" +// There is a conflict in the policies specified for this parameter. You can't, +// for example, specify two Expiration policies for a parameter. Review your +// policies, and try again. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/PutParameter func (c *SSM) PutParameter(input *PutParameterInput) (*PutParameterOutput, error) { req, out := c.PutParameterRequest(input) @@ -8913,8 +9050,8 @@ func (c *SSM) RegisterDefaultPatchBaselineRequest(input *RegisterDefaultPatchBas // try again. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9003,8 +9140,8 @@ func (c *SSM) RegisterPatchBaselineForPatchGroupRequest(input *RegisterPatchBase // baseline that is already registered with a different patch baseline. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9015,7 +9152,7 @@ func (c *SSM) RegisterPatchBaselineForPatchGroupRequest(input *RegisterPatchBase // // * ErrCodeResourceLimitExceededException "ResourceLimitExceededException" // Error returned when the caller has exceeded the default resource limits. -// For example, too many Maintenance Windows or Patch baselines have been created. +// For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9089,7 +9226,7 @@ func (c *SSM) RegisterTargetWithMaintenanceWindowRequest(input *RegisterTargetWi // RegisterTargetWithMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Registers a target with a Maintenance Window. +// Registers a target with a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9104,15 +9241,15 @@ func (c *SSM) RegisterTargetWithMaintenanceWindowRequest(input *RegisterTargetWi // don't match the original call to the API with the same idempotency token. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). // // * ErrCodeResourceLimitExceededException "ResourceLimitExceededException" // Error returned when the caller has exceeded the default resource limits. -// For example, too many Maintenance Windows or Patch baselines have been created. +// For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9186,7 +9323,7 @@ func (c *SSM) RegisterTaskWithMaintenanceWindowRequest(input *RegisterTaskWithMa // RegisterTaskWithMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Adds a new task to a Maintenance Window. +// Adds a new task to a maintenance window. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9201,15 +9338,15 @@ func (c *SSM) RegisterTaskWithMaintenanceWindowRequest(input *RegisterTaskWithMa // don't match the original call to the API with the same idempotency token. // // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). // // * ErrCodeResourceLimitExceededException "ResourceLimitExceededException" // Error returned when the caller has exceeded the default resource limits. -// For example, too many Maintenance Windows or Patch baselines have been created. +// For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9496,8 +9633,8 @@ func (c *SSM) ResumeSessionRequest(input *ResumeSessionInput) (req *request.Requ // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -9984,8 +10121,7 @@ func (c *SSM) StartSessionRequest(input *StartSessionInput) (req *request.Reques // // AWS CLI usage: start-session is an interactive command that requires the // Session Manager plugin to be installed on the client machine making the call. -// For information, see Install the Session Manager Plugin for the AWS CLI -// (http://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) +// For information, see Install the Session Manager Plugin for the AWS CLI (http://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) // in the AWS Systems Manager User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10174,8 +10310,8 @@ func (c *SSM) TerminateSessionRequest(input *TerminateSessionInput) (req *reques // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -10678,7 +10814,7 @@ func (c *SSM) UpdateMaintenanceWindowRequest(input *UpdateMaintenanceWindowInput // UpdateMaintenanceWindow API operation for Amazon Simple Systems Manager (SSM). // -// Updates an existing Maintenance Window. Only specified parameters are modified. +// Updates an existing maintenance window. Only specified parameters are modified. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10689,8 +10825,8 @@ func (c *SSM) UpdateMaintenanceWindowRequest(input *UpdateMaintenanceWindowInput // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -10764,7 +10900,7 @@ func (c *SSM) UpdateMaintenanceWindowTargetRequest(input *UpdateMaintenanceWindo // UpdateMaintenanceWindowTarget API operation for Amazon Simple Systems Manager (SSM). // -// Modifies the target of an existing Maintenance Window. You can't change the +// Modifies the target of an existing maintenance window. You can't change the // target type, but you can change the following: // // The target from being an ID target to a Tag target, or a Tag target to an @@ -10791,8 +10927,8 @@ func (c *SSM) UpdateMaintenanceWindowTargetRequest(input *UpdateMaintenanceWindo // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -10866,7 +11002,7 @@ func (c *SSM) UpdateMaintenanceWindowTaskRequest(input *UpdateMaintenanceWindowT // UpdateMaintenanceWindowTask API operation for Amazon Simple Systems Manager (SSM). // -// Modifies a task assigned to a Maintenance Window. You can't change the task +// Modifies a task assigned to a maintenance window. You can't change the task // type, but you can change the following values: // // * TaskARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript @@ -10896,8 +11032,8 @@ func (c *SSM) UpdateMaintenanceWindowTaskRequest(input *UpdateMaintenanceWindowT // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -11082,8 +11218,8 @@ func (c *SSM) UpdatePatchBaselineRequest(input *UpdatePatchBaselineInput) (req * // // Returned Error Codes: // * ErrCodeDoesNotExistException "DoesNotExistException" -// Error returned when the ID specified for a resource, such as a Maintenance -// Window or Patch baseline, doesn't exist. +// Error returned when the ID specified for a resource, such as a maintenance +// window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -11340,7 +11476,7 @@ type AddTagsToResourceInput struct { // For the Document and Parameter values, use the name of the resource. // // The ManagedInstance type for this API action is only for on-premises managed - // instances. You must specify the the name of the managed instance in the following + // instances. You must specify the name of the managed instance in the following // format: mi-ID_number. For example, mi-1a2b3c4d5e6f. // // ResourceId is a required field @@ -11349,7 +11485,7 @@ type AddTagsToResourceInput struct { // Specifies the type of resource you are tagging. // // The ManagedInstance type for this API action is for on-premises managed instances. - // You must specify the the name of the managed instance in the following format: + // You must specify the name of the managed instance in the following format: // mi-ID_number. For example, mi-1a2b3c4d5e6f. // // ResourceType is a required field @@ -11774,9 +11910,7 @@ type AssociationExecution struct { // Detailed status information about the execution. DetailedStatus *string `type:"string"` - // The execution ID for the association. If the association does not run at - // intervals or according to a schedule, then the ExecutionID is the same as - // the AssociationID. + // The execution ID for the association. ExecutionId *string `type:"string"` // The date of the last execution. @@ -11931,8 +12065,7 @@ type AssociationExecutionTarget struct { // Detailed information about the execution status. DetailedStatus *string `type:"string"` - // The execution ID. If the association does not run at intervals or according - // to a schedule, then the ExecutionID is the same as the AssociationID. + // The execution ID. ExecutionId *string `type:"string"` // The date of the last execution. @@ -13137,7 +13270,7 @@ func (s CancelCommandOutput) GoString() string { type CancelMaintenanceWindowExecutionInput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window execution to stop. + // The ID of the maintenance window execution to stop. // // WindowExecutionId is a required field WindowExecutionId *string `min:"36" type:"string" required:"true"` @@ -13178,7 +13311,7 @@ func (s *CancelMaintenanceWindowExecutionInput) SetWindowExecutionId(v string) * type CancelMaintenanceWindowExecutionOutput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window execution that has been stopped. + // The ID of the maintenance window execution that has been stopped. WindowExecutionId *string `min:"36" type:"string"` } @@ -13545,33 +13678,17 @@ type CommandFilter struct { // before July 7, 2018. // // * Status: Specify a valid command status to see a list of all command - // executions with that status. Status values you can specify include: - // - // Pending - // - // InProgress - // - // Success - // - // Cancelled - // - // Failed - // - // TimedOut - // - // Cancelling + // executions with that status. Status values you can specify include: Pending + // InProgress Success Cancelled Failed TimedOut Cancelling // // * DocumentName: Specify name of the SSM document for which you want to // see command execution results. For example, specify AWS-RunPatchBaseline // to see command executions that used this SSM document to perform security // patching operations on instances. // - // * ExecutionStage: Specify one of the following values: - // - // Executing: Returns a list of command executions that are currently still - // running. - // - // Complete: Returns a list of command executions that have already completed. + // * ExecutionStage: Specify one of the following values: Executing: Returns + // a list of command executions that are currently still running. Complete: + // Returns a list of command executions that have already completed. // // Value is a required field Value *string `locationName:"value" min:"1" type:"string" required:"true"` @@ -14937,7 +15054,7 @@ type CreateAssociationInput struct { // An Amazon S3 bucket where you want to store the output details of the request. OutputLocation *InstanceAssociationOutputLocation `type:"structure"` - // The parameters for the documents runtime configuration. + // The parameters for the runtime configuration of the document. Parameters map[string][]*string `type:"map"` // A cron expression when the association will be applied to the target(s). @@ -15117,11 +15234,11 @@ type CreateDocumentInput struct { // Do not use the following to begin the names of documents you create. They // are reserved by AWS for use as document prefixes: // - // aws + // * aws // - // amazon + // * amazon // - // amzn + // * amzn // // Name is a required field Name *string `type:"string" required:"true"` @@ -15277,13 +15394,13 @@ func (s *CreateDocumentOutput) SetDocumentDescription(v *DocumentDescription) *C type CreateMaintenanceWindowInput struct { _ struct{} `type:"structure"` - // Enables a Maintenance Window task to run on managed instances, even if you + // Enables a maintenance window task to run on managed instances, even if you // have not registered those instances as targets. If enabled, then you must // specify the unregistered instances (by instance ID) when you register a task - // with the Maintenance Window + // with the maintenance window. // // If you don't enable this option, then you must specify previously-registered - // targets when you register a task with the Maintenance Window. + // targets when you register a task with the maintenance window. // // AllowUnassociatedTargets is a required field AllowUnassociatedTargets *bool `type:"boolean" required:"true"` @@ -15291,50 +15408,50 @@ type CreateMaintenanceWindowInput struct { // User-provided idempotency token. ClientToken *string `min:"1" type:"string" idempotencyToken:"true"` - // The number of hours before the end of the Maintenance Window that Systems + // The number of hours before the end of the maintenance window that Systems // Manager stops scheduling new tasks for execution. // // Cutoff is a required field Cutoff *int64 `type:"integer" required:"true"` - // An optional description for the Maintenance Window. We recommend specifying - // a description to help you organize your Maintenance Windows. + // An optional description for the maintenance window. We recommend specifying + // a description to help you organize your maintenance windows. Description *string `min:"1" type:"string" sensitive:"true"` - // The duration of the Maintenance Window in hours. + // The duration of the maintenance window in hours. // // Duration is a required field Duration *int64 `min:"1" type:"integer" required:"true"` - // The date and time, in ISO-8601 Extended format, for when you want the Maintenance - // Window to become inactive. EndDate allows you to set a date and time in the - // future when the Maintenance Window will no longer run. + // The date and time, in ISO-8601 Extended format, for when you want the maintenance + // window to become inactive. EndDate allows you to set a date and time in the + // future when the maintenance window will no longer run. EndDate *string `type:"string"` - // The name of the Maintenance Window. + // The name of the maintenance window. // // Name is a required field Name *string `min:"3" type:"string" required:"true"` - // The schedule of the Maintenance Window in the form of a cron or rate expression. + // The schedule of the maintenance window in the form of a cron or rate expression. // // Schedule is a required field Schedule *string `min:"1" type:"string" required:"true"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", // "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database // (https://www.iana.org/time-zones) on the IANA website. ScheduleTimezone *string `type:"string"` - // The date and time, in ISO-8601 Extended format, for when you want the Maintenance - // Window to become active. StartDate allows you to delay activation of the - // Maintenance Window until the specified future date. + // The date and time, in ISO-8601 Extended format, for when you want the maintenance + // window to become active. StartDate allows you to delay activation of the + // maintenance window until the specified future date. StartDate *string `type:"string"` // Optional metadata that you assign to a resource. Tags enable you to categorize // a resource in different ways, such as by purpose, owner, or environment. - // For example, you might want to tag a Maintenance Window to identify the type + // For example, you might want to tag a maintenance window to identify the type // of tasks it will run, the types of targets, and the environment it will run // in. In this case, you could specify the following key name/value pairs: // @@ -15344,7 +15461,7 @@ type CreateMaintenanceWindowInput struct { // // * Key=Environment,Value=Production // - // To add tags to an existing Maintenance Window, use the AddTagsToResource + // To add tags to an existing maintenance window, use the AddTagsToResource // action. Tags []*Tag `type:"list"` } @@ -15478,7 +15595,7 @@ func (s *CreateMaintenanceWindowInput) SetTags(v []*Tag) *CreateMaintenanceWindo type CreateMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the created Maintenance Window. + // The ID of the created maintenance window. WindowId *string `min:"20" type:"string"` } @@ -15508,7 +15625,7 @@ type CreatePatchBaselineInput struct { // // For information about accepted formats for lists of approved patches and // rejected patches, see Package Name Formats for Approved and Rejected Patch - // Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) + // Lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the AWS Systems Manager User Guide. ApprovedPatches []*string `type:"list"` @@ -15544,7 +15661,7 @@ type CreatePatchBaselineInput struct { // // For information about accepted formats for lists of approved patches and // rejected patches, see Package Name Formats for Approved and Rejected Patch - // Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) + // Lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the AWS Systems Manager User Guide. RejectedPatches []*string `type:"list"` @@ -15998,7 +16115,7 @@ type DeleteInventoryInput struct { // DisableSchema: If you choose this option, the system ignores all inventory // data for the specified version, and any earlier versions. To enable this // schema again, you must call the PutInventory action for a version greater - // than the disbled version. + // than the disabled version. // // DeleteSchema: This option deletes the specified custom type from the Inventory // service. You can recreate the schema later, if you want. @@ -16113,7 +16230,7 @@ func (s *DeleteInventoryOutput) SetTypeName(v string) *DeleteInventoryOutput { type DeleteMaintenanceWindowInput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window to delete. + // The ID of the maintenance window to delete. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -16154,7 +16271,7 @@ func (s *DeleteMaintenanceWindowInput) SetWindowId(v string) *DeleteMaintenanceW type DeleteMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the deleted Maintenance Window. + // The ID of the deleted maintenance window. WindowId *string `min:"20" type:"string"` } @@ -16570,10 +16687,10 @@ type DeregisterTargetFromMaintenanceWindowInput struct { // The system checks if the target is being referenced by a task. If the target // is being referenced, the system returns an error and does not deregister - // the target from the Maintenance Window. + // the target from the maintenance window. Safe *bool `type:"boolean"` - // The ID of the Maintenance Window the target should be removed from. + // The ID of the maintenance window the target should be removed from. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -16637,7 +16754,7 @@ func (s *DeregisterTargetFromMaintenanceWindowInput) SetWindowTargetId(v string) type DeregisterTargetFromMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window the target was removed from. + // The ID of the maintenance window the target was removed from. WindowId *string `min:"20" type:"string"` // The ID of the removed target definition. @@ -16669,12 +16786,12 @@ func (s *DeregisterTargetFromMaintenanceWindowOutput) SetWindowTargetId(v string type DeregisterTaskFromMaintenanceWindowInput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window the task should be removed from. + // The ID of the maintenance window the task should be removed from. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` - // The ID of the task to remove from the Maintenance Window. + // The ID of the task to remove from the maintenance window. // // WindowTaskId is a required field WindowTaskId *string `min:"36" type:"string" required:"true"` @@ -16727,10 +16844,10 @@ func (s *DeregisterTaskFromMaintenanceWindowInput) SetWindowTaskId(v string) *De type DeregisterTaskFromMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window the task was removed from. + // The ID of the maintenance window the task was removed from. WindowId *string `min:"20" type:"string"` - // The ID of the task removed from the Maintenance Window. + // The ID of the task removed from the maintenance window. WindowTaskId *string `min:"36" type:"string"` } @@ -18569,13 +18686,13 @@ type DescribeMaintenanceWindowExecutionTaskInvocationsInput struct { // a previous call.) NextToken *string `type:"string"` - // The ID of the specific task in the Maintenance Window task that should be + // The ID of the specific task in the maintenance window task that should be // retrieved. // // TaskId is a required field TaskId *string `min:"36" type:"string" required:"true"` - // The ID of the Maintenance Window execution the task is part of. + // The ID of the maintenance window execution the task is part of. // // WindowExecutionId is a required field WindowExecutionId *string `min:"36" type:"string" required:"true"` @@ -18706,7 +18823,7 @@ type DescribeMaintenanceWindowExecutionTasksInput struct { // a previous call.) NextToken *string `type:"string"` - // The ID of the Maintenance Window execution whose task executions should be + // The ID of the maintenance window execution whose task executions should be // retrieved. // // WindowExecutionId is a required field @@ -18831,7 +18948,7 @@ type DescribeMaintenanceWindowExecutionsInput struct { // a previous call.) NextToken *string `type:"string"` - // The ID of the Maintenance Window whose executions should be retrieved. + // The ID of the maintenance window whose executions should be retrieved. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -18907,7 +19024,7 @@ type DescribeMaintenanceWindowExecutionsOutput struct { // items to return, the string is empty. NextToken *string `type:"string"` - // Information about the Maintenance Windows execution. + // Information about the maintenance window executions. WindowExecutions []*MaintenanceWindowExecution `type:"list"` } @@ -18936,8 +19053,8 @@ func (s *DescribeMaintenanceWindowExecutionsOutput) SetWindowExecutions(v []*Mai type DescribeMaintenanceWindowScheduleInput struct { _ struct{} `type:"structure"` - // Filters used to limit the range of results. For example, you can limit Maintenance - // Window executions to only those scheduled before or after a certain date + // Filters used to limit the range of results. For example, you can limit maintenance + // window executions to only those scheduled before or after a certain date // and time. Filters []*PatchOrchestratorFilter `type:"list"` @@ -18957,7 +19074,7 @@ type DescribeMaintenanceWindowScheduleInput struct { // The instance ID or key/value pair to retrieve information about. Targets []*Target `type:"list"` - // The ID of the Maintenance Window to retrieve information about. + // The ID of the maintenance window to retrieve information about. WindowId *string `min:"20" type:"string"` } @@ -19050,7 +19167,7 @@ type DescribeMaintenanceWindowScheduleOutput struct { // next call.) NextToken *string `type:"string"` - // Information about Maintenance Window executions scheduled for the specified + // Information about maintenance window executions scheduled for the specified // time range. ScheduledWindowExecutions []*ScheduledWindowExecution `type:"list"` } @@ -19093,7 +19210,7 @@ type DescribeMaintenanceWindowTargetsInput struct { // a previous call.) NextToken *string `type:"string"` - // The ID of the Maintenance Window whose targets should be retrieved. + // The ID of the maintenance window whose targets should be retrieved. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -19169,7 +19286,7 @@ type DescribeMaintenanceWindowTargetsOutput struct { // items to return, the string is empty. NextToken *string `type:"string"` - // Information about the targets in the Maintenance Window. + // Information about the targets in the maintenance window. Targets []*MaintenanceWindowTarget `type:"list"` } @@ -19211,7 +19328,7 @@ type DescribeMaintenanceWindowTasksInput struct { // a previous call.) NextToken *string `type:"string"` - // The ID of the Maintenance Window whose tasks should be retrieved. + // The ID of the maintenance window whose tasks should be retrieved. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -19287,7 +19404,7 @@ type DescribeMaintenanceWindowTasksOutput struct { // items to return, the string is empty. NextToken *string `type:"string"` - // Information about the tasks in the Maintenance Window. + // Information about the tasks in the maintenance window. Tasks []*MaintenanceWindowTask `type:"list"` } @@ -19407,7 +19524,7 @@ type DescribeMaintenanceWindowsForTargetOutput struct { // next call.) NextToken *string `type:"string"` - // Information about the Maintenance Window targets and tasks an instance is + // Information about the maintenance window targets and tasks an instance is // associated with. WindowIdentities []*MaintenanceWindowIdentityForTarget `type:"list"` } @@ -19437,8 +19554,8 @@ func (s *DescribeMaintenanceWindowsForTargetOutput) SetWindowIdentities(v []*Mai type DescribeMaintenanceWindowsInput struct { _ struct{} `type:"structure"` - // Optional filters used to narrow down the scope of the returned Maintenance - // Windows. Supported filter keys are Name and Enabled. + // Optional filters used to narrow down the scope of the returned maintenance + // windows. Supported filter keys are Name and Enabled. Filters []*MaintenanceWindowFilter `type:"list"` // The maximum number of items to return for this call. The call also returns @@ -19509,7 +19626,7 @@ type DescribeMaintenanceWindowsOutput struct { // items to return, the string is empty. NextToken *string `type:"string"` - // Information about the Maintenance Windows. + // Information about the maintenance windows. WindowIdentities []*MaintenanceWindowIdentity `type:"list"` } @@ -19827,6 +19944,10 @@ type DescribePatchGroupStateOutput struct { // The number of instances with patches that aren't applicable. InstancesWithNotApplicablePatches *int64 `type:"integer"` + + // The number of instances with NotApplicable patches beyond the supported limit, + // which are not reported by name to Systems Manager Inventory. + InstancesWithUnreportedNotApplicablePatches *int64 `type:"integer"` } // String returns the string representation @@ -19881,6 +20002,12 @@ func (s *DescribePatchGroupStateOutput) SetInstancesWithNotApplicablePatches(v i return s } +// SetInstancesWithUnreportedNotApplicablePatches sets the InstancesWithUnreportedNotApplicablePatches field's value. +func (s *DescribePatchGroupStateOutput) SetInstancesWithUnreportedNotApplicablePatches(v int64) *DescribePatchGroupStateOutput { + s.InstancesWithUnreportedNotApplicablePatches = &v + return s +} + type DescribePatchGroupsInput struct { _ struct{} `type:"structure"` @@ -19983,6 +20110,125 @@ func (s *DescribePatchGroupsOutput) SetNextToken(v string) *DescribePatchGroupsO return s } +type DescribePatchPropertiesInput struct { + _ struct{} `type:"structure"` + + // The maximum number of items to return for this call. The call also returns + // a token that you can specify in a subsequent call to get the next set of + // results. + MaxResults *int64 `min:"1" type:"integer"` + + // The token for the next set of items to return. (You received this token from + // a previous call.) + NextToken *string `type:"string"` + + // The operating system type for which to list patches. + // + // OperatingSystem is a required field + OperatingSystem *string `type:"string" required:"true" enum:"OperatingSystem"` + + // Indicates whether to list patches for the Windows operating system or for + // Microsoft applications. Not applicable for Linux operating systems. + PatchSet *string `type:"string" enum:"PatchSet"` + + // The patch property for which you want to view patch details. + // + // Property is a required field + Property *string `type:"string" required:"true" enum:"PatchProperty"` +} + +// String returns the string representation +func (s DescribePatchPropertiesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePatchPropertiesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribePatchPropertiesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribePatchPropertiesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.OperatingSystem == nil { + invalidParams.Add(request.NewErrParamRequired("OperatingSystem")) + } + if s.Property == nil { + invalidParams.Add(request.NewErrParamRequired("Property")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribePatchPropertiesInput) SetMaxResults(v int64) *DescribePatchPropertiesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribePatchPropertiesInput) SetNextToken(v string) *DescribePatchPropertiesInput { + s.NextToken = &v + return s +} + +// SetOperatingSystem sets the OperatingSystem field's value. +func (s *DescribePatchPropertiesInput) SetOperatingSystem(v string) *DescribePatchPropertiesInput { + s.OperatingSystem = &v + return s +} + +// SetPatchSet sets the PatchSet field's value. +func (s *DescribePatchPropertiesInput) SetPatchSet(v string) *DescribePatchPropertiesInput { + s.PatchSet = &v + return s +} + +// SetProperty sets the Property field's value. +func (s *DescribePatchPropertiesInput) SetProperty(v string) *DescribePatchPropertiesInput { + s.Property = &v + return s +} + +type DescribePatchPropertiesOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of items to return. (You use this token in the + // next call.) + NextToken *string `type:"string"` + + // A list of the properties for patches matching the filter request parameters. + Properties []map[string]*string `type:"list"` +} + +// String returns the string representation +func (s DescribePatchPropertiesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribePatchPropertiesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribePatchPropertiesOutput) SetNextToken(v string) *DescribePatchPropertiesOutput { + s.NextToken = &v + return s +} + +// SetProperties sets the Properties field's value. +func (s *DescribePatchPropertiesOutput) SetProperties(v []map[string]*string) *DescribePatchPropertiesOutput { + s.Properties = v + return s +} + type DescribeSessionsInput struct { _ struct{} `type:"structure"` @@ -21909,7 +22155,7 @@ func (s *GetInventorySchemaOutput) SetSchemas(v []*InventoryItemSchema) *GetInve type GetMaintenanceWindowExecutionInput struct { _ struct{} `type:"structure"` - // The ID of the Maintenance Window execution that includes the task. + // The ID of the maintenance window execution that includes the task. // // WindowExecutionId is a required field WindowExecutionId *string `min:"36" type:"string" required:"true"` @@ -21950,22 +22196,22 @@ func (s *GetMaintenanceWindowExecutionInput) SetWindowExecutionId(v string) *Get type GetMaintenanceWindowExecutionOutput struct { _ struct{} `type:"structure"` - // The time the Maintenance Window finished running. + // The time the maintenance window finished running. EndTime *time.Time `type:"timestamp"` - // The time the Maintenance Window started running. + // The time the maintenance window started running. StartTime *time.Time `type:"timestamp"` - // The status of the Maintenance Window execution. + // The status of the maintenance window execution. Status *string `type:"string" enum:"MaintenanceWindowExecutionStatus"` // The details explaining the Status. Only available for certain status values. StatusDetails *string `type:"string"` - // The ID of the task executions from the Maintenance Window execution. + // The ID of the task executions from the maintenance window execution. TaskIds []*string `type:"list"` - // The ID of the Maintenance Window execution. + // The ID of the maintenance window execution. WindowExecutionId *string `min:"36" type:"string"` } @@ -22018,13 +22264,13 @@ func (s *GetMaintenanceWindowExecutionOutput) SetWindowExecutionId(v string) *Ge type GetMaintenanceWindowExecutionTaskInput struct { _ struct{} `type:"structure"` - // The ID of the specific task execution in the Maintenance Window task that + // The ID of the specific task execution in the maintenance window task that // should be retrieved. // // TaskId is a required field TaskId *string `min:"36" type:"string" required:"true"` - // The ID of the Maintenance Window execution that includes the task. + // The ID of the maintenance window execution that includes the task. // // WindowExecutionId is a required field WindowExecutionId *string `min:"36" type:"string" required:"true"` @@ -22082,13 +22328,13 @@ type GetMaintenanceWindowExecutionTaskInvocationInput struct { // InvocationId is a required field InvocationId *string `min:"36" type:"string" required:"true"` - // The ID of the specific task in the Maintenance Window task that should be + // The ID of the specific task in the maintenance window task that should be // retrieved. // // TaskId is a required field TaskId *string `min:"36" type:"string" required:"true"` - // The ID of the Maintenance Window execution for which the task is a part. + // The ID of the maintenance window execution for which the task is a part. // // WindowExecutionId is a required field WindowExecutionId *string `min:"36" type:"string" required:"true"` @@ -22163,7 +22409,7 @@ type GetMaintenanceWindowExecutionTaskInvocationOutput struct { InvocationId *string `min:"36" type:"string"` // User-provided value to be included in any CloudWatch events raised while - // running tasks for these targets in this Maintenance Window. + // running tasks for these targets in this maintenance window. OwnerInformation *string `min:"1" type:"string" sensitive:"true"` // The parameters used at the time that the task ran. @@ -22182,14 +22428,14 @@ type GetMaintenanceWindowExecutionTaskInvocationOutput struct { // The task execution ID. TaskExecutionId *string `min:"36" type:"string"` - // Retrieves the task type for a Maintenance Window. Task types include the + // Retrieves the task type for a maintenance window. Task types include the // following: LAMBDA, STEP_FUNCTION, AUTOMATION, RUN_COMMAND. TaskType *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The Maintenance Window execution ID. + // The maintenance window execution ID. WindowExecutionId *string `min:"36" type:"string"` - // The Maintenance Window target ID. + // The maintenance window target ID. WindowTargetId *string `type:"string"` } @@ -22306,7 +22552,7 @@ type GetMaintenanceWindowExecutionTaskOutput struct { // The ARN of the task that ran. TaskArn *string `min:"1" type:"string"` - // The ID of the specific task execution in the Maintenance Window task that + // The ID of the specific task execution in the maintenance window task that // was retrieved. TaskExecutionId *string `min:"36" type:"string"` @@ -22315,7 +22561,7 @@ type GetMaintenanceWindowExecutionTaskOutput struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // The map has the following format: // @@ -22327,7 +22573,7 @@ type GetMaintenanceWindowExecutionTaskOutput struct { // The type of task that was run. Type *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The ID of the Maintenance Window execution that includes the task. + // The ID of the maintenance window execution that includes the task. WindowExecutionId *string `min:"36" type:"string"` } @@ -22422,7 +22668,7 @@ func (s *GetMaintenanceWindowExecutionTaskOutput) SetWindowExecutionId(v string) type GetMaintenanceWindowInput struct { _ struct{} `type:"structure"` - // The ID of the desired Maintenance Window. + // The ID of the maintenance window for which you want to retrieve information. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -22463,56 +22709,56 @@ func (s *GetMaintenanceWindowInput) SetWindowId(v string) *GetMaintenanceWindowI type GetMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // Whether targets must be registered with the Maintenance Window before tasks + // Whether targets must be registered with the maintenance window before tasks // can be defined for those targets. AllowUnassociatedTargets *bool `type:"boolean"` - // The date the Maintenance Window was created. + // The date the maintenance window was created. CreatedDate *time.Time `type:"timestamp"` - // The number of hours before the end of the Maintenance Window that Systems + // The number of hours before the end of the maintenance window that Systems // Manager stops scheduling new tasks for execution. Cutoff *int64 `type:"integer"` - // The description of the Maintenance Window. + // The description of the maintenance window. Description *string `min:"1" type:"string" sensitive:"true"` - // The duration of the Maintenance Window in hours. + // The duration of the maintenance window in hours. Duration *int64 `min:"1" type:"integer"` - // Whether the Maintenance Windows is enabled. + // Indicates whether the maintenance window is enabled. Enabled *bool `type:"boolean"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become inactive. The Maintenance Window will not run + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become inactive. The maintenance window will not run // after this specified time. EndDate *string `type:"string"` - // The date the Maintenance Window was last modified. + // The date the maintenance window was last modified. ModifiedDate *time.Time `type:"timestamp"` - // The name of the Maintenance Window. + // The name of the maintenance window. Name *string `min:"3" type:"string"` - // The next time the Maintenance Window will actually run, taking into account - // any specified times for the Maintenance Window to become active or inactive. + // The next time the maintenance window will actually run, taking into account + // any specified times for the maintenance window to become active or inactive. NextExecutionTime *string `type:"string"` - // The schedule of the Maintenance Window in the form of a cron or rate expression. + // The schedule of the maintenance window in the form of a cron or rate expression. Schedule *string `min:"1" type:"string"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", // "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database // (https://www.iana.org/time-zones) on the IANA website. ScheduleTimezone *string `type:"string"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become active. The Maintenance Window will not run + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become active. The maintenance window will not run // before this specified time. StartDate *string `type:"string"` - // The ID of the created Maintenance Window. + // The ID of the created maintenance window. WindowId *string `min:"20" type:"string"` } @@ -22613,12 +22859,12 @@ func (s *GetMaintenanceWindowOutput) SetWindowId(v string) *GetMaintenanceWindow type GetMaintenanceWindowTaskInput struct { _ struct{} `type:"structure"` - // The Maintenance Window ID that includes the task to retrieve. + // The maintenance window ID that includes the task to retrieve. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` - // The Maintenance Window task ID to retrieve. + // The maintenance window task ID to retrieve. // // WindowTaskId is a required field WindowTaskId *string `min:"36" type:"string" required:"true"` @@ -22679,7 +22925,7 @@ type GetMaintenanceWindowTaskOutput struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. LoggingInfo *LoggingInfo `type:"structure"` // The maximum number of targets allowed to run this task in parallel. @@ -22695,7 +22941,8 @@ type GetMaintenanceWindowTaskOutput struct { // priority. Tasks that have the same priority are scheduled in parallel. Priority *int64 `type:"integer"` - // The IAM service role to assume during task execution. + // The ARN of the IAM service role to use to publish Amazon Simple Notification + // Service (Amazon SNS) notifications for maintenance window Run Command tasks. ServiceRoleArn *string `type:"string"` // The targets where the task should run. @@ -22715,16 +22962,16 @@ type GetMaintenanceWindowTaskOutput struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map" sensitive:"true"` // The type of task to run. TaskType *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The retrieved Maintenance Window ID. + // The retrieved maintenance window ID. WindowId *string `min:"20" type:"string"` - // The retrieved Maintenance Window task ID. + // The retrieved maintenance window task ID. WindowTaskId *string `min:"36" type:"string"` } @@ -23203,8 +23450,8 @@ func (s *GetParametersInput) SetWithDecryption(v bool) *GetParametersInput { type GetParametersOutput struct { _ struct{} `type:"structure"` - // A list of parameters that are not formatted correctly or do not run when - // executed. + // A list of parameters that are not formatted correctly or do not run during + // an execution. InvalidParameters []*string `min:"1" type:"list"` // A list of details for a parameter. @@ -23750,7 +23997,7 @@ type InstanceAssociationStatusInfo struct { // Detailed status information about the instance association. DetailedStatus *string `type:"string"` - // The association document verions. + // The association document versions. DocumentVersion *string `type:"string"` // An error code returned by the request to create the association. @@ -24224,7 +24471,9 @@ type InstancePatchState struct { MissingCount *int64 `type:"integer"` // The number of patches from the patch baseline that aren't applicable for - // the instance and hence aren't installed on the instance. + // the instance and therefore aren't installed on the instance. This number + // may be truncated if the list of patch names is very large. The number of + // patches beyond this limit are reported in UnreportedNotApplicableCount. NotApplicableCount *int64 `type:"integer"` // The type of patching operation that was performed: SCAN (assess patch compliance @@ -24255,6 +24504,10 @@ type InstancePatchState struct { // The ID of the patch baseline snapshot used during the patching operation // when this compliance data was collected. SnapshotId *string `min:"36" type:"string"` + + // The number of patches beyond the supported limit of NotApplicableCount that + // are not reported by name to Systems Manager Inventory. + UnreportedNotApplicableCount *int64 `type:"integer"` } // String returns the string representation @@ -24357,6 +24610,12 @@ func (s *InstancePatchState) SetSnapshotId(v string) *InstancePatchState { return s } +// SetUnreportedNotApplicableCount sets the UnreportedNotApplicableCount field's value. +func (s *InstancePatchState) SetUnreportedNotApplicableCount(v int64) *InstancePatchState { + s.UnreportedNotApplicableCount = &v + return s +} + // Defines a filter used in DescribeInstancePatchStatesForPatchGroup used to // scope down the information returned by the API. type InstancePatchStateFilter struct { @@ -24527,7 +24786,7 @@ type InventoryDeletionStatusItem struct { DeletionStartTime *time.Time `type:"timestamp"` // Information about the delete operation. For more information about this summary, - // see Understanding the Delete Inventory Summary (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-delete.html#sysman-inventory-delete-summary) + // see Understanding the Delete Inventory Summary (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-custom.html#sysman-inventory-delete) // in the AWS Systems Manager User Guide. DeletionSummary *InventoryDeletionSummary `type:"structure"` @@ -26563,7 +26822,7 @@ func (s *ListTagsForResourceOutput) SetTagList(v []*Tag) *ListTagsForResourceOut // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. type LoggingInfo struct { _ struct{} `type:"structure"` @@ -26646,12 +26905,12 @@ type MaintenanceWindowAutomationParameters struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // For AUTOMATION task types, Systems Manager ignores any values specified for // these parameters. @@ -26693,7 +26952,7 @@ func (s *MaintenanceWindowAutomationParameters) SetParameters(v map[string][]*st return s } -// Describes the information about an execution of a Maintenance Window. +// Describes the information about an execution of a maintenance window. type MaintenanceWindowExecution struct { _ struct{} `type:"structure"` @@ -26709,10 +26968,10 @@ type MaintenanceWindowExecution struct { // The details explaining the Status. Only available for certain status values. StatusDetails *string `type:"string"` - // The ID of the Maintenance Window execution. + // The ID of the maintenance window execution. WindowExecutionId *string `min:"36" type:"string"` - // The ID of the Maintenance Window. + // The ID of the maintenance window. WindowId *string `min:"20" type:"string"` } @@ -26762,7 +27021,7 @@ func (s *MaintenanceWindowExecution) SetWindowId(v string) *MaintenanceWindowExe return s } -// Information about a task execution performed as part of a Maintenance Window +// Information about a task execution performed as part of a maintenance window // execution. type MaintenanceWindowExecutionTaskIdentity struct { _ struct{} `type:"structure"` @@ -26783,13 +27042,13 @@ type MaintenanceWindowExecutionTaskIdentity struct { // The ARN of the task that ran. TaskArn *string `min:"1" type:"string"` - // The ID of the specific task execution in the Maintenance Window execution. + // The ID of the specific task execution in the maintenance window execution. TaskExecutionId *string `min:"36" type:"string"` // The type of task that ran. TaskType *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The ID of the Maintenance Window execution that ran the task. + // The ID of the maintenance window execution that ran the task. WindowExecutionId *string `min:"36" type:"string"` } @@ -26852,7 +27111,7 @@ func (s *MaintenanceWindowExecutionTaskIdentity) SetWindowExecutionId(v string) } // Describes the information about a task invocation for a particular target -// as part of a task execution performed as part of a Maintenance Window execution. +// as part of a task execution performed as part of a maintenance window execution. type MaintenanceWindowExecutionTaskInvocationIdentity struct { _ struct{} `type:"structure"` @@ -26867,7 +27126,7 @@ type MaintenanceWindowExecutionTaskInvocationIdentity struct { InvocationId *string `min:"36" type:"string"` // User-provided value that was specified when the target was registered with - // the Maintenance Window. This was also included in any CloudWatch events raised + // the maintenance window. This was also included in any CloudWatch events raised // during the task invocation. OwnerInformation *string `min:"1" type:"string" sensitive:"true"` @@ -26884,16 +27143,16 @@ type MaintenanceWindowExecutionTaskInvocationIdentity struct { // for certain Status values. StatusDetails *string `type:"string"` - // The ID of the specific task execution in the Maintenance Window execution. + // The ID of the specific task execution in the maintenance window execution. TaskExecutionId *string `min:"36" type:"string"` // The task type. TaskType *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The ID of the Maintenance Window execution that ran the task. + // The ID of the maintenance window execution that ran the task. WindowExecutionId *string `min:"36" type:"string"` - // The ID of the target definition in this Maintenance Window the invocation + // The ID of the target definition in this maintenance window the invocation // was performed for. WindowTargetId *string `type:"string"` } @@ -27026,46 +27285,46 @@ func (s *MaintenanceWindowFilter) SetValues(v []*string) *MaintenanceWindowFilte return s } -// Information about the Maintenance Window. +// Information about the maintenance window. type MaintenanceWindowIdentity struct { _ struct{} `type:"structure"` - // The number of hours before the end of the Maintenance Window that Systems + // The number of hours before the end of the maintenance window that Systems // Manager stops scheduling new tasks for execution. Cutoff *int64 `type:"integer"` - // A description of the Maintenance Window. + // A description of the maintenance window. Description *string `min:"1" type:"string" sensitive:"true"` - // The duration of the Maintenance Window in hours. + // The duration of the maintenance window in hours. Duration *int64 `min:"1" type:"integer"` - // Whether the Maintenance Window is enabled. + // Indicates whether the maintenance window is enabled. Enabled *bool `type:"boolean"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become inactive. + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become inactive. EndDate *string `type:"string"` - // The name of the Maintenance Window. + // The name of the maintenance window. Name *string `min:"3" type:"string"` - // The next time the Maintenance Window will actually run, taking into account - // any specified times for the Maintenance Window to become active or inactive. + // The next time the maintenance window will actually run, taking into account + // any specified times for the maintenance window to become active or inactive. NextExecutionTime *string `type:"string"` - // The schedule of the Maintenance Window in the form of a cron or rate expression. + // The schedule of the maintenance window in the form of a cron or rate expression. Schedule *string `min:"1" type:"string"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. ScheduleTimezone *string `type:"string"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become active. + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become active. StartDate *string `type:"string"` - // The ID of the Maintenance Window. + // The ID of the maintenance window. WindowId *string `min:"20" type:"string"` } @@ -27145,14 +27404,14 @@ func (s *MaintenanceWindowIdentity) SetWindowId(v string) *MaintenanceWindowIden return s } -// The Maintenance Window to which the specified target belongs. +// The maintenance window to which the specified target belongs. type MaintenanceWindowIdentityForTarget struct { _ struct{} `type:"structure"` - // The name of the Maintenance Window. + // The name of the maintenance window. Name *string `min:"3" type:"string"` - // The ID of the Maintenance Window. + // The ID of the maintenance window. WindowId *string `min:"20" type:"string"` } @@ -27186,12 +27445,12 @@ func (s *MaintenanceWindowIdentityForTarget) SetWindowId(v string) *MaintenanceW // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // For Lambda tasks, Systems Manager ignores any values specified for TaskParameters // and LoggingInfo. @@ -27267,19 +27526,19 @@ func (s *MaintenanceWindowLambdaParameters) SetQualifier(v string) *MaintenanceW // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // For Run Command tasks, Systems Manager uses specified values for TaskParameters // and LoggingInfo only if no values are specified for TaskInvocationParameters. type MaintenanceWindowRunCommandParameters struct { _ struct{} `type:"structure"` - // Information about the command(s) to run. + // Information about the commands to run. Comment *string `type:"string"` // The SHA-256 or SHA-1 hash created by the system when the document was created. @@ -27302,7 +27561,8 @@ type MaintenanceWindowRunCommandParameters struct { // The parameters for the RUN_COMMAND task execution. Parameters map[string][]*string `type:"map"` - // The IAM service role to assume during task execution. + // The ARN of the IAM service role to use to publish Amazon Simple Notification + // Service (Amazon SNS) notifications for maintenance window Run Command tasks. ServiceRoleArn *string `type:"string"` // If this time is reached and the command has not already started running, @@ -27398,12 +27658,12 @@ func (s *MaintenanceWindowRunCommandParameters) SetTimeoutSeconds(v int64) *Main // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options -// for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. +// for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // For Step Functions tasks, Systems Manager ignores any values specified for // TaskParameters and LoggingInfo. @@ -27452,28 +27712,35 @@ func (s *MaintenanceWindowStepFunctionsParameters) SetName(v string) *Maintenanc return s } -// The target registered with the Maintenance Window. +// The target registered with the maintenance window. type MaintenanceWindowTarget struct { _ struct{} `type:"structure"` - // A description of the target. + // A description for the target. Description *string `min:"1" type:"string" sensitive:"true"` - // The target name. + // The name for the maintenance window target. Name *string `min:"3" type:"string"` - // User-provided value that will be included in any CloudWatch events raised - // while running tasks for these targets in this Maintenance Window. + // A user-provided value that will be included in any CloudWatch events that + // are raised while running tasks for these targets in this maintenance window. OwnerInformation *string `min:"1" type:"string" sensitive:"true"` - // The type of target. + // The type of target that is being registered with the maintenance window. ResourceType *string `type:"string" enum:"MaintenanceWindowResourceType"` - // The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>. - // Tags are specified using Key=<tag name>,Values=<tag value>. + // The targets, either instances or tags. + // + // Specify instances using the following format: + // + // Key=instanceids,Values=<instanceid1>,<instanceid2> + // + // Tags are specified using the following format: + // + // Key=<tag name>,Values=<tag value>. Targets []*Target `type:"list"` - // The Maintenance Window ID where the target is registered. + // The ID of the maintenance window to register the target with. WindowId *string `min:"20" type:"string"` // The ID of the target. @@ -27532,7 +27799,7 @@ func (s *MaintenanceWindowTarget) SetWindowTargetId(v string) *MaintenanceWindow return s } -// Information about a task defined for a Maintenance Window. +// Information about a task defined for a maintenance window. type MaintenanceWindowTask struct { _ struct{} `type:"structure"` @@ -27544,10 +27811,10 @@ type MaintenanceWindowTask struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. LoggingInfo *LoggingInfo `type:"structure"` - // The maximum number of targets this task can be run for in parallel. + // The maximum number of targets this task can be run for, in parallel. MaxConcurrency *string `min:"1" type:"string"` // The maximum number of errors allowed before this task stops being scheduled. @@ -27556,12 +27823,13 @@ type MaintenanceWindowTask struct { // The task name. Name *string `min:"3" type:"string"` - // The priority of the task in the Maintenance Window. The lower the number, + // The priority of the task in the maintenance window. The lower the number, // the higher the priority. Tasks that have the same priority are scheduled // in parallel. Priority *int64 `type:"integer"` - // The role that should be assumed when running the task. + // The ARN of the IAM service role to use to publish Amazon Simple Notification + // Service (Amazon SNS) notifications for maintenance window Run Command tasks. ServiceRoleArn *string `type:"string"` // The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>. @@ -27579,14 +27847,14 @@ type MaintenanceWindowTask struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map" sensitive:"true"` // The type of task. The type can be one of the following: RUN_COMMAND, AUTOMATION, // LAMBDA, or STEP_FUNCTION. Type *string `type:"string" enum:"MaintenanceWindowTaskType"` - // The Maintenance Window ID where the task is registered. + // The ID of the maintenance window where the task is registered. WindowId *string `min:"20" type:"string"` // The task ID. @@ -27913,14 +28181,15 @@ func (s *NonCompliantSummary) SetSeveritySummary(v *SeveritySummary) *NonComplia type NotificationConfig struct { _ struct{} `type:"structure"` - // An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. - // Run Command pushes notifications about command status changes to this topic. + // An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon + // SNS) topic. Run Command pushes notifications about command status changes + // to this topic. NotificationArn *string `type:"string"` // The different events for which you can receive notifications. These events // include the following: All (events), InProgress, Success, TimedOut, Cancelled, // Failed. To learn more about these events, see Configuring Amazon SNS Notifications - // for Run Command (http://docs.aws.amazon.com/systems-manager/latest/userguide/rc-sns-notifications.html) + // for AWS Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-sns-notifications.html) // in the AWS Systems Manager User Guide. NotificationEvents []*string `type:"list"` @@ -28024,7 +28293,7 @@ type Parameter struct { Type *string `type:"string" enum:"ParameterType"` // The parameter value. - Value *string `min:"1" type:"string"` + Value *string `type:"string"` // The parameter version. Version *int64 `type:"long"` @@ -28115,11 +28384,20 @@ type ParameterHistory struct { // The name of the parameter. Name *string `min:"1" type:"string"` + // Information about the policies assigned to a parameter. + // + // Working with Parameter Policies (https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) + // in the AWS Systems Manager User Guide. + Policies []*ParameterInlinePolicy `type:"list"` + + // The parameter tier. + Tier *string `type:"string" enum:"ParameterTier"` + // The type of parameter used. Type *string `type:"string" enum:"ParameterType"` // The parameter value. - Value *string `min:"1" type:"string"` + Value *string `type:"string"` // The parameter version. Version *int64 `type:"long"` @@ -28177,6 +28455,18 @@ func (s *ParameterHistory) SetName(v string) *ParameterHistory { return s } +// SetPolicies sets the Policies field's value. +func (s *ParameterHistory) SetPolicies(v []*ParameterInlinePolicy) *ParameterHistory { + s.Policies = v + return s +} + +// SetTier sets the Tier field's value. +func (s *ParameterHistory) SetTier(v string) *ParameterHistory { + s.Tier = &v + return s +} + // SetType sets the Type field's value. func (s *ParameterHistory) SetType(v string) *ParameterHistory { s.Type = &v @@ -28195,7 +28485,53 @@ func (s *ParameterHistory) SetVersion(v int64) *ParameterHistory { return s } -// Metada includes information like the ARN of the last user and the date/time +// One or more policies assigned to a parameter. +type ParameterInlinePolicy struct { + _ struct{} `type:"structure"` + + // The status of the policy. Policies report the following statuses: Pending + // (the policy has not been enforced or applied yet), Finished (the policy was + // applied), Failed (the policy was not applied), or InProgress (the policy + // is being applied now). + PolicyStatus *string `type:"string"` + + // The JSON text of the policy. + PolicyText *string `type:"string"` + + // The type of policy. Parameter Store supports the following policy types: + // Expiration, ExpirationNotification, and NoChangeNotification. + PolicyType *string `type:"string"` +} + +// String returns the string representation +func (s ParameterInlinePolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ParameterInlinePolicy) GoString() string { + return s.String() +} + +// SetPolicyStatus sets the PolicyStatus field's value. +func (s *ParameterInlinePolicy) SetPolicyStatus(v string) *ParameterInlinePolicy { + s.PolicyStatus = &v + return s +} + +// SetPolicyText sets the PolicyText field's value. +func (s *ParameterInlinePolicy) SetPolicyText(v string) *ParameterInlinePolicy { + s.PolicyText = &v + return s +} + +// SetPolicyType sets the PolicyType field's value. +func (s *ParameterInlinePolicy) SetPolicyType(v string) *ParameterInlinePolicy { + s.PolicyType = &v + return s +} + +// Metadata includes information like the ARN of the last user and the date/time // the parameter was last used. type ParameterMetadata struct { _ struct{} `type:"structure"` @@ -28220,6 +28556,12 @@ type ParameterMetadata struct { // The parameter name. Name *string `min:"1" type:"string"` + // A list of policies associated with a parameter. + Policies []*ParameterInlinePolicy `type:"list"` + + // The parameter tier. + Tier *string `type:"string" enum:"ParameterTier"` + // The type of parameter. Valid parameter types include the following: String, // String list, Secure string. Type *string `type:"string" enum:"ParameterType"` @@ -28274,6 +28616,18 @@ func (s *ParameterMetadata) SetName(v string) *ParameterMetadata { return s } +// SetPolicies sets the Policies field's value. +func (s *ParameterMetadata) SetPolicies(v []*ParameterInlinePolicy) *ParameterMetadata { + s.Policies = v + return s +} + +// SetTier sets the Tier field's value. +func (s *ParameterMetadata) SetTier(v string) *ParameterMetadata { + s.Tier = &v + return s +} + // SetType sets the Type field's value. func (s *ParameterMetadata) SetType(v string) *ParameterMetadata { s.Type = &v @@ -28288,7 +28642,9 @@ func (s *ParameterMetadata) SetVersion(v int64) *ParameterMetadata { // One or more filters. Use a filter to return a more specific list of results. // -// The Name field can't be used with the GetParametersByPath API action. +// The Name and Tier filter keys can't be used with the GetParametersByPath +// API action. Also, the Label filter key can't be used with the DescribeParameters +// API action. type ParameterStringFilter struct { _ struct{} `type:"structure"` @@ -28693,440 +29049,36 @@ func (s *PatchComplianceData) SetTitle(v string) *PatchComplianceData { return s } -// Defines a patch filter. -// -// A patch filter consists of key/value pairs, but not all keys are valid for -// all operating system types. For example, the key PRODUCT is valid for all -// supported operating system types. The key MSRC_SEVERITY, however, is valid -// only for Windows operating systems, and the key SECTION is valid only for -// Ubuntu operating systems. -// -// Refer to the following sections for information about which keys may be used -// with each major operating system, and which values are valid for each key. -// -// Windows Operating Systems -// -// The supported keys for Windows operating systems are PRODUCT, CLASSIFICATION, -// and MSRC_SEVERITY. See the following lists for valid values for each of these -// keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * Windows7 -// -// * Windows8 -// -// * Windows8.1 -// -// * Windows8Embedded -// -// * Windows10 -// -// * Windows10LTSB -// -// * WindowsServer2008 +// Defines which patches should be included in a patch baseline. // -// * WindowsServer2008R2 +// A patch filter consists of a key and a set of values. The filter key is a +// patch property. For example, the available filter keys for WINDOWS are PATCH_SET, +// PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, and MSRC_SEVERITY. The filter values +// define a matching criterion for the patch property indicated by the key. +// For example, if the filter key is PRODUCT and the filter values are ["Office +// 2013", "Office 2016"], then the filter accepts all patches where product +// name is either "Office 2013" or "Office 2016". The filter values can be exact +// values for the patch property given as a key, or a wildcard (*), which matches +// all values. // -// * WindowsServer2012 -// -// * WindowsServer2012R2 -// -// * WindowsServer2016 -// -// * WindowsServer2019 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * CriticalUpdates -// -// * DefinitionUpdates -// -// * Drivers -// -// * FeaturePacks -// -// * SecurityUpdates -// -// * ServicePacks -// -// * Tools -// -// * UpdateRollups -// -// * Updates -// -// * Upgrades -// -// Supported key:MSRC_SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Moderate -// -// * Low -// -// * Unspecified -// -// Ubuntu Operating Systems -// -// The supported keys for Ubuntu operating systems are PRODUCT, PRIORITY, and -// SECTION. See the following lists for valid values for each of these keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * Ubuntu14.04 -// -// * Ubuntu16.04 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:PRIORITY -// -// Supported values: -// -// * Required -// -// * Important -// -// * Standard -// -// * Optional -// -// * Extra -// -// Supported key:SECTION -// -// Only the length of the key value is validated. Minimum length is 1. Maximum -// length is 64. -// -// Amazon Linux Operating Systems -// -// The supported keys for Amazon Linux operating systems are PRODUCT, CLASSIFICATION, -// and SEVERITY. See the following lists for valid values for each of these -// keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * AmazonLinux2012.03 -// -// * AmazonLinux2012.09 -// -// * AmazonLinux2013.03 -// -// * AmazonLinux2013.09 -// -// * AmazonLinux2014.03 -// -// * AmazonLinux2014.09 -// -// * AmazonLinux2015.03 -// -// * AmazonLinux2015.09 -// -// * AmazonLinux2016.03 -// -// * AmazonLinux2016.09 -// -// * AmazonLinux2017.03 -// -// * AmazonLinux2017.09 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * Security -// -// * Bugfix -// -// * Enhancement -// -// * Recommended -// -// * Newpackage -// -// Supported key:SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Medium -// -// * Low -// -// Amazon Linux 2 Operating Systems -// -// The supported keys for Amazon Linux 2 operating systems are PRODUCT, CLASSIFICATION, -// and SEVERITY. See the following lists for valid values for each of these -// keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * AmazonLinux2 -// -// * AmazonLinux2.0 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * Security -// -// * Bugfix -// -// * Enhancement -// -// * Recommended -// -// * Newpackage -// -// Supported key:SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Medium -// -// * Low -// -// RedHat Enterprise Linux (RHEL) Operating Systems -// -// The supported keys for RedHat Enterprise Linux operating systems are PRODUCT, -// CLASSIFICATION, and SEVERITY. See the following lists for valid values for -// each of these keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * RedhatEnterpriseLinux6.5 -// -// * RedhatEnterpriseLinux6.6 -// -// * RedhatEnterpriseLinux6.7 -// -// * RedhatEnterpriseLinux6.8 -// -// * RedhatEnterpriseLinux6.9 -// -// * RedhatEnterpriseLinux7.0 -// -// * RedhatEnterpriseLinux7.1 -// -// * RedhatEnterpriseLinux7.2 -// -// * RedhatEnterpriseLinux7.3 -// -// * RedhatEnterpriseLinux7.4 -// -// * RedhatEnterpriseLinux7.5 -// -// * RedhatEnterpriseLinux7.6 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * Security -// -// * Bugfix -// -// * Enhancement -// -// * Recommended -// -// * Newpackage -// -// Supported key:SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Medium -// -// * Low -// -// SUSE Linux Enterprise Server (SLES) Operating Systems -// -// The supported keys for SLES operating systems are PRODUCT, CLASSIFICATION, -// and SEVERITY. See the following lists for valid values for each of these -// keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * Suse12.0 -// -// * Suse12.1 -// -// * Suse12.2 -// -// * Suse12.3 -// -// * Suse12.4 -// -// * Suse12.5 -// -// * Suse12.6 -// -// * Suse12.7 -// -// * Suse12.8 -// -// * Suse12.9 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * Security -// -// * Recommended -// -// * Optional -// -// * Feature -// -// * Document -// -// * Yast -// -// Supported key:SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Moderate -// -// * Low -// -// CentOS Operating Systems -// -// The supported keys for CentOS operating systems are PRODUCT, CLASSIFICATION, -// and SEVERITY. See the following lists for valid values for each of these -// keys. -// -// Supported key:PRODUCT -// -// Supported values: -// -// * CentOS6.5 -// -// * CentOS6.6 -// -// * CentOS6.7 -// -// * CentOS6.8 -// -// * CentOS6.9 -// -// * CentOS7.0 -// -// * CentOS7.1 -// -// * CentOS7.2 -// -// * CentOS7.3 -// -// * CentOS7.4 -// -// * CentOS7.5 -// -// * CentOS7.6 -// -// * * -// -// Use a wildcard character (*) to target all supported operating system versions. -// -// Supported key:CLASSIFICATION -// -// Supported values: -// -// * Security -// -// * Bugfix -// -// * Enhancement -// -// * Recommended -// -// * Newpackage -// -// Supported key:SEVERITY -// -// Supported values: -// -// * Critical -// -// * Important -// -// * Medium -// -// * Low +// You can view lists of valid values for the patch properties by running the +// DescribePatchProperties command. For information about which patch properties +// can be used with each major operating system, see DescribePatchProperties. type PatchFilter struct { _ struct{} `type:"structure"` // The key for the filter. // - // See PatchFilter for lists of valid keys for each operating system type. + // Run the DescribePatchProperties command to view lists of valid keys for each + // operating system type. // // Key is a required field Key *string `type:"string" required:"true" enum:"PatchFilterKey"` // The value for the filter key. // - // See PatchFilter for lists of valid values for each key based on operating - // system type. + // Run the DescribePatchProperties command to view lists of valid values for + // each key based on operating system type. // // Values is a required field Values []*string `min:"1" type:"list" required:"true"` @@ -29927,6 +29879,30 @@ type PutParameterInput struct { // Overwrite an existing parameter. If not specified, will default to "false". Overwrite *bool `type:"boolean"` + // One or more policies to apply to a parameter. This action takes a JSON array. + // Parameter Store supports the following policy types: + // + // Expiration: This policy deletes the parameter after it expires. When you + // create the policy, you specify the expiration date. You can update the expiration + // date and time by updating the policy. Updating the parameter does not affect + // the expiration date and time. When the expiration time is reached, Parameter + // Store deletes the parameter. + // + // ExpirationNotification: This policy triggers an event in Amazon CloudWatch + // Events that notifies you about the expiration. By using this policy, you + // can receive notification before or after the expiration time is reached, + // in units of days or hours. + // + // NoChangeNotification: This policy triggers a CloudWatch event if a parameter + // has not been modified for a specified period of time. This policy type is + // useful when, for example, a secret needs to be changed within a period of + // time, but it has not been changed. + // + // All existing policies are preserved until you send new policies or an empty + // policy. For more information about parameter policies, see Working with Parameter + // Policies (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-policies.html). + Policies *string `min:"1" type:"string"` + // Optional metadata that you assign to a resource. Tags enable you to categorize // a resource in different ways, such as by purpose, owner, or environment. // For example, you might want to tag a Systems Manager parameter to identify @@ -29944,6 +29920,32 @@ type PutParameterInput struct { // action. Tags []*Tag `type:"list"` + // Parameter Store offers a standard tier and an advanced tier for parameters. + // Standard parameters have a value limit of 4 KB and can't be configured to + // use parameter policies. You can create a maximum of 10,000 standard parameters + // per account and per Region. Standard parameters are offered at no additional + // cost. + // + // Advanced parameters have a value limit of 8 KB and can be configured to use + // parameter policies. You can create a maximum of 100,000 advanced parameters + // per account and per Region. Advanced parameters incur a charge. + // + // If you don't specify a parameter tier when you create a new parameter, the + // parameter defaults to using the standard tier. You can change a standard + // parameter to an advanced parameter at any time. But you can't revert an advanced + // parameter to a standard parameter. Reverting an advanced parameter to a standard + // parameter would result in data loss because the system would truncate the + // size of the parameter from 8 KB to 4 KB. Reverting would also remove any + // policies attached to the parameter. Lastly, advanced parameters use a different + // form of encryption than standard parameters. + // + // If you no longer need an advanced parameter, or if you no longer want to + // incur charges for an advanced parameter, you must delete it and recreate + // it as a new standard parameter. For more information, see About Advanced + // Parameters (http://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html) + // in the AWS Systems Manager User Guide. + Tier *string `type:"string" enum:"ParameterTier"` + // The type of parameter that you want to add to the system. // // Items in a StringList must be separated by a comma (,). You can't use other @@ -29956,10 +29958,11 @@ type PutParameterInput struct { // Type is a required field Type *string `type:"string" required:"true" enum:"ParameterType"` - // The parameter value that you want to add to the system. + // The parameter value that you want to add to the system. Standard parameters + // have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB. // // Value is a required field - Value *string `min:"1" type:"string" required:"true"` + Value *string `type:"string" required:"true"` } // String returns the string representation @@ -29984,15 +29987,15 @@ func (s *PutParameterInput) Validate() error { if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } + if s.Policies != nil && len(*s.Policies) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Policies", 1)) + } if s.Type == nil { invalidParams.Add(request.NewErrParamRequired("Type")) } if s.Value == nil { invalidParams.Add(request.NewErrParamRequired("Value")) } - if s.Value != nil && len(*s.Value) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Value", 1)) - } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -30040,12 +30043,24 @@ func (s *PutParameterInput) SetOverwrite(v bool) *PutParameterInput { return s } +// SetPolicies sets the Policies field's value. +func (s *PutParameterInput) SetPolicies(v string) *PutParameterInput { + s.Policies = &v + return s +} + // SetTags sets the Tags field's value. func (s *PutParameterInput) SetTags(v []*Tag) *PutParameterInput { s.Tags = v return s } +// SetTier sets the Tier field's value. +func (s *PutParameterInput) SetTier(v string) *PutParameterInput { + s.Tier = &v + return s +} + // SetType sets the Type field's value. func (s *PutParameterInput) SetType(v string) *PutParameterInput { s.Type = &v @@ -30253,30 +30268,41 @@ type RegisterTargetWithMaintenanceWindowInput struct { Name *string `min:"3" type:"string"` // User-provided value that will be included in any CloudWatch events raised - // while running tasks for these targets in this Maintenance Window. + // while running tasks for these targets in this maintenance window. OwnerInformation *string `min:"1" type:"string" sensitive:"true"` - // The type of target being registered with the Maintenance Window. + // The type of target being registered with the maintenance window. // // ResourceType is a required field ResourceType *string `type:"string" required:"true" enum:"MaintenanceWindowResourceType"` - // The targets (either instances or tags). + // The targets to register with the maintenance window. In other words, the + // instances to run commands on when the maintenance window runs. // - // Specify instances using the following format: + // You can specify targets using either instance IDs or tags that have been + // applied to instances. // - // Key=InstanceIds,Values=<instance-id-1>,<instance-id-2> + // Example 1: Specify instance IDs + // + // Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3 // - // Specify tags using either of the following formats: + // Example 2: Use tag key-pairs applied to instances // - // Key=tag:<tag-key>,Values=<tag-value-1>,<tag-value-2> + // Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2 // - // Key=tag-key,Values=<tag-key-1>,<tag-key-2> + // Example 3: Use tag-keys applied to instances + // + // Key=tag-key,Values=my-tag-key-1,my-tag-key-2 + // + // For more information about these examples formats, including the best use + // case for each one, see Examples: Register Targets with a Maintenance Window + // (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html) + // in the AWS Systems Manager User Guide. // // Targets is a required field Targets []*Target `type:"list" required:"true"` - // The ID of the Maintenance Window the target should be registered with. + // The ID of the maintenance window the target should be registered with. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -30381,7 +30407,7 @@ func (s *RegisterTargetWithMaintenanceWindowInput) SetWindowId(v string) *Regist type RegisterTargetWithMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the target definition in this Maintenance Window. + // The ID of the target definition in this maintenance window. WindowTargetId *string `min:"36" type:"string"` } @@ -30416,7 +30442,7 @@ type RegisterTaskWithMaintenanceWindowInput struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. LoggingInfo *LoggingInfo `type:"structure"` // The maximum number of targets this task can be run for in parallel. @@ -30432,33 +30458,32 @@ type RegisterTaskWithMaintenanceWindowInput struct { // An optional name for the task. Name *string `min:"3" type:"string"` - // The priority of the task in the Maintenance Window, the lower the number - // the higher the priority. Tasks in a Maintenance Window are scheduled in priority + // The priority of the task in the maintenance window, the lower the number + // the higher the priority. Tasks in a maintenance window are scheduled in priority // order with tasks that have the same priority scheduled in parallel. Priority *int64 `type:"integer"` - // The role to assume when running the Maintenance Window task. + // The ARN of the IAM service role for Systems Manager to assume when running + // a maintenance window task. If you do not specify a service role ARN, Systems + // Manager uses your account's service-linked role. If no service-linked role + // for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow. // - // If you do not specify a service role ARN, Systems Manager will use your account's - // service-linked role for Systems Manager by default. If no service-linked - // role for Systems Manager exists in your account, it will be created when - // you run RegisterTaskWithMaintenanceWindow without specifying a service role - // ARN. + // For more information, see the following topics in the in the AWS Systems + // Manager User Guide: // - // For more information, see Service-Linked Role Permissions for Systems Manager - // (http://docs.aws.amazon.com/systems-manager/latest/userguide/using-service-linked-roles.html#slr-permissions) - // and Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance - // Window Tasks? (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html#maintenance-window-tasks-service-role) - // in the AWS Systems Manager User Guide. + // * Service-Linked Role Permissions for Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/userguide/using-service-linked-roles.html#slr-permissions) + // + // * Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance + // Window Tasks? (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html#maintenance-window-tasks-service-role) ServiceRoleArn *string `type:"string"` - // The targets (either instances or Maintenance Window targets). + // The targets (either instances or maintenance window targets). // // Specify instances using the following format: // // Key=InstanceIds,Values=<instance-id-1>,<instance-id-2> // - // Specify Maintenance Window targets using the following format: + // Specify maintenance window targets using the following format: // // Key=<WindowTargetIds>,Values=<window-target-id-1>,<window-target-id-2> // @@ -30479,7 +30504,7 @@ type RegisterTaskWithMaintenanceWindowInput struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map" sensitive:"true"` // The type of task being registered. @@ -30487,7 +30512,7 @@ type RegisterTaskWithMaintenanceWindowInput struct { // TaskType is a required field TaskType *string `type:"string" required:"true" enum:"MaintenanceWindowTaskType"` - // The ID of the Maintenance Window the task should be added to. + // The ID of the maintenance window the task should be added to. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -30659,7 +30684,7 @@ func (s *RegisterTaskWithMaintenanceWindowInput) SetWindowId(v string) *Register type RegisterTaskWithMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // The ID of the task in the Maintenance Window. + // The ID of the task in the maintenance window. WindowTaskId *string `min:"36" type:"string"` } @@ -30694,7 +30719,7 @@ type RemoveTagsFromResourceInput struct { // For the Document and Parameter values, use the name of the resource. // // The ManagedInstance type for this API action is only for on-premises managed - // instances. You must specify the the name of the managed instance in the following + // instances. You must specify the name of the managed instance in the following // format: mi-ID_number. For example, mi-1a2b3c4d5e6f. // // ResourceId is a required field @@ -30703,7 +30728,7 @@ type RemoveTagsFromResourceInput struct { // The type of resource of which you want to remove a tag. // // The ManagedInstance type for this API action is only for on-premises managed - // instances. You must specify the the name of the managed instance in the following + // instances. You must specify the name of the managed instance in the following // format: mi-ID_number. For example, mi-1a2b3c4d5e6f. // // ResourceType is a required field @@ -31049,7 +31074,7 @@ type ResourceDataSyncS3Destination struct { _ struct{} `type:"structure"` // The ARN of an encryption key for a destination in Amazon S3. Must belong - // to the same region as the destination Amazon S3 bucket. + // to the same Region as the destination Amazon S3 bucket. AWSKMSKeyARN *string `min:"1" type:"string"` // The name of the Amazon S3 bucket where the aggregated data is stored. @@ -31363,18 +31388,18 @@ func (s *S3OutputUrl) SetOutputUrl(v string) *S3OutputUrl { return s } -// Information about a scheduled execution for a Maintenance Window. +// Information about a scheduled execution for a maintenance window. type ScheduledWindowExecution struct { _ struct{} `type:"structure"` - // The time, in ISO-8601 Extended format, that the Maintenance Window is scheduled + // The time, in ISO-8601 Extended format, that the maintenance window is scheduled // to be run. ExecutionTime *string `type:"string"` - // The name of the Maintenance Window to be run. + // The name of the maintenance window to be run. Name *string `min:"3" type:"string"` - // The ID of the Maintenance Window to be run. + // The ID of the maintenance window to be run. WindowId *string `min:"20" type:"string"` } @@ -31417,10 +31442,24 @@ type SendAutomationSignalInput struct { // The data sent with the signal. The data schema depends on the type of signal // used in the request. + // + // For Approve and Reject signal types, the payload is an optional comment that + // you can send with the signal type. For example: + // + // Comment="Looks good" + // + // For StartStep and Resume signal types, you must send the name of the Automation + // step to start or resume as the payload. For example: + // + // StepName="step1" + // + // For the StopStep signal type, you must send the step execution ID as the + // payload. For example: + // + // StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab" Payload map[string][]*string `min:"1" type:"map"` - // The type of signal. Valid signal types include the following: Approve and - // Reject + // The type of signal to send to an Automation execution. // // SignalType is a required field SignalType *string `type:"string" required:"true" enum:"SignalType"` @@ -31570,7 +31609,8 @@ type SendCommandInput struct { // The required and optional parameters specified in the document being run. Parameters map[string][]*string `type:"map"` - // The IAM role that Systems Manager uses to send notifications. + // The ARN of the IAM service role to use to publish Amazon Simple Notification + // Service (Amazon SNS) notifications for Run Command commands. ServiceRoleArn *string `type:"string"` // (Optional) An array of search criteria that targets instances using a Key,Value @@ -31980,19 +32020,8 @@ type SessionFilter struct { // by that user. // // * Status: Specify a valid session status to see a list of all sessions - // with that status. Status values you can specify include: - // - // Connected - // - // Connecting - // - // Disconnected - // - // Terminated - // - // Terminating - // - // Failed + // with that status. Status values you can specify include: Connected Connecting + // Disconnected Terminated Terminating Failed // // Value is a required field Value *string `locationName:"value" min:"1" type:"string" required:"true"` @@ -32885,8 +32914,8 @@ func (s StopAutomationExecutionOutput) GoString() string { // Metadata that you assign to your AWS resources. Tags enable you to categorize // your resources in different ways, for example, by purpose, owner, or environment. -// In Systems Manager, you can apply tags to documents, managed instances, Maintenance -// Windows, Parameter Store parameters, and patch baselines. +// In Systems Manager, you can apply tags to documents, managed instances, maintenance +// windows, Parameter Store parameters, and patch baselines. type Tag struct { _ struct{} `type:"structure"` @@ -32954,15 +32983,15 @@ type Target struct { // User-defined criteria for sending commands that target instances that meet // the criteria. Key can be tag:<Amazon EC2 tag> or InstanceIds. For more information // about how to send commands that target instances using Key,Value parameters, - // see Targeting Multiple Instances (http://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-targeting) + // see Using Targets and Rate Controls to Send Commands to a Fleet (https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-targeting) // in the AWS Systems Manager User Guide. Key *string `min:"1" type:"string"` // User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, // you could specify value:WebServer to run a command on instances that include // Amazon EC2 tags of ServerRole,WebServer. For more information about how to - // send commands that target instances using Key,Value parameters, see Sending - // Commands to a Fleet (http://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html) + // send commands that target instances using Key,Value parameters, see Using + // Targets and Rate Controls to Send Commands to a Fleet (https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html) // in the AWS Systems Manager User Guide. Values []*string `type:"list"` } @@ -33016,11 +33045,11 @@ type TargetLocation struct { // The AWS Regions targeted by the current Automation execution. Regions []*string `min:"1" type:"list"` - // The maxium number of AWS accounts and AWS regions allowed to run the Automation + // The maximum number of AWS accounts and AWS regions allowed to run the Automation // concurrently TargetLocationMaxConcurrency *string `min:"1" type:"string"` - // The maxium number of errors allowed before the system stops queueing additional + // The maximum number of errors allowed before the system stops queueing additional // Automation executions for the currently running Automation. TargetLocationMaxErrors *string `min:"1" type:"string"` } @@ -33701,29 +33730,29 @@ func (s *UpdateDocumentOutput) SetDocumentDescription(v *DocumentDescription) *U type UpdateMaintenanceWindowInput struct { _ struct{} `type:"structure"` - // Whether targets must be registered with the Maintenance Window before tasks + // Whether targets must be registered with the maintenance window before tasks // can be defined for those targets. AllowUnassociatedTargets *bool `type:"boolean"` - // The number of hours before the end of the Maintenance Window that Systems + // The number of hours before the end of the maintenance window that Systems // Manager stops scheduling new tasks for execution. Cutoff *int64 `type:"integer"` // An optional description for the update request. Description *string `min:"1" type:"string" sensitive:"true"` - // The duration of the Maintenance Window in hours. + // The duration of the maintenance window in hours. Duration *int64 `min:"1" type:"integer"` - // Whether the Maintenance Window is enabled. + // Whether the maintenance window is enabled. Enabled *bool `type:"boolean"` - // The date and time, in ISO-8601 Extended format, for when you want the Maintenance - // Window to become inactive. EndDate allows you to set a date and time in the - // future when the Maintenance Window will no longer run. + // The date and time, in ISO-8601 Extended format, for when you want the maintenance + // window to become inactive. EndDate allows you to set a date and time in the + // future when the maintenance window will no longer run. EndDate *string `type:"string"` - // The name of the Maintenance Window. + // The name of the maintenance window. Name *string `min:"3" type:"string"` // If True, then all fields that are required by the CreateMaintenanceWindow @@ -33731,22 +33760,22 @@ type UpdateMaintenanceWindowInput struct { // specified are set to null. Replace *bool `type:"boolean"` - // The schedule of the Maintenance Window in the form of a cron or rate expression. + // The schedule of the maintenance window in the form of a cron or rate expression. Schedule *string `min:"1" type:"string"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", // "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database // (https://www.iana.org/time-zones) on the IANA website. ScheduleTimezone *string `type:"string"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", // "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database // (https://www.iana.org/time-zones) on the IANA website. StartDate *string `type:"string"` - // The ID of the Maintenance Window to update. + // The ID of the maintenance window to update. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -33865,46 +33894,46 @@ func (s *UpdateMaintenanceWindowInput) SetWindowId(v string) *UpdateMaintenanceW type UpdateMaintenanceWindowOutput struct { _ struct{} `type:"structure"` - // Whether targets must be registered with the Maintenance Window before tasks + // Whether targets must be registered with the maintenance window before tasks // can be defined for those targets. AllowUnassociatedTargets *bool `type:"boolean"` - // The number of hours before the end of the Maintenance Window that Systems + // The number of hours before the end of the maintenance window that Systems // Manager stops scheduling new tasks for execution. Cutoff *int64 `type:"integer"` // An optional description of the update. Description *string `min:"1" type:"string" sensitive:"true"` - // The duration of the Maintenance Window in hours. + // The duration of the maintenance window in hours. Duration *int64 `min:"1" type:"integer"` - // Whether the Maintenance Window is enabled. + // Whether the maintenance window is enabled. Enabled *bool `type:"boolean"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become inactive. The Maintenance Window will not run + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become inactive. The maintenance window will not run // after this specified time. EndDate *string `type:"string"` - // The name of the Maintenance Window. + // The name of the maintenance window. Name *string `min:"3" type:"string"` - // The schedule of the Maintenance Window in the form of a cron or rate expression. + // The schedule of the maintenance window in the form of a cron or rate expression. Schedule *string `min:"1" type:"string"` - // The time zone that the scheduled Maintenance Window executions are based + // The time zone that the scheduled maintenance window executions are based // on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", // "etc/UTC", or "Asia/Seoul". For more information, see the Time Zone Database // (https://www.iana.org/time-zones) on the IANA website. ScheduleTimezone *string `type:"string"` - // The date and time, in ISO-8601 Extended format, for when the Maintenance - // Window is scheduled to become active. The Maintenance Window will not run + // The date and time, in ISO-8601 Extended format, for when the maintenance + // window is scheduled to become active. The maintenance window will not run // before this specified time. StartDate *string `type:"string"` - // The ID of the created Maintenance Window. + // The ID of the created maintenance window. WindowId *string `min:"20" type:"string"` } @@ -33994,7 +34023,7 @@ type UpdateMaintenanceWindowTargetInput struct { Name *string `min:"3" type:"string"` // User-provided value that will be included in any CloudWatch events raised - // while running tasks for these targets in this Maintenance Window. + // while running tasks for these targets in this maintenance window. OwnerInformation *string `min:"1" type:"string" sensitive:"true"` // If True, then all fields that are required by the RegisterTargetWithMaintenanceWindow @@ -34005,7 +34034,7 @@ type UpdateMaintenanceWindowTargetInput struct { // The targets to add or replace. Targets []*Target `type:"list"` - // The Maintenance Window ID with which to modify the target. + // The maintenance window ID with which to modify the target. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -34124,7 +34153,7 @@ type UpdateMaintenanceWindowTargetOutput struct { // The updated targets. Targets []*Target `type:"list"` - // The Maintenance Window ID specified in the update request. + // The maintenance window ID specified in the update request. WindowId *string `min:"20" type:"string"` // The target ID specified in the update request. @@ -34188,7 +34217,7 @@ type UpdateMaintenanceWindowTaskInput struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. LoggingInfo *LoggingInfo `type:"structure"` // The new MaxConcurrency value you want to specify. MaxConcurrency is the number @@ -34211,20 +34240,18 @@ type UpdateMaintenanceWindowTaskInput struct { // specified are set to null. Replace *bool `type:"boolean"` - // The IAM service role ARN to modify. The system assumes this role during task - // execution. + // The ARN of the IAM service role for Systems Manager to assume when running + // a maintenance window task. If you do not specify a service role ARN, Systems + // Manager uses your account's service-linked role. If no service-linked role + // for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow. // - // If you do not specify a service role ARN, Systems Manager will use your account's - // service-linked role for Systems Manager by default. If no service-linked - // role for Systems Manager exists in your account, it will be created when - // you run RegisterTaskWithMaintenanceWindow without specifying a service role - // ARN. + // For more information, see the following topics in the in the AWS Systems + // Manager User Guide: // - // For more information, see Service-Linked Role Permissions for Systems Manager - // (http://docs.aws.amazon.com/systems-manager/latest/userguide/using-service-linked-roles.html#slr-permissions) - // and Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance - // Window Tasks? (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html#maintenance-window-tasks-service-role) - // in the AWS Systems Manager User Guide. + // * Service-Linked Role Permissions for Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/userguide/using-service-linked-roles.html#slr-permissions) + // + // * Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance + // Window Tasks? (http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html#maintenance-window-tasks-service-role) ServiceRoleArn *string `type:"string"` // The targets (either instances or tags) to modify. Instances are specified @@ -34244,7 +34271,7 @@ type UpdateMaintenanceWindowTaskInput struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. // // The map has the following format: // @@ -34253,7 +34280,7 @@ type UpdateMaintenanceWindowTaskInput struct { // Value: an array of strings, each string is between 1 and 255 characters TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map" sensitive:"true"` - // The Maintenance Window ID that contains the task to modify. + // The maintenance window ID that contains the task to modify. // // WindowId is a required field WindowId *string `min:"20" type:"string" required:"true"` @@ -34426,7 +34453,7 @@ type UpdateMaintenanceWindowTaskOutput struct { // LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, // instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. LoggingInfo *LoggingInfo `type:"structure"` // The updated MaxConcurrency value. @@ -34441,7 +34468,8 @@ type UpdateMaintenanceWindowTaskOutput struct { // The updated priority value. Priority *int64 `type:"integer"` - // The updated service role ARN value. + // The ARN of the IAM service role to use to publish Amazon Simple Notification + // Service (Amazon SNS) notifications for maintenance window Run Command tasks. ServiceRoleArn *string `type:"string"` // The updated target values. @@ -34458,13 +34486,13 @@ type UpdateMaintenanceWindowTaskOutput struct { // TaskParameters has been deprecated. To specify parameters to pass to a task // when it runs, instead use the Parameters option in the TaskInvocationParameters // structure. For information about how Systems Manager handles these options - // for the supported Maintenance Window task types, see MaintenanceWindowTaskInvocationParameters. + // for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. TaskParameters map[string]*MaintenanceWindowTaskParameterValueExpression `type:"map" sensitive:"true"` - // The ID of the Maintenance Window that was updated. + // The ID of the maintenance window that was updated. WindowId *string `min:"20" type:"string"` - // The task ID of the Maintenance Window that was updated. + // The task ID of the maintenance window that was updated. WindowTaskId *string `min:"36" type:"string"` } @@ -34632,7 +34660,7 @@ type UpdatePatchBaselineInput struct { // // For information about accepted formats for lists of approved patches and // rejected patches, see Package Name Formats for Approved and Rejected Patch - // Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) + // Lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the AWS Systems Manager User Guide. ApprovedPatches []*string `type:"list"` @@ -34662,7 +34690,7 @@ type UpdatePatchBaselineInput struct { // // For information about accepted formats for lists of approved patches and // rejected patches, see Package Name Formats for Approved and Rejected Patch - // Lists (http://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) + // Lists (https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) // in the AWS Systems Manager User Guide. RejectedPatches []*string `type:"list"` @@ -35628,6 +35656,14 @@ const ( ) const ( + // ParameterTierStandard is a ParameterTier enum value + ParameterTierStandard = "Standard" + + // ParameterTierAdvanced is a ParameterTier enum value + ParameterTierAdvanced = "Advanced" +) + +const ( // ParameterTypeString is a ParameterType enum value ParameterTypeString = "String" @@ -35712,9 +35748,15 @@ const ( ) const ( + // PatchFilterKeyPatchSet is a PatchFilterKey enum value + PatchFilterKeyPatchSet = "PATCH_SET" + // PatchFilterKeyProduct is a PatchFilterKey enum value PatchFilterKeyProduct = "PRODUCT" + // PatchFilterKeyProductFamily is a PatchFilterKey enum value + PatchFilterKeyProductFamily = "PRODUCT_FAMILY" + // PatchFilterKeyClassification is a PatchFilterKey enum value PatchFilterKeyClassification = "CLASSIFICATION" @@ -35743,6 +35785,34 @@ const ( ) const ( + // PatchPropertyProduct is a PatchProperty enum value + PatchPropertyProduct = "PRODUCT" + + // PatchPropertyProductFamily is a PatchProperty enum value + PatchPropertyProductFamily = "PRODUCT_FAMILY" + + // PatchPropertyClassification is a PatchProperty enum value + PatchPropertyClassification = "CLASSIFICATION" + + // PatchPropertyMsrcSeverity is a PatchProperty enum value + PatchPropertyMsrcSeverity = "MSRC_SEVERITY" + + // PatchPropertyPriority is a PatchProperty enum value + PatchPropertyPriority = "PRIORITY" + + // PatchPropertySeverity is a PatchProperty enum value + PatchPropertySeverity = "SEVERITY" +) + +const ( + // PatchSetOs is a PatchSet enum value + PatchSetOs = "OS" + + // PatchSetApplication is a PatchSet enum value + PatchSetApplication = "APPLICATION" +) + +const ( // PingStatusOnline is a PingStatus enum value PingStatusOnline = "Online" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go index 6964adba..48d6d3ee 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/doc.go @@ -15,7 +15,7 @@ // (http://docs.aws.amazon.com/systems-manager/latest/userguide/). // // To get started, verify prerequisites and configure managed instances. For -// more information, see Systems Manager Prerequisites (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up.html) +// more information, see Setting Up AWS Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up.html) // in the AWS Systems Manager User Guide. // // For information about other API actions you can perform on Amazon EC2 instances, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go index 4a473c6f..a9650950 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssm/errors.go @@ -126,8 +126,8 @@ const ( // ErrCodeDoesNotExistException for service response error code // "DoesNotExistException". // - // Error returned when the ID specified for a resource, such as a Maintenance - // Window or Patch baseline, doesn't exist. + // Error returned when the ID specified for a resource, such as a maintenance + // window or Patch baseline, doesn't exist. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -183,6 +183,14 @@ const ( // don't match the original call to the API with the same idempotency token. ErrCodeIdempotentParameterMismatch = "IdempotentParameterMismatch" + // ErrCodeIncompatiblePolicyException for service response error code + // "IncompatiblePolicyException". + // + // There is a conflict in the policies specified for this parameter. You can't, + // for example, specify two Expiration policies for a parameter. Review your + // policies, and try again. + ErrCodeIncompatiblePolicyException = "IncompatiblePolicyException" + // ErrCodeInternalServerError for service response error code // "InternalServerError". // @@ -264,7 +272,7 @@ const ( // ErrCodeInvalidDeletionIdException for service response error code // "InvalidDeletionIdException". // - // The ID specified for the delete operation does not exist or is not valide. + // The ID specified for the delete operation does not exist or is not valid. // Verify the ID and try again. ErrCodeInvalidDeletionIdException = "InvalidDeletionIdException" @@ -433,6 +441,19 @@ const ( // The plugin name is not valid. ErrCodeInvalidPluginName = "InvalidPluginName" + // ErrCodeInvalidPolicyAttributeException for service response error code + // "InvalidPolicyAttributeException". + // + // A policy attribute or its value is invalid. + ErrCodeInvalidPolicyAttributeException = "InvalidPolicyAttributeException" + + // ErrCodeInvalidPolicyTypeException for service response error code + // "InvalidPolicyTypeException". + // + // The policy type is not supported. Parameter Store supports the following + // policy types: Expiration, ExpirationNotification, and NoChangeNotification. + ErrCodeInvalidPolicyTypeException = "InvalidPolicyTypeException" + // ErrCodeInvalidResourceId for service response error code // "InvalidResourceId". // @@ -492,7 +513,7 @@ const ( // "InvocationDoesNotExist". // // The command ID and instance ID you specified did not match any invocations. - // Verify the command ID adn the instance ID and try again. + // Verify the command ID and the instance ID and try again. ErrCodeInvocationDoesNotExist = "InvocationDoesNotExist" // ErrCodeItemContentMismatchException for service response error code @@ -557,6 +578,13 @@ const ( // and version, and try again. ErrCodeParameterVersionNotFound = "ParameterVersionNotFound" + // ErrCodePoliciesLimitExceededException for service response error code + // "PoliciesLimitExceededException". + // + // You specified more than the maximum number of allowed policies for the parameter. + // The maximum is 10. + ErrCodePoliciesLimitExceededException = "PoliciesLimitExceededException" + // ErrCodeResourceDataSyncAlreadyExistsException for service response error code // "ResourceDataSyncAlreadyExistsException". // @@ -592,7 +620,7 @@ const ( // "ResourceLimitExceededException". // // Error returned when the caller has exceeded the default resource limits. - // For example, too many Maintenance Windows or Patch baselines have been created. + // For example, too many maintenance windows or patch baselines have been created. // // For information about resource limits in Systems Manager, see AWS Systems // Manager Limits (http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ssm). @@ -653,6 +681,16 @@ const ( // The size of inventory data has exceeded the total size limit for the resource. ErrCodeTotalSizeLimitExceededException = "TotalSizeLimitExceededException" + // ErrCodeUnsupportedFeatureRequiredException for service response error code + // "UnsupportedFeatureRequiredException". + // + // Microsoft application patching is only available on EC2 instances and Advanced + // Instances. To patch Microsoft applications on on-premises servers and VMs, + // you must enable Advanced Instances. For more information, see Using the Advanced-Instances + // Tier (http://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances-advanced.html) + // in the AWS Systems Manager User Guide. + ErrCodeUnsupportedFeatureRequiredException = "UnsupportedFeatureRequiredException" + // ErrCodeUnsupportedInventoryItemContextException for service response error code // "UnsupportedInventoryItemContextException". // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 81130896..9e610591 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -3,6 +3,7 @@ package sts import ( + "fmt" "time" "github.com/aws/aws-sdk-go/aws" @@ -55,38 +56,26 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // AssumeRole API operation for AWS Security Token Service. // -// Returns a set of temporary security credentials (consisting of an access -// key ID, a secret access key, and a security token) that you can use to access -// AWS resources that you might not normally have access to. Typically, you -// use AssumeRole for cross-account access or federation. For a comparison of -// AssumeRole with the other APIs that produce temporary credentials, see Requesting -// Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Returns a set of temporary security credentials that you can use to access +// AWS resources that you might not normally have access to. These temporary +// credentials consist of an access key ID, a secret access key, and a security +// token. Typically, you use AssumeRole within your account or for cross-account +// access. For a comparison of AssumeRole with other API operations that produce +// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// Important: You cannot call AssumeRole by using AWS root account credentials; -// access is denied. You must use credentials for an IAM user or an IAM role -// to call AssumeRole. +// You cannot use AWS account root user credentials to call AssumeRole. You +// must use credentials for an IAM user or an IAM role to call AssumeRole. // // For cross-account access, imagine that you own multiple accounts and need // to access resources in each account. You could create long-term credentials // in each account to access those resources. However, managing all those credentials // and remembering which one can access which account can be time consuming. -// Instead, you can create one set of long-term credentials in one account and -// then use temporary security credentials to access all the other accounts +// Instead, you can create one set of long-term credentials in one account. +// Then use temporary security credentials to access all the other accounts // by assuming roles in those accounts. For more information about roles, see -// IAM Roles (Delegation and Federation) (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) -// in the IAM User Guide. -// -// For federation, you can, for example, grant single sign-on access to the -// AWS Management Console. If you already have an identity and authentication -// system in your corporate network, you don't have to recreate user identities -// in AWS in order to grant those user identities access to AWS. Instead, after -// a user has been authenticated, you call AssumeRole (and specify the role -// with the appropriate permissions) to get temporary security credentials for -// that user. With those temporary security credentials, you construct a sign-in -// URL that users can use to access the console. For more information, see Common -// Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction) +// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) // in the IAM User Guide. // // By default, the temporary security credentials created by AssumeRole last @@ -95,69 +84,73 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // seconds (15 minutes) up to the maximum session duration setting for the role. // This setting can have a value from 1 hour to 12 hours. To learn how to view // the maximum value for your role, see View the Maximum Session Duration Setting -// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) +// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. The maximum session duration limit applies when you -// use the AssumeRole* API operations or the assume-role* CLI operations but -// does not apply when you use those operations to create a console URL. For -// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) +// use the AssumeRole* API operations or the assume-role* CLI commands. However +// the limit does not apply when you use those operations to create a console +// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // // The temporary security credentials created by AssumeRole can be used to make -// API calls to any AWS service with the following exception: you cannot call -// the STS service's GetFederationToken or GetSessionToken APIs. -// -// Optionally, you can pass an IAM access policy to this operation. If you choose -// not to pass a policy, the temporary security credentials that are returned -// by the operation have the permissions that are defined in the access policy -// of the role that is being assumed. If you pass a policy to this operation, -// the temporary security credentials that are returned by the operation have -// the permissions that are allowed by both the access policy of the role that -// is being assumed, and the policy that you pass. This gives you a way to further -// restrict the permissions for the resulting temporary security credentials. -// You cannot use the passed policy to grant permissions that are in excess -// of those allowed by the access policy of the role that is being assumed. -// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, -// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) +// API calls to any AWS service with the following exception: You cannot call +// the AWS STS GetFederationToken or GetSessionToken API operations. +// +// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to +// use as managed session policies. The plain text that you use for both inline +// and managed session policies shouldn't exceed 2048 characters. Passing policies +// to this operation returns new temporary credentials. The resulting session's +// permissions are the intersection of the role's identity-based policy and +// the session policies. You can use the role's temporary credentials in subsequent +// AWS API calls to access resources in the account that owns the role. You +// cannot use session policies to grant more permissions than those allowed +// by the identity-based policy of the role that is being assumed. For more +// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// To assume a role, your AWS account must be trusted by the role. The trust -// relationship is defined in the role's trust policy when the role is created. -// That trust policy states which accounts are allowed to delegate access to -// this account's role. -// -// The user who wants to access the role must also have permissions delegated -// from the role's administrator. If the user is in a different account than -// the role, then the user's administrator must attach a policy that allows -// the user to call AssumeRole on the ARN of the role in the other account. -// If the user is in the same account as the role, then you can either attach -// a policy to the user (identical to the previous different account user), -// or you can add the user as a principal directly in the role's trust policy. -// In this case, the trust policy acts as the only resource-based policy in -// IAM, and users in the same account as the role do not need explicit permission -// to assume the role. For more information about trust policies and resource-based -// policies, see IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) +// To assume a role from a different account, your AWS account must be trusted +// by the role. The trust relationship is defined in the role's trust policy +// when the role is created. That trust policy states which accounts are allowed +// to delegate that access to users in the account. +// +// A user who wants to access a role in a different account must also have permissions +// that are delegated from the user account administrator. The administrator +// must attach a policy that allows the user to call AssumeRole for the ARN +// of the role in the other account. If the user is in the same account as the +// role, then you can do either of the following: +// +// * Attach a policy to the user (identical to the previous user in a different +// account). +// +// * Add the user as a principal directly in the role's trust policy. +// +// In this case, the trust policy acts as an IAM resource-based policy. Users +// in the same account as the role do not need explicit permission to assume +// the role. For more information about trust policies and resource-based policies, +// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) // in the IAM User Guide. // // Using MFA with AssumeRole // -// You can optionally include multi-factor authentication (MFA) information -// when you call AssumeRole. This is useful for cross-account scenarios in which -// you want to make sure that the user who is assuming the role has been authenticated -// using an AWS MFA device. In that scenario, the trust policy of the role being -// assumed includes a condition that tests for MFA authentication; if the caller -// does not include valid MFA information, the request to assume the role is -// denied. The condition in a trust policy that tests for MFA authentication -// might look like the following example. +// (Optional) You can include multi-factor authentication (MFA) information +// when you call AssumeRole. This is useful for cross-account scenarios to ensure +// that the user that assumes the role has been authenticated with an AWS MFA +// device. In that scenario, the trust policy of the role being assumed includes +// a condition that tests for MFA authentication. If the caller does not include +// valid MFA information, the request to assume the role is denied. The condition +// in a trust policy that tests for MFA authentication might look like the following +// example. // // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} // -// For more information, see Configuring MFA-Protected API Access (http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) +// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) // in the IAM User Guide guide. // // To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode // parameters. The SerialNumber value identifies the user's hardware or virtual // MFA device. The TokenCode is the time-based one-time password (TOTP) that -// the MFA devices produces. +// the MFA device produces. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -180,7 +173,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole @@ -254,9 +247,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // via a SAML authentication response. This operation provides a mechanism for // tying an enterprise identity store or directory to role-based AWS access // without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML -// with the other APIs that produce temporary credentials, see Requesting Temporary -// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this operation consist of @@ -271,37 +264,36 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session // duration setting for the role. This setting can have a value from 1 hour // to 12 hours. To learn how to view the maximum value for your role, see View -// the Maximum Session Duration Setting for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) +// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. The maximum session duration limit applies when you -// use the AssumeRole* API operations or the assume-role* CLI operations but -// does not apply when you use those operations to create a console URL. For -// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) +// use the AssumeRole* API operations or the assume-role* CLI commands. However +// the limit does not apply when you use those operations to create a console +// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // // The temporary security credentials created by AssumeRoleWithSAML can be used // to make API calls to any AWS service with the following exception: you cannot -// call the STS service's GetFederationToken or GetSessionToken APIs. -// -// Optionally, you can pass an IAM access policy to this operation. If you choose -// not to pass a policy, the temporary security credentials that are returned -// by the operation have the permissions that are defined in the access policy -// of the role that is being assumed. If you pass a policy to this operation, -// the temporary security credentials that are returned by the operation have -// the permissions that are allowed by the intersection of both the access policy -// of the role that is being assumed, and the policy that you pass. This means -// that both policies must grant the permission for the action to be allowed. -// This gives you a way to further restrict the permissions for the resulting -// temporary security credentials. You cannot use the passed policy to grant -// permissions that are in excess of those allowed by the access policy of the -// role that is being assumed. For more information, see Permissions for AssumeRole, -// AssumeRoleWithSAML, and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) +// call the STS GetFederationToken or GetSessionToken API operations. +// +// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to +// use as managed session policies. The plain text that you use for both inline +// and managed session policies shouldn't exceed 2048 characters. Passing policies +// to this operation returns new temporary credentials. The resulting session's +// permissions are the intersection of the role's identity-based policy and +// the session policies. You can use the role's temporary credentials in subsequent +// AWS API calls to access resources in the account that owns the role. You +// cannot use session policies to grant more permissions than those allowed +// by the identity-based policy of the role that is being assumed. For more +// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // Before your application can call AssumeRoleWithSAML, you must configure your // SAML identity provider (IdP) to issue the claims required by AWS. Additionally, // you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider, and create -// an IAM role that specifies this SAML provider in its trust policy. +// entity in your AWS account that represents your identity provider. You must +// also create an IAM role that specifies this SAML provider in its trust policy. // // Calling AssumeRoleWithSAML does not require the use of AWS security credentials. // The identity of the caller is validated by using keys in the metadata document @@ -315,16 +307,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // For more information, see the following resources: // -// * About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) +// * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // in the IAM User Guide. // -// * Creating SAML Identity Providers (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) +// * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) // in the IAM User Guide. // -// * Configuring a Relying Party and Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) +// * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) // in the IAM User Guide. // -// * Creating a Role for SAML 2.0 Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) +// * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -363,7 +355,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML @@ -434,35 +426,35 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // AssumeRoleWithWebIdentity API operation for AWS Security Token Service. // // Returns a set of temporary security credentials for users who have been authenticated -// in a mobile or web application with a web identity provider, such as Amazon -// Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible -// identity provider. +// in a mobile or web application with a web identity provider. Example providers +// include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID +// Connect-compatible identity provider. // // For mobile applications, we recommend that you use Amazon Cognito. You can -// use Amazon Cognito with the AWS SDK for iOS (http://aws.amazon.com/sdkforios/) -// and the AWS SDK for Android (http://aws.amazon.com/sdkforandroid/) to uniquely -// identify a user and supply the user with a consistent identity throughout -// the lifetime of an application. -// -// To learn more about Amazon Cognito, see Amazon Cognito Overview (http://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in the AWS SDK for Android Developer Guide guide and Amazon Cognito Overview -// (http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) +// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) +// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) +// to uniquely identify a user. You can also supply the user with a consistent +// identity throughout the lifetime of an application. +// +// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) +// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) // in the AWS SDK for iOS Developer Guide. // // Calling AssumeRoleWithWebIdentity does not require the use of AWS security // credentials. Therefore, you can distribute an application (for example, on // mobile devices) that requests temporary security credentials without including -// long-term AWS credentials in the application, and without deploying server-based -// proxy services that use long-term AWS credentials. Instead, the identity -// of the caller is validated by using a token from the web identity provider. -// For a comparison of AssumeRoleWithWebIdentity with the other APIs that produce -// temporary credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// long-term AWS credentials in the application. You also don't need to deploy +// server-based proxy services that use long-term AWS credentials. Instead, +// the identity of the caller is validated by using a token from the web identity +// provider. For a comparison of AssumeRoleWithWebIdentity with the other API +// operations that produce temporary credentials, see Requesting Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these -// temporary security credentials to sign calls to AWS service APIs. +// temporary security credentials to sign calls to AWS service API operations. // // By default, the temporary security credentials created by AssumeRoleWithWebIdentity // last for one hour. However, you can use the optional DurationSeconds parameter @@ -470,29 +462,29 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // seconds (15 minutes) up to the maximum session duration setting for the role. // This setting can have a value from 1 hour to 12 hours. To learn how to view // the maximum value for your role, see View the Maximum Session Duration Setting -// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) +// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. The maximum session duration limit applies when you -// use the AssumeRole* API operations or the assume-role* CLI operations but -// does not apply when you use those operations to create a console URL. For -// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) +// use the AssumeRole* API operations or the assume-role* CLI commands. However +// the limit does not apply when you use those operations to create a console +// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // // The temporary security credentials created by AssumeRoleWithWebIdentity can // be used to make API calls to any AWS service with the following exception: -// you cannot call the STS service's GetFederationToken or GetSessionToken APIs. -// -// Optionally, you can pass an IAM access policy to this operation. If you choose -// not to pass a policy, the temporary security credentials that are returned -// by the operation have the permissions that are defined in the access policy -// of the role that is being assumed. If you pass a policy to this operation, -// the temporary security credentials that are returned by the operation have -// the permissions that are allowed by both the access policy of the role that -// is being assumed, and the policy that you pass. This gives you a way to further -// restrict the permissions for the resulting temporary security credentials. -// You cannot use the passed policy to grant permissions that are in excess -// of those allowed by the access policy of the role that is being assumed. -// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, -// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) +// you cannot call the STS GetFederationToken or GetSessionToken API operations. +// +// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to +// use as managed session policies. The plain text that you use for both inline +// and managed session policies shouldn't exceed 2048 characters. Passing policies +// to this operation returns new temporary credentials. The resulting session's +// permissions are the intersection of the role's identity-based policy and +// the session policies. You can use the role's temporary credentials in subsequent +// AWS API calls to access resources in the account that owns the role. You +// cannot use session policies to grant more permissions than those allowed +// by the identity-based policy of the role that is being assumed. For more +// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // Before your application can call AssumeRoleWithWebIdentity, you must have @@ -511,21 +503,19 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity // API, see the following resources: // -// * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) -// and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). -// -// -// * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html). -// This interactive website lets you walk through the process of authenticating -// via Login with Amazon, Facebook, or Google, getting temporary security -// credentials, and then using those credentials to make a request to AWS. +// * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) +// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). // +// * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html). +// Walk through the process of authenticating through Login with Amazon, +// Facebook, or Google, getting temporary security credentials, and then +// using those credentials to make a request to AWS. // -// * AWS SDK for iOS (http://aws.amazon.com/sdkforios/) and AWS SDK for Android -// (http://aws.amazon.com/sdkforandroid/). These toolkits contain sample -// apps that show how to invoke the identity providers, and then how to use -// the information from these providers to get and use temporary security -// credentials. +// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and +// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). +// These toolkits contain sample apps that show how to invoke the identity +// providers, and then how to use the information from these providers to +// get and use temporary security credentials. // // * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). // This article discusses web identity federation and shows an example of @@ -575,7 +565,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity @@ -647,17 +637,17 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // Decodes additional information about the authorization status of a request // from an encoded message returned in response to an AWS request. // -// For example, if a user is not authorized to perform an action that he or -// she has requested, the request returns a Client.UnauthorizedOperation response -// (an HTTP 403 response). Some AWS actions additionally return an encoded message -// that can provide details about this authorization failure. +// For example, if a user is not authorized to perform an operation that he +// or she has requested, the request returns a Client.UnauthorizedOperation +// response (an HTTP 403 response). Some AWS operations additionally return +// an encoded message that can provide details about this authorization failure. // -// Only certain AWS actions return an encoded authorization message. The documentation -// for an individual action indicates whether that action returns an encoded -// message in addition to returning an HTTP code. +// Only certain AWS operations return an encoded authorization message. The +// documentation for an individual operation indicates whether that operation +// returns an encoded message in addition to returning an HTTP code. // // The message is encoded because the details of the authorization status can -// constitute privileged information that the user who requested the action +// constitute privileged information that the user who requested the operation // should not see. To decode an authorization status message, a user must be // granted permissions via an IAM policy to request the DecodeAuthorizationMessage // (sts:DecodeAuthorizationMessage) action. @@ -666,7 +656,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // // * Whether the request was denied due to an explicit deny or due to the // absence of an explicit allow. For more information, see Determining Whether -// a Request is Allowed or Denied (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) +// a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) // in the IAM User Guide. // // * The principal who made the request. @@ -834,81 +824,65 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // Returns a set of temporary security credentials (consisting of an access // key ID, a secret access key, and a security token) for a federated user. // A typical use is in a proxy application that gets temporary security credentials -// on behalf of distributed applications inside a corporate network. Because -// you must call the GetFederationToken action using the long-term security -// credentials of an IAM user, this call is appropriate in contexts where those +// on behalf of distributed applications inside a corporate network. You must +// call the GetFederationToken operation using the long-term security credentials +// of an IAM user. As a result, this call is appropriate in contexts where those // credentials can be safely stored, usually in a server-based application. -// For a comparison of GetFederationToken with the other APIs that produce temporary -// credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// For a comparison of GetFederationToken with the other API operations that +// produce temporary credentials, see Requesting Temporary Security Credentials +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// If you are creating a mobile-based or browser-based app that can authenticate +// You can create a mobile-based or browser-based app that can authenticate // users using a web identity provider like Login with Amazon, Facebook, Google, -// or an OpenID Connect-compatible identity provider, we recommend that you -// use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. +// or an OpenID Connect-compatible identity provider. In this case, we recommend +// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. // For more information, see Federation Through a Web-based Identity Provider -// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). -// -// The GetFederationToken action must be called by using the long-term AWS security -// credentials of an IAM user. You can also call GetFederationToken using the -// security credentials of an AWS root account, but we do not recommended it. -// Instead, we recommend that you create an IAM user for the purpose of the -// proxy application and then attach a policy to the IAM user that limits federated -// users to only the actions and resources that they need access to. For more -// information, see IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). +// +// You can also call GetFederationToken using the security credentials of an +// AWS account root user, but we do not recommend it. Instead, we recommend +// that you create an IAM user for the purpose of the proxy application. Then +// attach a policy to the IAM user that limits federated users to only the actions +// and resources that they need to access. For more information, see IAM Best +// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // -// The temporary security credentials that are obtained by using the long-term -// credentials of an IAM user are valid for the specified duration, from 900 -// seconds (15 minutes) up to a maximium of 129600 seconds (36 hours). The default -// is 43200 seconds (12 hours). Temporary credentials that are obtained by using -// AWS root account credentials have a maximum duration of 3600 seconds (1 hour). +// The temporary credentials are valid for the specified duration, from 900 +// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default +// is 43,200 seconds (12 hours). Temporary credentials that are obtained by +// using AWS account root user credentials have a maximum duration of 3,600 +// seconds (1 hour). // // The temporary security credentials created by GetFederationToken can be used // to make API calls to any AWS service with the following exceptions: // -// * You cannot use these credentials to call any IAM APIs. +// * You cannot use these credentials to call any IAM API operations. // -// * You cannot call any STS APIs except GetCallerIdentity. +// * You cannot call any STS API operations except GetCallerIdentity. // // Permissions // -// The permissions for the temporary security credentials returned by GetFederationToken -// are determined by a combination of the following: -// -// * The policy or policies that are attached to the IAM user whose credentials -// are used to call GetFederationToken. -// -// * The policy that is passed as a parameter in the call. -// -// The passed policy is attached to the temporary security credentials that -// result from the GetFederationToken API call--that is, to the federated user. -// When the federated user makes an AWS request, AWS evaluates the policy attached -// to the federated user in combination with the policy or policies attached -// to the IAM user whose credentials were used to call GetFederationToken. AWS -// allows the federated user's request only when both the federated user and -// the IAM user are explicitly allowed to perform the requested action. The -// passed policy cannot grant more permissions than those that are defined in -// the IAM user policy. -// -// A typical use case is that the permissions of the IAM user whose credentials -// are used to call GetFederationToken are designed to allow access to all the -// actions and resources that any federated user will need. Then, for individual -// users, you pass a policy to the operation that scopes down the permissions -// to a level that's appropriate to that individual user, using a policy that -// allows only a subset of permissions that are granted to the IAM user. -// -// If you do not pass a policy, the resulting temporary security credentials -// have no effective permissions. The only exception is when the temporary security -// credentials are used to access a resource that has a resource-based policy -// that specifically allows the federated user to access the resource. -// -// For more information about how permissions work, see Permissions for GetFederationToken -// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html). -// For information about using GetFederationToken to create temporary security -// credentials, see GetFederationToken—Federation Through a Custom Identity -// Broker (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). +// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to +// use as managed session policies. The plain text that you use for both inline +// and managed session policies shouldn't exceed 2048 characters. +// +// Though the session policy parameters are optional, if you do not pass a policy, +// then the resulting federated user session has no permissions. The only exception +// is when the credentials are used to access a resource that has a resource-based +// policy that specifically references the federated user session in the Principal +// element of the policy. When you pass session policies, the session permissions +// are the intersection of the IAM user policies and the session policies that +// you pass. This gives you a way to further restrict the permissions for a +// federated user. You cannot use session policies to grant more permissions +// than those that are defined in the permissions policy of the IAM user. For +// more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// in the IAM User Guide. For information about using GetFederationToken to +// create temporary security credentials, see GetFederationToken—Federation +// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -931,7 +905,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken @@ -1003,48 +977,47 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // Returns a set of temporary credentials for an AWS account or IAM user. The // credentials consist of an access key ID, a secret access key, and a security // token. Typically, you use GetSessionToken if you want to use MFA to protect -// programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled -// IAM users would need to call GetSessionToken and submit an MFA code that -// is associated with their MFA device. Using the temporary security credentials -// that are returned from the call, IAM users can then make programmatic calls -// to APIs that require MFA authentication. If you do not supply a correct MFA -// code, then the API returns an access denied error. For a comparison of GetSessionToken -// with the other APIs that produce temporary credentials, see Requesting Temporary -// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. +// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA +// code that is associated with their MFA device. Using the temporary security +// credentials that are returned from the call, IAM users can then make programmatic +// calls to API operations that require MFA authentication. If you do not supply +// a correct MFA code, then the API returns an access denied error. For a comparison +// of GetSessionToken with the other API operations that produce temporary credentials, +// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// The GetSessionToken action must be called by using the long-term AWS security -// credentials of the AWS account or an IAM user. Credentials that are created -// by IAM users are valid for the duration that you specify, from 900 seconds -// (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default -// of 43200 seconds (12 hours); credentials that are created by using account -// credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 -// seconds (1 hour), with a default of 1 hour. +// The GetSessionToken operation must be called by using the long-term AWS security +// credentials of the AWS account root user or an IAM user. Credentials that +// are created by IAM users are valid for the duration that you specify. This +// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 +// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials +// based on account credentials can range from 900 seconds (15 minutes) up to +// 3,600 seconds (1 hour), with a default of 1 hour. // // The temporary security credentials created by GetSessionToken can be used // to make API calls to any AWS service with the following exceptions: // -// * You cannot call any IAM APIs unless MFA authentication information is -// included in the request. +// * You cannot call any IAM API operations unless MFA authentication information +// is included in the request. // -// * You cannot call any STS API exceptAssumeRole or GetCallerIdentity. +// * You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with root account credentials. -// Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) +// We recommend that you do not call GetSessionToken with AWS account root user +// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) // by creating one or more IAM users, giving them the necessary permissions, // and using IAM users for everyday interaction with AWS. // -// The permissions associated with the temporary security credentials returned -// by GetSessionToken are based on the permissions associated with account or -// IAM user whose credentials are used to call the action. If GetSessionToken -// is called using root account credentials, the temporary credentials have -// root account permissions. Similarly, if GetSessionToken is called using the -// credentials of an IAM user, the temporary credentials have the same permissions -// as the IAM user. +// The credentials that are returned by GetSessionToken are based on permissions +// associated with the user whose credentials were used to call the operation. +// If GetSessionToken is called using AWS account root user credentials, the +// temporary credentials have root user permissions. Similarly, if GetSessionToken +// is called using the credentials of an IAM user, the temporary credentials +// have the same permissions as the IAM user. // // For more information about using GetSessionToken to create temporary credentials, -// go to Temporary Credentials for Users in Untrusted Environments (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) +// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1059,7 +1032,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken @@ -1094,7 +1067,7 @@ type AssumeRoleInput struct { // a session duration of 12 hours, but your administrator set the maximum session // duration to 6 hours, your operation fails. To learn how to view the maximum // value for your role, see View the Maximum Session Duration Setting for a - // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) + // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. // // By default, the value is set to 3600 seconds. @@ -1104,51 +1077,77 @@ type AssumeRoleInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` - // A unique identifier that is used by third parties when assuming roles in - // their customers' accounts. For each role that the third party can assume, - // they should instruct their customers to ensure the role's trust policy checks - // for the external ID that the third party generated. Each time the third party - // assumes the role, they should pass the customer's external ID. The external - // ID is useful in order to help third parties bind a role to the customer who - // created it. For more information about the external ID, see How to Use an - // External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) + // A unique identifier that might be required when you assume a role in another + // account. If the administrator of the account to which the role belongs provided + // you with an external ID, then provide that value in the ExternalId parameter. + // This value can be any string, such as a passphrase or account number. A cross-account + // role is usually set up to trust everyone in an account. Therefore, the administrator + // of the trusting account might send an external ID to the administrator of + // the trusted account. That way, only someone with the ID can assume the role, + // rather than everyone in the account. For more information about the external + // ID, see How to Use an External ID When Granting Access to Your AWS Resources + // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) // in the IAM User Guide. // - // The regex used to validated this parameter is a string of characters consisting + // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can // also include underscores or any of the following characters: =,.@:/- ExternalId *string `min:"2" type:"string"` - // An IAM policy in JSON format. - // - // This parameter is optional. If you pass a policy, the temporary security - // credentials that are returned by the operation have the permissions that - // are allowed by both (the intersection of) the access policy of the role that - // is being assumed, and the policy that you pass. This gives you a way to further - // restrict the permissions for the resulting temporary security credentials. - // You cannot use the passed policy to grant permissions that are in excess - // of those allowed by the access policy of the role that is being assumed. - // For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, - // and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) + // An IAM policy in JSON format that you want to use as an inline session policy. + // + // This parameter is optional. Passing policies to this operation returns new + // temporary credentials. The resulting session's permissions are the intersection + // of the role's identity-based policy and the session policies. You can use + // the role's temporary credentials in subsequent AWS API calls to access resources + // in the account that owns the role. You cannot use session policies to grant + // more permissions than those allowed by the identity-based policy of the role + // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The format for this parameter, as described by its regex pattern, is a string - // of characters up to 2048 characters in length. The characters can be any - // ASCII character from the space character to the end of the valid character - // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), + // The plain text that you use for both inline and managed session policies + // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // character from the space character to the end of the valid character list + // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The policy plain text must be 2048 bytes or shorter. However, an internal - // conversion compresses it into a packed binary format with a separate limit. - // The PackedPolicySize response element indicates by percentage how close to - // the upper size limit the policy is, with 100% equaling the maximum allowed - // size. + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. Policy *string `min:"1" type:"string"` + // The Amazon Resource Names (ARNs) of the IAM managed policies that you want + // to use as managed session policies. The policies must exist in the same account + // as the role. + // + // This parameter is optional. You can provide up to 10 managed policy ARNs. + // However, the plain text that you use for both inline and managed session + // policies shouldn't exceed 2048 characters. For more information about ARNs, + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // in the AWS General Reference. + // + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. + // + // Passing policies to this operation returns new temporary credentials. The + // resulting session's permissions are the intersection of the role's identity-based + // policy and the session policies. You can use the role's temporary credentials + // in subsequent AWS API calls to access resources in the account that owns + // the role. You cannot use session policies to grant more permissions than + // those allowed by the identity-based policy of the role that is being assumed. + // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in the IAM User Guide. + PolicyArns []*PolicyDescriptorType `type:"list"` + // The Amazon Resource Name (ARN) of the role to assume. // // RoleArn is a required field @@ -1161,8 +1160,8 @@ type AssumeRoleInput struct { // scenarios, the role session name is visible to, and can be logged by the // account that owns the role. The role session name is also used in the ARN // of the assumed role principal. This means that subsequent cross-account API - // requests using the temporary security credentials will expose the role session - // name to the external account in their CloudTrail logs. + // requests that use the temporary security credentials will expose the role + // session name to the external account in their AWS CloudTrail logs. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -1232,6 +1231,16 @@ func (s *AssumeRoleInput) Validate() error { if s.TokenCode != nil && len(*s.TokenCode) < 6 { invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) } + if s.PolicyArns != nil { + for i, v := range s.PolicyArns { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -1257,6 +1266,12 @@ func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput { return s } +// SetPolicyArns sets the PolicyArns field's value. +func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput { + s.PolicyArns = v + return s +} + // SetRoleArn sets the RoleArn field's value. func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { s.RoleArn = &v @@ -1296,10 +1311,8 @@ type AssumeRoleOutput struct { // The temporary security credentials, which include an access key ID, a secret // access key, and a security (or session) token. // - // Note: The size of the security token that STS APIs return is not fixed. We - // strongly recommend that you make no assumptions about the maximum size. As - // of this writing, the typical size is less than 4096 bytes, but that can vary. - // Also, future updates to AWS might require larger sizes. + // The size of the security token that STS API operations return is not fixed. + // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` // A percentage value that indicates the size of the policy in packed form. @@ -1349,7 +1362,7 @@ type AssumeRoleWithSAMLInput struct { // specify a session duration of 12 hours, but your administrator set the maximum // session duration to 6 hours, your operation fails. To learn how to view the // maximum value for your role, see View the Maximum Session Duration Setting - // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) + // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. // // By default, the value is set to 3600 seconds. @@ -1359,36 +1372,60 @@ type AssumeRoleWithSAMLInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` - // An IAM policy in JSON format. - // - // The policy parameter is optional. If you pass a policy, the temporary security - // credentials that are returned by the operation have the permissions that - // are allowed by both the access policy of the role that is being assumed, - // and the policy that you pass. This gives you a way to further restrict the - // permissions for the resulting temporary security credentials. You cannot - // use the passed policy to grant permissions that are in excess of those allowed - // by the access policy of the role that is being assumed. For more information, - // Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity - // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) + // An IAM policy in JSON format that you want to use as an inline session policy. + // + // This parameter is optional. Passing policies to this operation returns new + // temporary credentials. The resulting session's permissions are the intersection + // of the role's identity-based policy and the session policies. You can use + // the role's temporary credentials in subsequent AWS API calls to access resources + // in the account that owns the role. You cannot use session policies to grant + // more permissions than those allowed by the identity-based policy of the role + // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The format for this parameter, as described by its regex pattern, is a string - // of characters up to 2048 characters in length. The characters can be any - // ASCII character from the space character to the end of the valid character - // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), + // The plain text that you use for both inline and managed session policies + // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // character from the space character to the end of the valid character list + // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The policy plain text must be 2048 bytes or shorter. However, an internal - // conversion compresses it into a packed binary format with a separate limit. - // The PackedPolicySize response element indicates by percentage how close to - // the upper size limit the policy is, with 100% equaling the maximum allowed - // size. + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. Policy *string `min:"1" type:"string"` + // The Amazon Resource Names (ARNs) of the IAM managed policies that you want + // to use as managed session policies. The policies must exist in the same account + // as the role. + // + // This parameter is optional. You can provide up to 10 managed policy ARNs. + // However, the plain text that you use for both inline and managed session + // policies shouldn't exceed 2048 characters. For more information about ARNs, + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // in the AWS General Reference. + // + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. + // + // Passing policies to this operation returns new temporary credentials. The + // resulting session's permissions are the intersection of the role's identity-based + // policy and the session policies. You can use the role's temporary credentials + // in subsequent AWS API calls to access resources in the account that owns + // the role. You cannot use session policies to grant more permissions than + // those allowed by the identity-based policy of the role that is being assumed. + // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in the IAM User Guide. + PolicyArns []*PolicyDescriptorType `type:"list"` + // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes // the IdP. // @@ -1402,8 +1439,8 @@ type AssumeRoleWithSAMLInput struct { // The base-64 encoded SAML authentication response provided by the IdP. // - // For more information, see Configuring a Relying Party and Adding Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) - // in the Using IAM guide. + // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) + // in the IAM User Guide. // // SAMLAssertion is a required field SAMLAssertion *string `min:"4" type:"string" required:"true"` @@ -1446,6 +1483,16 @@ func (s *AssumeRoleWithSAMLInput) Validate() error { if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 { invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4)) } + if s.PolicyArns != nil { + for i, v := range s.PolicyArns { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -1465,6 +1512,12 @@ func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput { return s } +// SetPolicyArns sets the PolicyArns field's value. +func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput { + s.PolicyArns = v + return s +} + // SetPrincipalArn sets the PrincipalArn field's value. func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput { s.PrincipalArn = &v @@ -1499,10 +1552,8 @@ type AssumeRoleWithSAMLOutput struct { // The temporary security credentials, which include an access key ID, a secret // access key, and a security (or session) token. // - // Note: The size of the security token that STS APIs return is not fixed. We - // strongly recommend that you make no assumptions about the maximum size. As - // of this writing, the typical size is less than 4096 bytes, but that can vary. - // Also, future updates to AWS might require larger sizes. + // The size of the security token that STS API operations return is not fixed. + // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` // The value of the Issuer element of the SAML assertion. @@ -1606,7 +1657,7 @@ type AssumeRoleWithWebIdentityInput struct { // a session duration of 12 hours, but your administrator set the maximum session // duration to 6 hours, your operation fails. To learn how to view the maximum // value for your role, see View the Maximum Session Duration Setting for a - // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) + // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. // // By default, the value is set to 3600 seconds. @@ -1616,35 +1667,60 @@ type AssumeRoleWithWebIdentityInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` - // An IAM policy in JSON format. + // An IAM policy in JSON format that you want to use as an inline session policy. // - // The policy parameter is optional. If you pass a policy, the temporary security - // credentials that are returned by the operation have the permissions that - // are allowed by both the access policy of the role that is being assumed, - // and the policy that you pass. This gives you a way to further restrict the - // permissions for the resulting temporary security credentials. You cannot - // use the passed policy to grant permissions that are in excess of those allowed - // by the access policy of the role that is being assumed. For more information, - // see Permissions for AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) + // This parameter is optional. Passing policies to this operation returns new + // temporary credentials. The resulting session's permissions are the intersection + // of the role's identity-based policy and the session policies. You can use + // the role's temporary credentials in subsequent AWS API calls to access resources + // in the account that owns the role. You cannot use session policies to grant + // more permissions than those allowed by the identity-based policy of the role + // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The format for this parameter, as described by its regex pattern, is a string - // of characters up to 2048 characters in length. The characters can be any - // ASCII character from the space character to the end of the valid character - // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), + // The plain text that you use for both inline and managed session policies + // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // character from the space character to the end of the valid character list + // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), // and carriage return (\u000D) characters. // - // The policy plain text must be 2048 bytes or shorter. However, an internal - // conversion compresses it into a packed binary format with a separate limit. - // The PackedPolicySize response element indicates by percentage how close to - // the upper size limit the policy is, with 100% equaling the maximum allowed - // size. + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. Policy *string `min:"1" type:"string"` + // The Amazon Resource Names (ARNs) of the IAM managed policies that you want + // to use as managed session policies. The policies must exist in the same account + // as the role. + // + // This parameter is optional. You can provide up to 10 managed policy ARNs. + // However, the plain text that you use for both inline and managed session + // policies shouldn't exceed 2048 characters. For more information about ARNs, + // see Amazon Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // in the AWS General Reference. + // + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. + // + // Passing policies to this operation returns new temporary credentials. The + // resulting session's permissions are the intersection of the role's identity-based + // policy and the session policies. You can use the role's temporary credentials + // in subsequent AWS API calls to access resources in the account that owns + // the role. You cannot use session policies to grant more permissions than + // those allowed by the identity-based policy of the role that is being assumed. + // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in the IAM User Guide. + PolicyArns []*PolicyDescriptorType `type:"list"` + // The fully qualified host component of the domain name of the identity provider. // // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com @@ -1721,6 +1797,16 @@ func (s *AssumeRoleWithWebIdentityInput) Validate() error { if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 { invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4)) } + if s.PolicyArns != nil { + for i, v := range s.PolicyArns { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -1740,6 +1826,12 @@ func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebI return s } +// SetPolicyArns sets the PolicyArns field's value. +func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput { + s.PolicyArns = v + return s +} + // SetProviderId sets the ProviderId field's value. func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput { s.ProviderId = &v @@ -1784,10 +1876,8 @@ type AssumeRoleWithWebIdentityOutput struct { // The temporary security credentials, which include an access key ID, a secret // access key, and a security token. // - // Note: The size of the security token that STS APIs return is not fixed. We - // strongly recommend that you make no assumptions about the maximum size. As - // of this writing, the typical size is less than 4096 bytes, but that can vary. - // Also, future updates to AWS might require larger sizes. + // The size of the security token that STS API operations return is not fixed. + // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` // A percentage value that indicates the size of the policy in packed form. @@ -1796,7 +1886,7 @@ type AssumeRoleWithWebIdentityOutput struct { PackedPolicySize *int64 `type:"integer"` // The issuing authority of the web identity token presented. For OpenID Connect - // ID Tokens this contains the value of the iss field. For OAuth 2.0 access + // ID tokens, this contains the value of the iss field. For OAuth 2.0 access // tokens, this contains the value of the ProviderId parameter that was passed // in the AssumeRoleWithWebIdentity request. Provider *string `type:"string"` @@ -1863,7 +1953,7 @@ type AssumedRoleUser struct { // The ARN of the temporary security credentials that are returned from the // AssumeRole action. For more information about ARNs and how to use them in - // policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) + // policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) // in Using IAM. // // Arn is a required field @@ -2031,7 +2121,7 @@ type FederatedUser struct { // The ARN that specifies the federated user that is associated with the credentials. // For more information about ARNs and how to use them in policies, see IAM - // Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) + // Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) // in Using IAM. // // Arn is a required field @@ -2093,8 +2183,8 @@ type GetCallerIdentityOutput struct { Arn *string `min:"20" type:"string"` // The unique identifier of the calling entity. The exact value depends on the - // type of entity making the call. The values returned are those listed in the - // aws:userid column in the Principal table (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) + // type of entity that is making the call. The values returned are those listed + // in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) // found on the Policy Variables reference page in the IAM User Guide. UserId *string `type:"string"` } @@ -2131,12 +2221,11 @@ type GetFederationTokenInput struct { _ struct{} `type:"structure"` // The duration, in seconds, that the session should last. Acceptable durations - // for federation sessions range from 900 seconds (15 minutes) to 129600 seconds - // (36 hours), with 43200 seconds (12 hours) as the default. Sessions obtained - // using AWS account (root) credentials are restricted to a maximum of 3600 + // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds + // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained + // using AWS account root user credentials are restricted to a maximum of 3,600 // seconds (one hour). If the specified duration is longer than one hour, the - // session obtained by using AWS account (root) credentials defaults to one - // hour. + // session obtained by using root user credentials defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -2151,36 +2240,73 @@ type GetFederationTokenInput struct { // Name is a required field Name *string `min:"2" type:"string" required:"true"` - // An IAM policy in JSON format that is passed with the GetFederationToken call - // and evaluated along with the policy or policies that are attached to the - // IAM user whose credentials are used to call GetFederationToken. The passed - // policy is used to scope down the permissions that are available to the IAM - // user, by allowing only a subset of the permissions that are granted to the - // IAM user. The passed policy cannot grant more permissions than those granted - // to the IAM user. The final permissions for the federated user are the most - // restrictive set based on the intersection of the passed policy and the IAM - // user policy. - // - // If you do not pass a policy, the resulting temporary security credentials - // have no effective permissions. The only exception is when the temporary security - // credentials are used to access a resource that has a resource-based policy - // that specifically allows the federated user to access the resource. - // - // The format for this parameter, as described by its regex pattern, is a string - // of characters up to 2048 characters in length. The characters can be any - // ASCII character from the space character to the end of the valid character - // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. + // An IAM policy in JSON format that you want to use as an inline session policy. // - // The policy plain text must be 2048 bytes or shorter. However, an internal - // conversion compresses it into a packed binary format with a separate limit. - // The PackedPolicySize response element indicates by percentage how close to - // the upper size limit the policy is, with 100% equaling the maximum allowed - // size. + // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // to this operation. You can pass a single JSON policy document to use as an + // inline session policy. You can also specify up to 10 managed policies to + // use as managed session policies. // - // For more information about how permissions work, see Permissions for GetFederationToken - // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html). + // This parameter is optional. However, if you do not pass any session policies, + // then the resulting federated user session has no permissions. The only exception + // is when the credentials are used to access a resource that has a resource-based + // policy that specifically references the federated user session in the Principal + // element of the policy. + // + // When you pass session policies, the session permissions are the intersection + // of the IAM user policies and the session policies that you pass. This gives + // you a way to further restrict the permissions for a federated user. You cannot + // use session policies to grant more permissions than those that are defined + // in the permissions policy of the IAM user. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in the IAM User Guide. + // + // The plain text that you use for both inline and managed session policies + // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII + // character from the space character to the end of the valid character list + // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), + // and carriage return (\u000D) characters. + // + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. Policy *string `min:"1" type:"string"` + + // The Amazon Resource Names (ARNs) of the IAM managed policies that you want + // to use as a managed session policy. The policies must exist in the same account + // as the IAM user that is requesting federated access. + // + // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // to this operation. You can pass a single JSON policy document to use as an + // inline session policy. You can also specify up to 10 managed policies to + // use as managed session policies. The plain text that you use for both inline + // and managed session policies shouldn't exceed 2048 characters. You can provide + // up to 10 managed policy ARNs. For more information about ARNs, see Amazon + // Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // in the AWS General Reference. + // + // This parameter is optional. However, if you do not pass any session policies, + // then the resulting federated user session has no permissions. The only exception + // is when the credentials are used to access a resource that has a resource-based + // policy that specifically references the federated user session in the Principal + // element of the policy. + // + // When you pass session policies, the session permissions are the intersection + // of the IAM user policies and the session policies that you pass. This gives + // you a way to further restrict the permissions for a federated user. You cannot + // use session policies to grant more permissions than those that are defined + // in the permissions policy of the IAM user. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in the IAM User Guide. + // + // The characters in this parameter count towards the 2048 character session + // policy guideline. However, an AWS conversion compresses the session policies + // into a packed binary format that has a separate limit. This is the enforced + // limit. The PackedPolicySize response element indicates by percentage how + // close the policy is to the upper size limit. + PolicyArns []*PolicyDescriptorType `type:"list"` } // String returns the string representation @@ -2208,6 +2334,16 @@ func (s *GetFederationTokenInput) Validate() error { if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } + if s.PolicyArns != nil { + for i, v := range s.PolicyArns { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -2233,6 +2369,12 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput { return s } +// SetPolicyArns sets the PolicyArns field's value. +func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput { + s.PolicyArns = v + return s +} + // Contains the response to a successful GetFederationToken request, including // temporary AWS credentials that can be used to make AWS requests. type GetFederationTokenOutput struct { @@ -2241,10 +2383,8 @@ type GetFederationTokenOutput struct { // The temporary security credentials, which include an access key ID, a secret // access key, and a security (or session) token. // - // Note: The size of the security token that STS APIs return is not fixed. We - // strongly recommend that you make no assumptions about the maximum size. As - // of this writing, the typical size is less than 4096 bytes, but that can vary. - // Also, future updates to AWS might require larger sizes. + // The size of the security token that STS API operations return is not fixed. + // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` // Identifiers for the federated user associated with the credentials (such @@ -2291,11 +2431,11 @@ type GetSessionTokenInput struct { _ struct{} `type:"structure"` // The duration, in seconds, that the credentials should remain valid. Acceptable - // durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 - // seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions - // for AWS account owners are restricted to a maximum of 3600 seconds (one hour). - // If the duration is longer than one hour, the session for AWS account owners - // defaults to one hour. + // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 + // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions + // for AWS account owners are restricted to a maximum of 3,600 seconds (one + // hour). If the duration is longer than one hour, the session for AWS account + // owners defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The identification number of the MFA device that is associated with the IAM @@ -2306,16 +2446,16 @@ type GetSessionTokenInput struct { // You can find the device for an IAM user by going to the AWS Management Console // and viewing the user's security credentials. // - // The regex used to validated this parameter is a string of characters consisting + // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can // also include underscores or any of the following characters: =,.@:/- SerialNumber *string `min:"9" type:"string"` // The value provided by the MFA device, if MFA is required. If any policy requires // the IAM user to submit an MFA code, specify this value. If MFA authentication - // is required, and the user does not provide a code when requesting a set of - // temporary security credentials, the user will receive an "access denied" - // response when requesting resources that require MFA authentication. + // is required, the user must provide a code when requesting a set of temporary + // security credentials. A user who fails to provide the code receives an "access + // denied" response when requesting resources that require MFA authentication. // // The format for this parameter, as described by its regex pattern, is a sequence // of six numeric digits. @@ -2377,10 +2517,8 @@ type GetSessionTokenOutput struct { // The temporary security credentials, which include an access key ID, a secret // access key, and a security (or session) token. // - // Note: The size of the security token that STS APIs return is not fixed. We - // strongly recommend that you make no assumptions about the maximum size. As - // of this writing, the typical size is less than 4096 bytes, but that can vary. - // Also, future updates to AWS might require larger sizes. + // The size of the security token that STS API operations return is not fixed. + // We strongly recommend that you make no assumptions about the maximum size. Credentials *Credentials `type:"structure"` } @@ -2399,3 +2537,44 @@ func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenO s.Credentials = v return s } + +// A reference to the IAM managed policy that is passed as a session policy +// for a role session or a federated user session. +type PolicyDescriptorType struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session + // policy for the role. For more information about ARNs, see Amazon Resource + // Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) + // in the AWS General Reference. + Arn *string `locationName:"arn" min:"20" type:"string"` +} + +// String returns the string representation +func (s PolicyDescriptorType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PolicyDescriptorType) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PolicyDescriptorType) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"} + if s.Arn != nil && len(*s.Arn) < 20 { + invalidParams.Add(request.NewErrParamMinLen("Arn", 20)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetArn sets the Arn field's value. +func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { + s.Arn = &v + return s +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index ef681ab0..fcb720dc 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go @@ -7,22 +7,14 @@ // request temporary, limited-privilege credentials for AWS Identity and Access // Management (IAM) users or for users that you authenticate (federated users). // This guide provides descriptions of the STS API. For more detailed information -// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). -// -// As an alternative to using the API, you can use one of the AWS SDKs, which -// consist of libraries and sample code for various programming languages and -// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient -// way to create programmatic access to STS. For example, the SDKs take care -// of cryptographically signing requests, managing errors, and retrying requests -// automatically. For information about the AWS SDKs, including how to download -// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/). +// about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // For information about setting up signatures and authorization through the -// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) // in the AWS General Reference. For general information about the Query API, -// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) +// go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in Using IAM. For information about using security tokens with other AWS -// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) +// products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) // in the IAM User Guide. // // If you're new to AWS and need additional technical information about a specific @@ -31,14 +23,38 @@ // // Endpoints // -// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com -// that maps to the US East (N. Virginia) region. Additional regions are available -// and are activated by default. For more information, see Activating and Deactivating -// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// By default, AWS Security Token Service (STS) is available as a global service, +// and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. +// Global requests map to the US East (N. Virginia) region. AWS recommends using +// Regional AWS STS endpoints instead of the global endpoint to reduce latency, +// build in redundancy, and increase session token validity. For more information, +// see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the IAM User Guide. +// +// Most AWS Regions are enabled for operations in all AWS services by default. +// Those Regions are automatically activated for use with AWS STS. Some Regions, +// such as Asia Pacific (Hong Kong), must be manually enabled. To learn more +// about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) +// in the AWS General Reference. When you enable these AWS Regions, they are +// automatically activated for use with AWS STS. You cannot activate the STS +// endpoint for a Region that is disabled. Tokens that are valid in all AWS +// Regions are longer than tokens that are valid in Regions that are enabled +// by default. Changing this setting might affect existing systems where you +// temporarily store tokens. For more information, see Managing Global Endpoint +// Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens) // in the IAM User Guide. // -// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region) -// in the AWS General Reference. +// After you activate a Region for use with AWS STS, you can direct AWS STS +// API calls to that Region. AWS STS recommends that you provide both the Region +// and endpoint when you make calls to a Regional endpoint. You can provide +// the Region alone for manually enabled Regions, such as Asia Pacific (Hong +// Kong). In this case, the calls are directed to the STS Regional endpoint. +// However, if you provide the Region alone for Regions enabled by default, +// the calls are directed to the global endpoint of https://sts.amazonaws.com. +// +// To view the list of AWS STS endpoints and whether they are active by default, +// see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code) +// in the IAM User Guide. // // Recording API requests // @@ -46,8 +62,28 @@ // your AWS account and delivers log files to an Amazon S3 bucket. By using // information collected by CloudTrail, you can determine what requests were // successfully made to STS, who made the request, when it was made, and so -// on. To learn more about CloudTrail, including how to turn it on and find -// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). +// on. +// +// If you activate AWS STS endpoints in Regions other than the default global +// endpoint, then you must also turn on CloudTrail logging in those Regions. +// This is necessary to record any AWS STS API calls that are made in those +// Regions. For more information, see Turning On CloudTrail in Additional Regions +// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html) +// in the AWS CloudTrail User Guide. +// +// AWS Security Token Service (STS) is a global service with a single endpoint +// at https://sts.amazonaws.com. Calls to this endpoint are logged as calls +// to a global service. However, because this endpoint is physically located +// in the US East (N. Virginia) Region, your logs list us-east-1 as the event +// Region. CloudTrail does not write these logs to the US East (Ohio) Region +// unless you choose to include global service logs in that Region. CloudTrail +// writes calls to all Regional endpoints to their respective Regions. For example, +// calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio) +// Region and calls to sts.eu-central-1.amazonaws.com are published to the EU +// (Frankfurt) Region. +// +// To learn more about CloudTrail, including how to turn it on and find your +// log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index e24884ef..41ea09c3 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go @@ -67,7 +67,7 @@ const ( // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating - // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. ErrCodeRegionDisabledException = "RegionDisabledException" ) diff --git a/vendor/github.com/gosimple/slug/languages_substitution.go b/vendor/github.com/gosimple/slug/languages_substitution.go index d6664e26..1b6cf4d0 100644 --- a/vendor/github.com/gosimple/slug/languages_substitution.go +++ b/vendor/github.com/gosimple/slug/languages_substitution.go @@ -78,3 +78,20 @@ var plSub = map[rune]string{ '&': "i", '@': "na", } + +var trSub = map[rune]string{ + '&': "ve", + '@': "et", + 'ş': "s", + 'Ş': "s", + 'ü': "u", + 'Ü': "u", + 'ö': "o", + 'Ö': "o", + 'İ': "i", + 'ı': "i", + 'ğ': "g", + 'Ğ': "g", + 'ç': "c", + 'Ç': "c", +} diff --git a/vendor/github.com/gosimple/slug/slug.go b/vendor/github.com/gosimple/slug/slug.go index 0c6801ff..289cbc0a 100644 --- a/vendor/github.com/gosimple/slug/slug.go +++ b/vendor/github.com/gosimple/slug/slug.go @@ -66,6 +66,8 @@ func MakeLang(s string, lang string) (slug string) { slug = SubstituteRune(slug, nlSub) case "pl": slug = SubstituteRune(slug, plSub) + case "tr": + slug = SubstituteRune(slug, trSub) default: // fallback to "en" if lang not found slug = SubstituteRune(slug, enSub) } diff --git a/vendor/github.com/hashicorp/consul/api/acl.go b/vendor/github.com/hashicorp/consul/api/acl.go index 53a05236..124409ff 100644 --- a/vendor/github.com/hashicorp/consul/api/acl.go +++ b/vendor/github.com/hashicorp/consul/api/acl.go @@ -4,7 +4,10 @@ import ( "fmt" "io" "io/ioutil" + "net/url" "time" + + "github.com/mitchellh/mapstructure" ) const ( @@ -19,18 +22,26 @@ type ACLTokenPolicyLink struct { ID string Name string } +type ACLTokenRoleLink struct { + ID string + Name string +} // ACLToken represents an ACL Token type ACLToken struct { - CreateIndex uint64 - ModifyIndex uint64 - AccessorID string - SecretID string - Description string - Policies []*ACLTokenPolicyLink - Local bool - CreateTime time.Time `json:",omitempty"` - Hash []byte `json:",omitempty"` + CreateIndex uint64 + ModifyIndex uint64 + AccessorID string + SecretID string + Description string + Policies []*ACLTokenPolicyLink `json:",omitempty"` + Roles []*ACLTokenRoleLink `json:",omitempty"` + ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` + Local bool + ExpirationTTL time.Duration `json:",omitempty"` + ExpirationTime *time.Time `json:",omitempty"` + CreateTime time.Time `json:",omitempty"` + Hash []byte `json:",omitempty"` // DEPRECATED (ACL-Legacy-Compat) // Rules will only be present for legacy tokens returned via the new APIs @@ -38,15 +49,18 @@ type ACLToken struct { } type ACLTokenListEntry struct { - CreateIndex uint64 - ModifyIndex uint64 - AccessorID string - Description string - Policies []*ACLTokenPolicyLink - Local bool - CreateTime time.Time - Hash []byte - Legacy bool + CreateIndex uint64 + ModifyIndex uint64 + AccessorID string + Description string + Policies []*ACLTokenPolicyLink `json:",omitempty"` + Roles []*ACLTokenRoleLink `json:",omitempty"` + ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` + Local bool + ExpirationTime *time.Time `json:",omitempty"` + CreateTime time.Time + Hash []byte + Legacy bool } // ACLEntry is used to represent a legacy ACL token @@ -67,11 +81,20 @@ type ACLReplicationStatus struct { SourceDatacenter string ReplicationType string ReplicatedIndex uint64 + ReplicatedRoleIndex uint64 ReplicatedTokenIndex uint64 LastSuccess time.Time LastError time.Time } +// ACLServiceIdentity represents a high-level grant of all necessary privileges +// to assume the identity of the named Service in the Catalog and within +// Connect. +type ACLServiceIdentity struct { + ServiceName string + Datacenters []string `json:",omitempty"` +} + // ACLPolicy represents an ACL Policy. type ACLPolicy struct { ID string @@ -94,6 +117,113 @@ type ACLPolicyListEntry struct { ModifyIndex uint64 } +type ACLRolePolicyLink struct { + ID string + Name string +} + +// ACLRole represents an ACL Role. +type ACLRole struct { + ID string + Name string + Description string + Policies []*ACLRolePolicyLink `json:",omitempty"` + ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` + Hash []byte + CreateIndex uint64 + ModifyIndex uint64 +} + +// BindingRuleBindType is the type of binding rule mechanism used. +type BindingRuleBindType string + +const ( + // BindingRuleBindTypeService binds to a service identity with the given name. + BindingRuleBindTypeService BindingRuleBindType = "service" + + // BindingRuleBindTypeRole binds to pre-existing roles with the given name. + BindingRuleBindTypeRole BindingRuleBindType = "role" +) + +type ACLBindingRule struct { + ID string + Description string + AuthMethod string + Selector string + BindType BindingRuleBindType + BindName string + + CreateIndex uint64 + ModifyIndex uint64 +} + +type ACLAuthMethod struct { + Name string + Type string + Description string + + // Configuration is arbitrary configuration for the auth method. This + // should only contain primitive values and containers (such as lists and + // maps). + Config map[string]interface{} + + CreateIndex uint64 + ModifyIndex uint64 +} + +type ACLAuthMethodListEntry struct { + Name string + Type string + Description string + CreateIndex uint64 + ModifyIndex uint64 +} + +// ParseKubernetesAuthMethodConfig takes a raw config map and returns a parsed +// KubernetesAuthMethodConfig. +func ParseKubernetesAuthMethodConfig(raw map[string]interface{}) (*KubernetesAuthMethodConfig, error) { + var config KubernetesAuthMethodConfig + decodeConf := &mapstructure.DecoderConfig{ + Result: &config, + WeaklyTypedInput: true, + } + + decoder, err := mapstructure.NewDecoder(decodeConf) + if err != nil { + return nil, err + } + + if err := decoder.Decode(raw); err != nil { + return nil, fmt.Errorf("error decoding config: %s", err) + } + + return &config, nil +} + +// KubernetesAuthMethodConfig is the config for the built-in Consul auth method +// for Kubernetes. +type KubernetesAuthMethodConfig struct { + Host string `json:",omitempty"` + CACert string `json:",omitempty"` + ServiceAccountJWT string `json:",omitempty"` +} + +// RenderToConfig converts this into a map[string]interface{} suitable for use +// in the ACLAuthMethod.Config field. +func (c *KubernetesAuthMethodConfig) RenderToConfig() map[string]interface{} { + return map[string]interface{}{ + "Host": c.Host, + "CACert": c.CACert, + "ServiceAccountJWT": c.ServiceAccountJWT, + } +} + +type ACLLoginParams struct { + AuthMethod string + BearerToken string + Meta map[string]string `json:",omitempty"` +} + // ACL can be used to query the ACL endpoints type ACL struct { c *Client @@ -266,17 +396,9 @@ func (a *ACL) Replication(q *QueryOptions) (*ACLReplicationStatus, *QueryMeta, e return entries, qm, nil } -// TokenCreate creates a new ACL token. It requires that the AccessorID and SecretID fields -// of the ACLToken structure to be empty as these will be filled in by Consul. +// TokenCreate creates a new ACL token. If either the AccessorID or SecretID fields +// of the ACLToken structure are empty they will be filled in by Consul. func (a *ACL) TokenCreate(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMeta, error) { - if token.AccessorID != "" { - return nil, nil, fmt.Errorf("Cannot specify an AccessorID in Token Creation") - } - - if token.SecretID != "" { - return nil, nil, fmt.Errorf("Cannot specify a SecretID in Token Creation") - } - r := a.c.newRequest("PUT", "/v1/acl/token") r.setWriteOptions(q) r.obj = token @@ -437,7 +559,6 @@ func (a *ACL) PolicyCreate(policy *ACLPolicy, q *WriteOptions) (*ACLPolicy, *Wri if policy.ID != "" { return nil, nil, fmt.Errorf("Cannot specify an ID in Policy Creation") } - r := a.c.newRequest("PUT", "/v1/acl/policy") r.setWriteOptions(q) r.obj = policy @@ -460,7 +581,7 @@ func (a *ACL) PolicyCreate(policy *ACLPolicy, q *WriteOptions) (*ACLPolicy, *Wri // existing policy ID func (a *ACL) PolicyUpdate(policy *ACLPolicy, q *WriteOptions) (*ACLPolicy, *WriteMeta, error) { if policy.ID == "" { - return nil, nil, fmt.Errorf("Must specify an ID in Policy Creation") + return nil, nil, fmt.Errorf("Must specify an ID in Policy Update") } r := a.c.newRequest("PUT", "/v1/acl/policy/"+policy.ID) @@ -586,3 +707,410 @@ func (a *ACL) RulesTranslateToken(tokenID string) (string, error) { return string(ruleBytes), nil } + +// RoleCreate will create a new role. It is not allowed for the role parameters +// ID field to be set as this will be generated by Consul while processing the request. +func (a *ACL) RoleCreate(role *ACLRole, q *WriteOptions) (*ACLRole, *WriteMeta, error) { + if role.ID != "" { + return nil, nil, fmt.Errorf("Cannot specify an ID in Role Creation") + } + + r := a.c.newRequest("PUT", "/v1/acl/role") + r.setWriteOptions(q) + r.obj = role + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLRole + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// RoleUpdate updates a role. The ID field of the role parameter must be set to an +// existing role ID +func (a *ACL) RoleUpdate(role *ACLRole, q *WriteOptions) (*ACLRole, *WriteMeta, error) { + if role.ID == "" { + return nil, nil, fmt.Errorf("Must specify an ID in Role Update") + } + + r := a.c.newRequest("PUT", "/v1/acl/role/"+role.ID) + r.setWriteOptions(q) + r.obj = role + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLRole + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// RoleDelete deletes a role given its ID. +func (a *ACL) RoleDelete(roleID string, q *WriteOptions) (*WriteMeta, error) { + r := a.c.newRequest("DELETE", "/v1/acl/role/"+roleID) + r.setWriteOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, err + } + resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + return wm, nil +} + +// RoleRead retrieves the role details (by ID). Returns nil if not found. +func (a *ACL) RoleRead(roleID string, q *QueryOptions) (*ACLRole, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/role/"+roleID) + r.setQueryOptions(q) + found, rtt, resp, err := requireNotFoundOrOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + if !found { + return nil, qm, nil + } + + var out ACLRole + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, qm, nil +} + +// RoleReadByName retrieves the role details (by name). Returns nil if not found. +func (a *ACL) RoleReadByName(roleName string, q *QueryOptions) (*ACLRole, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/role/name/"+url.QueryEscape(roleName)) + r.setQueryOptions(q) + found, rtt, resp, err := requireNotFoundOrOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + if !found { + return nil, qm, nil + } + + var out ACLRole + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, qm, nil +} + +// RoleList retrieves a listing of all roles. The listing does not include some +// metadata for the role as those should be retrieved by subsequent calls to +// RoleRead. +func (a *ACL) RoleList(q *QueryOptions) ([]*ACLRole, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/roles") + r.setQueryOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + var entries []*ACLRole + if err := decodeBody(resp, &entries); err != nil { + return nil, nil, err + } + return entries, qm, nil +} + +// AuthMethodCreate will create a new auth method. +func (a *ACL) AuthMethodCreate(method *ACLAuthMethod, q *WriteOptions) (*ACLAuthMethod, *WriteMeta, error) { + if method.Name == "" { + return nil, nil, fmt.Errorf("Must specify a Name in Auth Method Creation") + } + + r := a.c.newRequest("PUT", "/v1/acl/auth-method") + r.setWriteOptions(q) + r.obj = method + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLAuthMethod + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// AuthMethodUpdate updates an auth method. +func (a *ACL) AuthMethodUpdate(method *ACLAuthMethod, q *WriteOptions) (*ACLAuthMethod, *WriteMeta, error) { + if method.Name == "" { + return nil, nil, fmt.Errorf("Must specify a Name in Auth Method Update") + } + + r := a.c.newRequest("PUT", "/v1/acl/auth-method/"+url.QueryEscape(method.Name)) + r.setWriteOptions(q) + r.obj = method + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLAuthMethod + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// AuthMethodDelete deletes an auth method given its Name. +func (a *ACL) AuthMethodDelete(methodName string, q *WriteOptions) (*WriteMeta, error) { + if methodName == "" { + return nil, fmt.Errorf("Must specify a Name in Auth Method Delete") + } + + r := a.c.newRequest("DELETE", "/v1/acl/auth-method/"+url.QueryEscape(methodName)) + r.setWriteOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, err + } + resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + return wm, nil +} + +// AuthMethodRead retrieves the auth method. Returns nil if not found. +func (a *ACL) AuthMethodRead(methodName string, q *QueryOptions) (*ACLAuthMethod, *QueryMeta, error) { + if methodName == "" { + return nil, nil, fmt.Errorf("Must specify a Name in Auth Method Read") + } + + r := a.c.newRequest("GET", "/v1/acl/auth-method/"+url.QueryEscape(methodName)) + r.setQueryOptions(q) + found, rtt, resp, err := requireNotFoundOrOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + if !found { + return nil, qm, nil + } + + var out ACLAuthMethod + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, qm, nil +} + +// AuthMethodList retrieves a listing of all auth methods. The listing does not +// include some metadata for the auth method as those should be retrieved by +// subsequent calls to AuthMethodRead. +func (a *ACL) AuthMethodList(q *QueryOptions) ([]*ACLAuthMethodListEntry, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/auth-methods") + r.setQueryOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + var entries []*ACLAuthMethodListEntry + if err := decodeBody(resp, &entries); err != nil { + return nil, nil, err + } + return entries, qm, nil +} + +// BindingRuleCreate will create a new binding rule. It is not allowed for the +// binding rule parameter's ID field to be set as this will be generated by +// Consul while processing the request. +func (a *ACL) BindingRuleCreate(rule *ACLBindingRule, q *WriteOptions) (*ACLBindingRule, *WriteMeta, error) { + if rule.ID != "" { + return nil, nil, fmt.Errorf("Cannot specify an ID in Binding Rule Creation") + } + + r := a.c.newRequest("PUT", "/v1/acl/binding-rule") + r.setWriteOptions(q) + r.obj = rule + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLBindingRule + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// BindingRuleUpdate updates a binding rule. The ID field of the role binding +// rule parameter must be set to an existing binding rule ID. +func (a *ACL) BindingRuleUpdate(rule *ACLBindingRule, q *WriteOptions) (*ACLBindingRule, *WriteMeta, error) { + if rule.ID == "" { + return nil, nil, fmt.Errorf("Must specify an ID in Binding Rule Update") + } + + r := a.c.newRequest("PUT", "/v1/acl/binding-rule/"+rule.ID) + r.setWriteOptions(q) + r.obj = rule + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLBindingRule + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, wm, nil +} + +// BindingRuleDelete deletes a binding rule given its ID. +func (a *ACL) BindingRuleDelete(bindingRuleID string, q *WriteOptions) (*WriteMeta, error) { + r := a.c.newRequest("DELETE", "/v1/acl/binding-rule/"+bindingRuleID) + r.setWriteOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, err + } + resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + return wm, nil +} + +// BindingRuleRead retrieves the binding rule details. Returns nil if not found. +func (a *ACL) BindingRuleRead(bindingRuleID string, q *QueryOptions) (*ACLBindingRule, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/binding-rule/"+bindingRuleID) + r.setQueryOptions(q) + found, rtt, resp, err := requireNotFoundOrOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + if !found { + return nil, qm, nil + } + + var out ACLBindingRule + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + + return &out, qm, nil +} + +// BindingRuleList retrieves a listing of all binding rules. +func (a *ACL) BindingRuleList(methodName string, q *QueryOptions) ([]*ACLBindingRule, *QueryMeta, error) { + r := a.c.newRequest("GET", "/v1/acl/binding-rules") + if methodName != "" { + r.params.Set("authmethod", methodName) + } + r.setQueryOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + var entries []*ACLBindingRule + if err := decodeBody(resp, &entries); err != nil { + return nil, nil, err + } + return entries, qm, nil +} + +// Login is used to exchange auth method credentials for a newly-minted Consul Token. +func (a *ACL) Login(auth *ACLLoginParams, q *WriteOptions) (*ACLToken, *WriteMeta, error) { + r := a.c.newRequest("POST", "/v1/acl/login") + r.setWriteOptions(q) + r.obj = auth + + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + defer resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + var out ACLToken + if err := decodeBody(resp, &out); err != nil { + return nil, nil, err + } + return &out, wm, nil +} + +// Logout is used to destroy a Consul Token created via Login(). +func (a *ACL) Logout(q *WriteOptions) (*WriteMeta, error) { + r := a.c.newRequest("POST", "/v1/acl/logout") + r.setWriteOptions(q) + rtt, resp, err := requireOK(a.c.doRequest(r)) + if err != nil { + return nil, err + } + resp.Body.Close() + + wm := &WriteMeta{RequestTime: rtt} + return wm, nil +} diff --git a/vendor/github.com/hashicorp/consul/api/agent.go b/vendor/github.com/hashicorp/consul/api/agent.go index 6acf8ad9..04043ba8 100644 --- a/vendor/github.com/hashicorp/consul/api/agent.go +++ b/vendor/github.com/hashicorp/consul/api/agent.go @@ -2,7 +2,9 @@ package api import ( "bufio" + "bytes" "fmt" + "io" "net/http" "net/url" ) @@ -82,11 +84,11 @@ type AgentService struct { Address string Weights AgentWeights EnableTagOverride bool - CreateIndex uint64 `json:",omitempty"` - ModifyIndex uint64 `json:",omitempty"` - ContentHash string `json:",omitempty"` + CreateIndex uint64 `json:",omitempty" bexpr:"-"` + ModifyIndex uint64 `json:",omitempty" bexpr:"-"` + ContentHash string `json:",omitempty" bexpr:"-"` // DEPRECATED (ProxyDestination) - remove this field - ProxyDestination string `json:",omitempty"` + ProxyDestination string `json:",omitempty" bexpr:"-"` Proxy *AgentServiceConnectProxyConfig `json:",omitempty"` Connect *AgentServiceConnect `json:",omitempty"` } @@ -101,8 +103,8 @@ type AgentServiceChecksInfo struct { // AgentServiceConnect represents the Connect configuration of a service. type AgentServiceConnect struct { Native bool `json:",omitempty"` - Proxy *AgentServiceConnectProxy `json:",omitempty"` - SidecarService *AgentServiceRegistration `json:",omitempty"` + Proxy *AgentServiceConnectProxy `json:",omitempty" bexpr:"-"` + SidecarService *AgentServiceRegistration `json:",omitempty" bexpr:"-"` } // AgentServiceConnectProxy represents the Connect Proxy configuration of a @@ -110,7 +112,7 @@ type AgentServiceConnect struct { type AgentServiceConnectProxy struct { ExecMode ProxyExecMode `json:",omitempty"` Command []string `json:",omitempty"` - Config map[string]interface{} `json:",omitempty"` + Config map[string]interface{} `json:",omitempty" bexpr:"-"` Upstreams []Upstream `json:",omitempty"` } @@ -121,7 +123,7 @@ type AgentServiceConnectProxyConfig struct { DestinationServiceID string `json:",omitempty"` LocalServiceAddress string `json:",omitempty"` LocalServicePort int `json:",omitempty"` - Config map[string]interface{} `json:",omitempty"` + Config map[string]interface{} `json:",omitempty" bexpr:"-"` Upstreams []Upstream } @@ -276,9 +278,9 @@ type ConnectProxyConfig struct { ContentHash string // DEPRECATED(managed-proxies) - this struct is re-used for sidecar configs // but they don't need ExecMode or Command - ExecMode ProxyExecMode `json:",omitempty"` - Command []string `json:",omitempty"` - Config map[string]interface{} + ExecMode ProxyExecMode `json:",omitempty"` + Command []string `json:",omitempty"` + Config map[string]interface{} `bexpr:"-"` Upstreams []Upstream } @@ -290,7 +292,7 @@ type Upstream struct { Datacenter string `json:",omitempty"` LocalBindAddress string `json:",omitempty"` LocalBindPort int `json:",omitempty"` - Config map[string]interface{} `json:",omitempty"` + Config map[string]interface{} `json:",omitempty" bexpr:"-"` } // Agent can be used to query the Agent endpoints @@ -385,7 +387,14 @@ func (a *Agent) NodeName() (string, error) { // Checks returns the locally registered checks func (a *Agent) Checks() (map[string]*AgentCheck, error) { + return a.ChecksWithFilter("") +} + +// ChecksWithFilter returns a subset of the locally registered checks that match +// the given filter expression +func (a *Agent) ChecksWithFilter(filter string) (map[string]*AgentCheck, error) { r := a.c.newRequest("GET", "/v1/agent/checks") + r.filterQuery(filter) _, resp, err := requireOK(a.c.doRequest(r)) if err != nil { return nil, err @@ -401,7 +410,14 @@ func (a *Agent) Checks() (map[string]*AgentCheck, error) { // Services returns the locally registered services func (a *Agent) Services() (map[string]*AgentService, error) { + return a.ServicesWithFilter("") +} + +// ServicesWithFilter returns a subset of the locally registered services that match +// the given filter expression +func (a *Agent) ServicesWithFilter(filter string) (map[string]*AgentService, error) { r := a.c.newRequest("GET", "/v1/agent/services") + r.filterQuery(filter) _, resp, err := requireOK(a.c.doRequest(r)) if err != nil { return nil, err @@ -1000,12 +1016,20 @@ func (a *Agent) updateTokenOnce(target, token string, q *WriteOptions) (*WriteMe r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target)) r.setWriteOptions(q) r.obj = &AgentToken{Token: token} - rtt, resp, err := requireOK(a.c.doRequest(r)) + + rtt, resp, err := a.c.doRequest(r) if err != nil { - return nil, resp.StatusCode, err + return nil, 0, err } - resp.Body.Close() + defer resp.Body.Close() wm := &WriteMeta{RequestTime: rtt} + + if resp.StatusCode != 200 { + var buf bytes.Buffer + io.Copy(&buf, resp.Body) + return wm, resp.StatusCode, fmt.Errorf("Unexpected response code: %d (%s)", resp.StatusCode, buf.Bytes()) + } + return wm, resp.StatusCode, nil } diff --git a/vendor/github.com/hashicorp/consul/api/api.go b/vendor/github.com/hashicorp/consul/api/api.go index 39a0ad3e..4b17ff6c 100644 --- a/vendor/github.com/hashicorp/consul/api/api.go +++ b/vendor/github.com/hashicorp/consul/api/api.go @@ -30,6 +30,10 @@ const ( // the HTTP token. HTTPTokenEnvName = "CONSUL_HTTP_TOKEN" + // HTTPTokenFileEnvName defines an environment variable name which sets + // the HTTP token file. + HTTPTokenFileEnvName = "CONSUL_HTTP_TOKEN_FILE" + // HTTPAuthEnvName defines an environment variable name which sets // the HTTP authentication header. HTTPAuthEnvName = "CONSUL_HTTP_AUTH" @@ -146,6 +150,10 @@ type QueryOptions struct { // ctx is an optional context pass through to the underlying HTTP // request layer. Use Context() and WithContext() to manage this. ctx context.Context + + // Filter requests filtering data prior to it being returned. The string + // is a go-bexpr compatible expression. + Filter string } func (o *QueryOptions) Context() context.Context { @@ -276,6 +284,10 @@ type Config struct { // which overrides the agent's default token. Token string + // TokenFile is a file containing the current token to use for this client. + // If provided it is read once at startup and never again. + TokenFile string + TLSConfig TLSConfig } @@ -339,6 +351,10 @@ func defaultConfig(transportFn func() *http.Transport) *Config { config.Address = addr } + if tokenFile := os.Getenv(HTTPTokenFileEnvName); tokenFile != "" { + config.TokenFile = tokenFile + } + if token := os.Getenv(HTTPTokenEnvName); token != "" { config.Token = token } @@ -445,6 +461,7 @@ func (c *Config) GenerateEnv() []string { env = append(env, fmt.Sprintf("%s=%s", HTTPAddrEnvName, c.Address), fmt.Sprintf("%s=%s", HTTPTokenEnvName, c.Token), + fmt.Sprintf("%s=%s", HTTPTokenFileEnvName, c.TokenFile), fmt.Sprintf("%s=%t", HTTPSSLEnvName, c.Scheme == "https"), fmt.Sprintf("%s=%s", HTTPCAFile, c.TLSConfig.CAFile), fmt.Sprintf("%s=%s", HTTPCAPath, c.TLSConfig.CAPath), @@ -537,6 +554,19 @@ func NewClient(config *Config) (*Client, error) { config.Address = parts[1] } + // If the TokenFile is set, always use that, even if a Token is configured. + // This is because when TokenFile is set it is read into the Token field. + // We want any derived clients to have to re-read the token file. + if config.TokenFile != "" { + data, err := ioutil.ReadFile(config.TokenFile) + if err != nil { + return nil, fmt.Errorf("Error loading token file: %s", err) + } + + if token := strings.TrimSpace(string(data)); token != "" { + config.Token = token + } + } if config.Token == "" { config.Token = defConfig.Token } @@ -614,6 +644,9 @@ func (r *request) setQueryOptions(q *QueryOptions) { if q.Near != "" { r.params.Set("near", q.Near) } + if q.Filter != "" { + r.params.Set("filter", q.Filter) + } if len(q.NodeMeta) > 0 { for key, value := range q.NodeMeta { r.params.Add("node-meta", key+":"+value) @@ -813,6 +846,8 @@ func (c *Client) write(endpoint string, in, out interface{}, q *WriteOptions) (* } // parseQueryMeta is used to help parse query meta-data +// +// TODO(rb): bug? the error from this function is never handled func parseQueryMeta(resp *http.Response, q *QueryMeta) error { header := resp.Header @@ -890,10 +925,42 @@ func requireOK(d time.Duration, resp *http.Response, e error) (time.Duration, *h return d, nil, e } if resp.StatusCode != 200 { - var buf bytes.Buffer - io.Copy(&buf, resp.Body) - resp.Body.Close() - return d, nil, fmt.Errorf("Unexpected response code: %d (%s)", resp.StatusCode, buf.Bytes()) + return d, nil, generateUnexpectedResponseCodeError(resp) } return d, resp, nil } + +func (req *request) filterQuery(filter string) { + if filter == "" { + return + } + + req.params.Set("filter", filter) +} + +// generateUnexpectedResponseCodeError consumes the rest of the body, closes +// the body stream and generates an error indicating the status code was +// unexpected. +func generateUnexpectedResponseCodeError(resp *http.Response) error { + var buf bytes.Buffer + io.Copy(&buf, resp.Body) + resp.Body.Close() + return fmt.Errorf("Unexpected response code: %d (%s)", resp.StatusCode, buf.Bytes()) +} + +func requireNotFoundOrOK(d time.Duration, resp *http.Response, e error) (bool, time.Duration, *http.Response, error) { + if e != nil { + if resp != nil { + resp.Body.Close() + } + return false, d, nil, e + } + switch resp.StatusCode { + case 200: + return true, d, resp, nil + case 404: + return false, d, resp, nil + default: + return false, d, nil, generateUnexpectedResponseCodeError(resp) + } +} diff --git a/vendor/github.com/hashicorp/consul/api/config_entry.go b/vendor/github.com/hashicorp/consul/api/config_entry.go new file mode 100644 index 00000000..0c18963f --- /dev/null +++ b/vendor/github.com/hashicorp/consul/api/config_entry.go @@ -0,0 +1,255 @@ +package api + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "strconv" + "strings" + + "github.com/mitchellh/mapstructure" +) + +const ( + ServiceDefaults string = "service-defaults" + ProxyDefaults string = "proxy-defaults" + ProxyConfigGlobal string = "global" +) + +type ConfigEntry interface { + GetKind() string + GetName() string + GetCreateIndex() uint64 + GetModifyIndex() uint64 +} + +type ServiceConfigEntry struct { + Kind string + Name string + Protocol string + CreateIndex uint64 + ModifyIndex uint64 +} + +func (s *ServiceConfigEntry) GetKind() string { + return s.Kind +} + +func (s *ServiceConfigEntry) GetName() string { + return s.Name +} + +func (s *ServiceConfigEntry) GetCreateIndex() uint64 { + return s.CreateIndex +} + +func (s *ServiceConfigEntry) GetModifyIndex() uint64 { + return s.ModifyIndex +} + +type ProxyConfigEntry struct { + Kind string + Name string + Config map[string]interface{} + CreateIndex uint64 + ModifyIndex uint64 +} + +func (p *ProxyConfigEntry) GetKind() string { + return p.Kind +} + +func (p *ProxyConfigEntry) GetName() string { + return p.Name +} + +func (p *ProxyConfigEntry) GetCreateIndex() uint64 { + return p.CreateIndex +} + +func (p *ProxyConfigEntry) GetModifyIndex() uint64 { + return p.ModifyIndex +} + +type rawEntryListResponse struct { + kind string + Entries []map[string]interface{} +} + +func makeConfigEntry(kind, name string) (ConfigEntry, error) { + switch kind { + case ServiceDefaults: + return &ServiceConfigEntry{Name: name}, nil + case ProxyDefaults: + return &ProxyConfigEntry{Name: name}, nil + default: + return nil, fmt.Errorf("invalid config entry kind: %s", kind) + } +} + +func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error) { + var entry ConfigEntry + + kindVal, ok := raw["Kind"] + if !ok { + kindVal, ok = raw["kind"] + } + if !ok { + return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level") + } + + if kindStr, ok := kindVal.(string); ok { + newEntry, err := makeConfigEntry(kindStr, "") + if err != nil { + return nil, err + } + entry = newEntry + } else { + return nil, fmt.Errorf("Kind value in payload is not a string") + } + + decodeConf := &mapstructure.DecoderConfig{ + DecodeHook: mapstructure.StringToTimeDurationHookFunc(), + Result: &entry, + WeaklyTypedInput: true, + } + + decoder, err := mapstructure.NewDecoder(decodeConf) + if err != nil { + return nil, err + } + + return entry, decoder.Decode(raw) +} + +func DecodeConfigEntryFromJSON(data []byte) (ConfigEntry, error) { + var raw map[string]interface{} + if err := json.Unmarshal(data, &raw); err != nil { + return nil, err + } + + return DecodeConfigEntry(raw) +} + +// Config can be used to query the Config endpoints +type ConfigEntries struct { + c *Client +} + +// Config returns a handle to the Config endpoints +func (c *Client) ConfigEntries() *ConfigEntries { + return &ConfigEntries{c} +} + +func (conf *ConfigEntries) Get(kind string, name string, q *QueryOptions) (ConfigEntry, *QueryMeta, error) { + if kind == "" || name == "" { + return nil, nil, fmt.Errorf("Both kind and name parameters must not be empty") + } + + entry, err := makeConfigEntry(kind, name) + if err != nil { + return nil, nil, err + } + + r := conf.c.newRequest("GET", fmt.Sprintf("/v1/config/%s/%s", kind, name)) + r.setQueryOptions(q) + rtt, resp, err := requireOK(conf.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + if err := decodeBody(resp, entry); err != nil { + return nil, nil, err + } + + return entry, qm, nil +} + +func (conf *ConfigEntries) List(kind string, q *QueryOptions) ([]ConfigEntry, *QueryMeta, error) { + if kind == "" { + return nil, nil, fmt.Errorf("The kind parameter must not be empty") + } + + r := conf.c.newRequest("GET", fmt.Sprintf("/v1/config/%s", kind)) + r.setQueryOptions(q) + rtt, resp, err := requireOK(conf.c.doRequest(r)) + if err != nil { + return nil, nil, err + } + + defer resp.Body.Close() + + qm := &QueryMeta{} + parseQueryMeta(resp, qm) + qm.RequestTime = rtt + + var raw []map[string]interface{} + if err := decodeBody(resp, &raw); err != nil { + return nil, nil, err + } + + var entries []ConfigEntry + for _, rawEntry := range raw { + entry, err := DecodeConfigEntry(rawEntry) + if err != nil { + return nil, nil, err + } + entries = append(entries, entry) + } + + return entries, qm, nil +} + +func (conf *ConfigEntries) Set(entry ConfigEntry, w *WriteOptions) (bool, *WriteMeta, error) { + return conf.set(entry, nil, w) +} + +func (conf *ConfigEntries) CAS(entry ConfigEntry, index uint64, w *WriteOptions) (bool, *WriteMeta, error) { + return conf.set(entry, map[string]string{"cas": strconv.FormatUint(index, 10)}, w) +} + +func (conf *ConfigEntries) set(entry ConfigEntry, params map[string]string, w *WriteOptions) (bool, *WriteMeta, error) { + r := conf.c.newRequest("PUT", "/v1/config") + r.setWriteOptions(w) + for param, value := range params { + r.params.Set(param, value) + } + r.obj = entry + rtt, resp, err := requireOK(conf.c.doRequest(r)) + if err != nil { + return false, nil, err + } + defer resp.Body.Close() + + var buf bytes.Buffer + if _, err := io.Copy(&buf, resp.Body); err != nil { + return false, nil, fmt.Errorf("Failed to read response: %v", err) + } + res := strings.Contains(buf.String(), "true") + + wm := &WriteMeta{RequestTime: rtt} + return res, wm, nil +} + +func (conf *ConfigEntries) Delete(kind string, name string, w *WriteOptions) (*WriteMeta, error) { + if kind == "" || name == "" { + return nil, fmt.Errorf("Both kind and name parameters must not be empty") + } + + r := conf.c.newRequest("DELETE", fmt.Sprintf("/v1/config/%s/%s", kind, name)) + r.setWriteOptions(w) + rtt, resp, err := requireOK(conf.c.doRequest(r)) + if err != nil { + return nil, err + } + resp.Body.Close() + wm := &WriteMeta{RequestTime: rtt} + return wm, nil +} diff --git a/vendor/github.com/hashicorp/consul/ui-v2/app/utils/dom/event-target/event-target-shim/LICENSE b/vendor/github.com/hashicorp/consul/ui-v2/app/utils/dom/event-target/event-target-shim/LICENSE new file mode 100644 index 00000000..c39e6949 --- /dev/null +++ b/vendor/github.com/hashicorp/consul/ui-v2/app/utils/dom/event-target/event-target-shim/LICENSE @@ -0,0 +1,22 @@ +The MIT License (MIT) + +Copyright (c) 2015 Toru Nagashima + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/vendor/github.com/hashicorp/consul/website/source/api/operator/license.html.md b/vendor/github.com/hashicorp/consul/website/source/api/operator/license.html.md index dc2c2c37..1110ec9b 100644 --- a/vendor/github.com/hashicorp/consul/website/source/api/operator/license.html.md +++ b/vendor/github.com/hashicorp/consul/website/source/api/operator/license.html.md @@ -24,10 +24,10 @@ This endpoint gets information about the current license. | `GET` | `/operator/license` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/index.html#blocking-queries), -[consistency modes](/api/index.html#consistency-modes), -[agent caching](/api/index.html#agent-caching), and -[required ACLs](/api/index.html#acls). +[blocking queries](/api/features/blocking.html), +[consistency modes](/api/features/consistency.html), +[agent caching](/api/features/caching.html), and +[required ACLs](/api/index.html#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -86,10 +86,10 @@ license contents as well as any warning messages regarding its validity. | `PUT` | `/operator/license` | `application/json` | The table below shows this endpoint's support for -[blocking queries](/api/index.html#blocking-queries), -[consistency modes](/api/index.html#consistency-modes), -[agent caching](/api/index.html#agent-caching), and -[required ACLs](/api/index.html#acls). +[blocking queries](/api/features/blocking.html), +[consistency modes](/api/features/consistency.html), +[agent caching](/api/features/caching.html), and +[required ACLs](/api/index.html#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | diff --git a/vendor/github.com/hashicorp/consul/website/source/docs/commands/license.html.markdown.erb b/vendor/github.com/hashicorp/consul/website/source/docs/commands/license.html.markdown.erb index b65d171d..e397a134 100644 --- a/vendor/github.com/hashicorp/consul/website/source/docs/commands/license.html.markdown.erb +++ b/vendor/github.com/hashicorp/consul/website/source/docs/commands/license.html.markdown.erb @@ -17,7 +17,7 @@ The `license` command provides datacenter-level management of the Consul Enterpr If ACLs are enabled then a token with operator privileges may be required in order to use this command. Requests are forwarded internally to the leader if required, so this can be run from any Consul node in a cluster. See the -[ACL Guide](/docs/guides/acl.html#operator) for more information. +[ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more information. ```text diff --git a/vendor/github.com/hashicorp/go-immutable-radix/iter.go b/vendor/github.com/hashicorp/go-immutable-radix/iter.go index 9815e025..1ecaf831 100644 --- a/vendor/github.com/hashicorp/go-immutable-radix/iter.go +++ b/vendor/github.com/hashicorp/go-immutable-radix/iter.go @@ -1,6 +1,8 @@ package iradix -import "bytes" +import ( + "bytes" +) // Iterator is used to iterate over a set of nodes // in pre-order @@ -53,6 +55,101 @@ func (i *Iterator) SeekPrefix(prefix []byte) { i.SeekPrefixWatch(prefix) } +func (i *Iterator) recurseMin(n *Node) *Node { + // Traverse to the minimum child + if n.leaf != nil { + return n + } + if len(n.edges) > 0 { + // Add all the other edges to the stack (the min node will be added as + // we recurse) + i.stack = append(i.stack, n.edges[1:]) + return i.recurseMin(n.edges[0].node) + } + // Shouldn't be possible + return nil +} + +// SeekLowerBound is used to seek the iterator to the smallest key that is +// greater or equal to the given key. There is no watch variant as it's hard to +// predict based on the radix structure which node(s) changes might affect the +// result. +func (i *Iterator) SeekLowerBound(key []byte) { + // Wipe the stack. Unlike Prefix iteration, we need to build the stack as we + // go because we need only a subset of edges of many nodes in the path to the + // leaf with the lower bound. + i.stack = []edges{} + n := i.node + search := key + + found := func(n *Node) { + i.node = n + i.stack = append(i.stack, edges{edge{node: n}}) + } + + for { + // Compare current prefix with the search key's same-length prefix. + var prefixCmp int + if len(n.prefix) < len(search) { + prefixCmp = bytes.Compare(n.prefix, search[0:len(n.prefix)]) + } else { + prefixCmp = bytes.Compare(n.prefix, search) + } + + if prefixCmp > 0 { + // Prefix is larger, that means the lower bound is greater than the search + // and from now on we need to follow the minimum path to the smallest + // leaf under this subtree. + n = i.recurseMin(n) + if n != nil { + found(n) + } + return + } + + if prefixCmp < 0 { + // Prefix is smaller than search prefix, that means there is no lower + // bound + i.node = nil + return + } + + // Prefix is equal, we are still heading for an exact match. If this is a + // leaf we're done. + if n.leaf != nil { + if bytes.Compare(n.leaf.key, key) < 0 { + i.node = nil + return + } + found(n) + return + } + + // Consume the search prefix + if len(n.prefix) > len(search) { + search = []byte{} + } else { + search = search[len(n.prefix):] + } + + // Otherwise, take the lower bound next edge. + idx, lbNode := n.getLowerBoundEdge(search[0]) + if lbNode == nil { + i.node = nil + return + } + + // Create stack edges for the all strictly higher edges in this node. + if idx+1 < len(n.edges) { + i.stack = append(i.stack, n.edges[idx+1:]) + } + + i.node = lbNode + // Recurse + n = lbNode + } +} + // Next returns the next node in order func (i *Iterator) Next() ([]byte, interface{}, bool) { // Initialize our stack if needed diff --git a/vendor/github.com/hashicorp/go-immutable-radix/node.go b/vendor/github.com/hashicorp/go-immutable-radix/node.go index 7a065e7a..3ab904ed 100644 --- a/vendor/github.com/hashicorp/go-immutable-radix/node.go +++ b/vendor/github.com/hashicorp/go-immutable-radix/node.go @@ -79,6 +79,18 @@ func (n *Node) getEdge(label byte) (int, *Node) { return -1, nil } +func (n *Node) getLowerBoundEdge(label byte) (int, *Node) { + num := len(n.edges) + idx := sort.Search(num, func(i int) bool { + return n.edges[i].label >= label + }) + // we want lower bound behavior so return even if it's not an exact match + if idx < num { + return idx, n.edges[idx].node + } + return -1, nil +} + func (n *Node) delEdge(label byte) { num := len(n.edges) idx := sort.Search(num, func(i int) bool { diff --git a/vendor/github.com/hashicorp/vault/api/client.go b/vendor/github.com/hashicorp/vault/api/client.go index 543ef047..a77ceb86 100644 --- a/vendor/github.com/hashicorp/vault/api/client.go +++ b/vendor/github.com/hashicorp/vault/api/client.go @@ -422,6 +422,10 @@ func NewClient(c *Config) (*Client, error) { client.token = token } + if namespace := os.Getenv(EnvVaultNamespace); namespace != "" { + client.setNamespace(namespace) + } + return client, nil } @@ -531,7 +535,10 @@ func (c *Client) SetMFACreds(creds []string) { func (c *Client) SetNamespace(namespace string) { c.modifyLock.Lock() defer c.modifyLock.Unlock() + c.setNamespace(namespace) +} +func (c *Client) setNamespace(namespace string) { if c.headers == nil { c.headers = make(http.Header) } diff --git a/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs b/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs index b8177199..62038382 100644 --- a/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs +++ b/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs @@ -13,7 +13,7 @@ data-test-cluster-status data-test-warning-text /> - <span class="title is-5" data-test-temp-license>Temporary License</span> + <span class="title is-5" data-test-temp-license>Temporary license</span> <form {{action "saveModel" text on="submit"}}> <div class="box is-shadowless is-fullwidth is-marginless"> <div class="field"> diff --git a/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md b/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md index dbbcef82..c41cd780 100644 --- a/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md +++ b/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md @@ -19,9 +19,9 @@ Vault. This endpoint returns information about the currently installed license. -| Method | Path | Produces | -| :------- | :--------------------------- | :--------------------- | -| `GET` | `/sys/license` | `200 application/json` | +| Method | Path | +| :--------------------------- | :--------------------- | +| `GET` | `/sys/license` | ### Sample Request @@ -56,9 +56,9 @@ $ curl \ This endpoint is used to install a license into Vault. -| Method | Path | Produces | -| :------- | :--------------------------- | :--------------------- | -| `PUT` | `/sys/license` | `204 (empty body)` | +| Method | Path | +| :--------------------------- | :--------------------- | +| `PUT` | `/sys/license` | ### Parameters diff --git a/vendor/github.com/pierrec/lz4/reader.go b/vendor/github.com/pierrec/lz4/reader.go index 81efdbf8..9fac0430 100644 --- a/vendor/github.com/pierrec/lz4/reader.go +++ b/vendor/github.com/pierrec/lz4/reader.go @@ -14,6 +14,9 @@ import ( // The Header may change between Read() calls in case of concatenated frames. type Reader struct { Header + // Handler called when a block has been successfully read. + // It provides the number of bytes read. + OnBlockDone func(size int) buf [8]byte // Scrap buffer. pos int64 // Current position in src. @@ -101,7 +104,7 @@ func (z *Reader) readHeader(first bool) error { z.data = z.zdata[:cap(z.zdata)][bSize:] z.idx = len(z.data) - z.checksum.Write(buf[0:2]) + _, _ = z.checksum.Write(buf[0:2]) if frameSize { buf := buf[:8] @@ -110,7 +113,7 @@ func (z *Reader) readHeader(first bool) error { } z.Size = binary.LittleEndian.Uint64(buf) z.pos += 8 - z.checksum.Write(buf) + _, _ = z.checksum.Write(buf) } // Header checksum. @@ -211,6 +214,9 @@ func (z *Reader) Read(buf []byte) (int, error) { return 0, err } z.pos += int64(bLen) + if z.OnBlockDone != nil { + z.OnBlockDone(int(bLen)) + } if z.BlockChecksum { checksum, err := z.readUint32() @@ -255,10 +261,13 @@ func (z *Reader) Read(buf []byte) (int, error) { return 0, err } z.data = z.data[:n] + if z.OnBlockDone != nil { + z.OnBlockDone(n) + } } if !z.NoChecksum { - z.checksum.Write(z.data) + _, _ = z.checksum.Write(z.data) if debugFlag { debug("current frame checksum %x", z.checksum.Sum32()) } diff --git a/vendor/github.com/pierrec/lz4/writer.go b/vendor/github.com/pierrec/lz4/writer.go index 01204380..df8602df 100644 --- a/vendor/github.com/pierrec/lz4/writer.go +++ b/vendor/github.com/pierrec/lz4/writer.go @@ -11,6 +11,9 @@ import ( // Writer implements the LZ4 frame encoder. type Writer struct { Header + // Handler called when a block has been successfully written out. + // It provides the number of bytes written. + OnBlockDone func(size int) buf [19]byte // magic number(4) + header(flags(2)+[Size(8)+DictID(4)]+checksum(1)) does not exceed 19 bytes dst io.Writer // Destination. @@ -46,8 +49,8 @@ func (z *Writer) writeHeader() error { if n := 2 * bSize; cap(z.zdata) < n { z.zdata = make([]byte, n, n) } - z.zdata = z.zdata[:bSize] - z.data = z.zdata[:cap(z.zdata)][bSize:] + z.data = z.zdata[:bSize] + z.zdata = z.zdata[:cap(z.zdata)][bSize:] z.idx = 0 // Size is optional. @@ -182,9 +185,13 @@ func (z *Writer) compressBlock(data []byte) error { if err := z.writeUint32(bLen); err != nil { return err } - if _, err := z.dst.Write(zdata); err != nil { + written, err := z.dst.Write(zdata) + if err != nil { return err } + if h := z.OnBlockDone; h != nil { + h(written) + } if z.BlockChecksum { checksum := xxh32.ChecksumZero(zdata) @@ -213,7 +220,11 @@ func (z *Writer) Flush() error { return nil } - return z.compressBlock(z.data[:z.idx]) + if err := z.compressBlock(z.data[:z.idx]); err != nil { + return err + } + z.idx = 0 + return nil } // Close closes the Writer, flushing any unwritten data to the underlying io.Writer, but does not close the underlying io.Writer. diff --git a/vendor/github.com/spf13/cobra/args.go b/vendor/github.com/spf13/cobra/args.go index a5d8a927..c4d820b8 100644 --- a/vendor/github.com/spf13/cobra/args.go +++ b/vendor/github.com/spf13/cobra/args.go @@ -78,6 +78,18 @@ func ExactArgs(n int) PositionalArgs { } } +// ExactValidArgs returns an error if +// there are not exactly N positional args OR +// there are any positional args that are not in the `ValidArgs` field of `Command` +func ExactValidArgs(n int) PositionalArgs { + return func(cmd *Command, args []string) error { + if err := ExactArgs(n)(cmd, args); err != nil { + return err + } + return OnlyValidArgs(cmd, args) + } +} + // RangeArgs returns an error if the number of args is not within the expected range. func RangeArgs(min int, max int) PositionalArgs { return func(cmd *Command, args []string) error { diff --git a/vendor/github.com/spf13/cobra/bash_completions.go b/vendor/github.com/spf13/cobra/bash_completions.go index 8fa8f486..c3c1e501 100644 --- a/vendor/github.com/spf13/cobra/bash_completions.go +++ b/vendor/github.com/spf13/cobra/bash_completions.go @@ -129,7 +129,13 @@ __%[1]s_handle_reply() fi if [[ ${#COMPREPLY[@]} -eq 0 ]]; then - declare -F __custom_func >/dev/null && __custom_func + if declare -F __%[1]s_custom_func >/dev/null; then + # try command name qualified custom func + __%[1]s_custom_func + else + # otherwise fall back to unqualified for compatibility + declare -F __custom_func >/dev/null && __custom_func + fi fi # available in bash-completion >= 2, not always present on macOS @@ -193,7 +199,8 @@ __%[1]s_handle_flag() fi # skip the argument to a two word flag - if __%[1]s_contains_word "${words[c]}" "${two_word_flags[@]}"; then + if [[ ${words[c]} != *"="* ]] && __%[1]s_contains_word "${words[c]}" "${two_word_flags[@]}"; then + __%[1]s_debug "${FUNCNAME[0]}: found a flag ${words[c]}, skip the next argument" c=$((c+1)) # if we are looking for a flags value, don't show commands if [[ $c -eq $cword ]]; then @@ -373,6 +380,10 @@ func writeFlag(buf *bytes.Buffer, flag *pflag.Flag, cmd *Command) { } format += "\")\n" buf.WriteString(fmt.Sprintf(format, name)) + if len(flag.NoOptDefVal) == 0 { + format = " two_word_flags+=(\"--%s\")\n" + buf.WriteString(fmt.Sprintf(format, name)) + } writeFlagHandler(buf, "--"+name, flag.Annotations, cmd) } diff --git a/vendor/github.com/spf13/cobra/cobra.go b/vendor/github.com/spf13/cobra/cobra.go index 7010fd15..6505c070 100644 --- a/vendor/github.com/spf13/cobra/cobra.go +++ b/vendor/github.com/spf13/cobra/cobra.go @@ -23,6 +23,7 @@ import ( "strconv" "strings" "text/template" + "time" "unicode" ) @@ -56,6 +57,12 @@ var MousetrapHelpText string = `This is a command line tool. You need to open cmd.exe and run it from there. ` +// MousetrapDisplayDuration controls how long the MousetrapHelpText message is displayed on Windows +// if the CLI is started from explorer.exe. Set to 0 to wait for the return key to be pressed. +// To disable the mousetrap, just set MousetrapHelpText to blank string (""). +// Works only on Microsoft Windows. +var MousetrapDisplayDuration time.Duration = 5 * time.Second + // AddTemplateFunc adds a template function that's available to Usage and Help // template generation. func AddTemplateFunc(name string, tmplFunc interface{}) { diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go index 34d1bf36..b257f91b 100644 --- a/vendor/github.com/spf13/cobra/command.go +++ b/vendor/github.com/spf13/cobra/command.go @@ -817,13 +817,11 @@ func (c *Command) ExecuteC() (cmd *Command, err error) { // overriding c.InitDefaultHelpCmd() - var args []string + args := c.args // Workaround FAIL with "go test -v" or "cobra.test -test.v", see #155 if c.args == nil && filepath.Base(os.Args[0]) != "cobra.test" { args = os.Args[1:] - } else { - args = c.args } var flags []string @@ -1335,7 +1333,7 @@ func (c *Command) LocalFlags() *flag.FlagSet { return c.lflags } -// InheritedFlags returns all flags which were inherited from parents commands. +// InheritedFlags returns all flags which were inherited from parent commands. func (c *Command) InheritedFlags() *flag.FlagSet { c.mergePersistentFlags() diff --git a/vendor/github.com/spf13/cobra/command_win.go b/vendor/github.com/spf13/cobra/command_win.go index edec728e..8768b173 100644 --- a/vendor/github.com/spf13/cobra/command_win.go +++ b/vendor/github.com/spf13/cobra/command_win.go @@ -3,6 +3,7 @@ package cobra import ( + "fmt" "os" "time" @@ -14,7 +15,12 @@ var preExecHookFn = preExecHook func preExecHook(c *Command) { if MousetrapHelpText != "" && mousetrap.StartedByExplorer() { c.Print(MousetrapHelpText) - time.Sleep(5 * time.Second) + if MousetrapDisplayDuration > 0 { + time.Sleep(MousetrapDisplayDuration) + } else { + c.Println("Press return to continue...") + fmt.Scanln() + } os.Exit(1) } } |