diff --git a/go.sum b/go.sum
index 71f82c8173..69d835263f 100644
--- a/go.sum
+++ b/go.sum
@@ -254,8 +254,6 @@ github.com/aws/amazon-ec2-instance-selector/v2 v2.4.2-0.20230601180523-74e721cb8
 github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.47.13 h1:pJgCtldg5azDAFoEcE0fz6n+FnCc1/FY4krtUa5uvZQ=
-github.com/aws/aws-sdk-go v1.47.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go v1.48.6 h1:hnL/TE3eRigirDLrdRE9AWE1ALZSVLAsC4wK8TGsMqk=
 github.com/aws/aws-sdk-go v1.48.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.16.2/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU=
@@ -265,18 +263,12 @@ github.com/aws/aws-sdk-go-v2 v1.23.1/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlL
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 h1:SdK4Ppk5IzLs64ZMvr6MrSficMtjY2oS0WOORXTlxwU=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM=
 github.com/aws/aws-sdk-go-v2/config v1.15.3/go.mod h1:9YL3v07Xc/ohTsxFXzan9ZpFpdTOFl4X65BAKYaz8jg=
-github.com/aws/aws-sdk-go-v2/config v1.25.2 h1:+Gy7Xe372Tw/PiUw3We94Le9IwU1tmJqCD6cvI4oBJM=
-github.com/aws/aws-sdk-go-v2/config v1.25.2/go.mod h1:6hFlwWQiVOUG0Ej2ql0tG4zPlpDH++HD0WT1MA6l5Q4=
 github.com/aws/aws-sdk-go-v2/config v1.25.6 h1:p7b0sR6lHVNNOK/dE4xZgq2R+NNFRjtAXy8WNE6jbpo=
 github.com/aws/aws-sdk-go-v2/config v1.25.6/go.mod h1:E/nt0ERX9ZX2RCcJWBax94jFn738UERvjSn4R3msEeQ=
 github.com/aws/aws-sdk-go-v2/credentials v1.11.2/go.mod h1:j8YsY9TXTm31k4eFhspiQicfXPLZ0gYXA50i4gxPE8g=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.1 h1:WessyrdgyFN5TB+eLQdrFSlN/3oMnqukIFhDxK6z8h0=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.1/go.mod h1:RQJyPxKcr+m4ArlIG1LUhMOrjposVfzbX6H8oR6oCgE=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.5 h1:oJz7X2VzKl8Y9pX7Fa5sIy4+3OnknF+Ne0KYu7DCoQQ=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.5/go.mod h1:2HvVzcP9ih6XR66omXIsgWjtolkL0MlQVqPcK3nXK+E=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.3/go.mod h1:uk1vhHHERfSVCUnqSqz8O48LBYDSC+k6brng09jcMOk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5 h1:KehRNiVzIfAcj6gw98zotVbb/K67taJE0fkfgM6vzqU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.5/go.mod h1:VhnExhw6uXy9QzetvpXDolo1/hjhx4u9qukBGkuUwjs=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.3 h1:ir7iEq78s4txFGgwcLqD6q9IIPzTQNRJXulJd9h/zQo=
@@ -292,44 +284,24 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.4/go.mod h1:dYvTNAggxDZy
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.10/go.mod h1:8DcYQcz0+ZJaSxANlHIsbbi6S+zMwjwdDqwW3r9AzaE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1 h1:2awLldJ8gWgB2lW/ywilHLgGzs06vYb69OjelFQVi2w=
-github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1/go.mod h1:6NGYQhD5ky3wERvkhdhnFk7RKCg3nidKqE6DOEZgGgg=
 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.3 h1:mDon+QEVnzmoNwf2AxLjfAVT1NoS3irdjof5PgOvDPo=
 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.3/go.mod h1:lqA7X+35oZ+zRUnjeYqoYsHECFFSbCBbACVaVmMVz/w=
-github.com/aws/aws-sdk-go-v2/service/cloudformation v1.39.1 h1:xV9/GIV2eE1BblYbl6cFUN7tGANcMlXQLEs32v5EDTk=
-github.com/aws/aws-sdk-go-v2/service/cloudformation v1.39.1/go.mod h1:NtPc2z+l8sxXmxz0eJebaBY1k1wwZCkXX/UurRbHqV8=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.40.2 h1:QjzO8xDhUbc0psx1DV6lSwvrNnav+F0zkk2dhnKi4yQ=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.40.2/go.mod h1:swqr+Ayq2Mv+l32CXjtrYrdNqMu5d0aSKeM63ud7G8M=
-github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.33.0 h1:X6XBuklzVI3VFiTuChGv+NNMUMKQIaBSUmkU6O1FrcM=
-github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.33.0/go.mod h1:yLuXsilN12lh4QXg3fr/tGGOzO52PxmLPeBY/ekiI7g=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.34.1 h1:jSktoWX1fKhlXlGJxTG+EZYQAQ4vlqlLVpG95O3MGHM=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.34.1/go.mod h1:fdOGahYloDvaLq9YhUpefHsAfJrkjsHk3c0YhAvvWwI=
-github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1 h1:TNRPtVMfBVk24DL3on3aCSVaEbkLJkVewen+ag01Y5E=
-github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1/go.mod h1:f+2AxSfO44KOyp+hsuDsjJyZmaOQxkcmGKRFExyHZdU=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.28.1 h1:i7bxghSeDvt+nxMKN+vB9pUdlenMWbKqdndm3ErLOGE=
 github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.28.1/go.mod h1:NRP65i31tm0UhGwc9j6TGwk7dMs1ZDprZPIHfr+gHCU=
-github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.2 h1:kqgHKdkdF6K+xz4rWz9Sx50qm6+CBCGpEmX+7tkpwMg=
-github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.2/go.mod h1:7O7U2Y1MsjX2IaSRjrQWZbDccO+MqWBWwvDTuuqsgaQ=
 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.4 h1:ewLNh1BfQMtrUGFcOIIdDzd3qkrQw1+C9312xEtog5o=
 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.30.4/go.mod h1:sxxp0zjx+yebgiDGl47XSPWCz+sg2gzghM+K8MwLGJU=
-github.com/aws/aws-sdk-go-v2/service/ec2 v1.135.0 h1:gX7PiK9aGDmDE/LcF+RCJYN1jlPkL21ZuBJFlVAkNtM=
-github.com/aws/aws-sdk-go-v2/service/ec2 v1.135.0/go.mod h1:xYJZQIo/YZxEbeBxUYRQJTCJ924EuKtDfrhVx76yzOE=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.137.2 h1:9bqRsa2YG+3fZXcCOh7UygOTBlp/EMjOn9QWkFSXNAY=
 github.com/aws/aws-sdk-go-v2/service/ec2 v1.137.2/go.mod h1:hrBzQzlQQRmiaeYRQPr0SdSx6fdqP+5YcGhb97LCt8M=
-github.com/aws/aws-sdk-go-v2/service/eks v1.34.0 h1:g3m365rWn0MLZagA77BSuQAzTqG8VB+azzCVtpmgnpg=
-github.com/aws/aws-sdk-go-v2/service/eks v1.34.0/go.mod h1:DInudKNZjEy7SJ0KfRh4VxaqY04B52Lq2+QRuvObfNQ=
 github.com/aws/aws-sdk-go-v2/service/eks v1.34.1 h1:lcpAUbLg8uZHGuZxOwm3TqSMt2LV/XTevPkGCu78PRk=
 github.com/aws/aws-sdk-go-v2/service/eks v1.34.1/go.mod h1:DInudKNZjEy7SJ0KfRh4VxaqY04B52Lq2+QRuvObfNQ=
-github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.2 h1:TIwCp2MbQ+6uxLK4bjA0eAtfOP307sEK3AJCqsXgofQ=
-github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.2/go.mod h1:4UKZnR0ESP4o2BEcfkVb/7uHMg/a8oOqD2W+Pp/oK1c=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.4 h1:iNNttXS8/FD0h1XnrZj9X9e/F9Dx5bfQszHgowrWpVU=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.20.4/go.mod h1:7skbCmhG0kau6mIihttFdNRmXAM2tORs1Flm9oAnPl4=
-github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.24.2 h1:4pOJ+1slB9s36rDsHvnbUd93SZZ4+Z/FdX5f1TKOiQk=
-github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.24.2/go.mod h1:NatT0jYQo0MfgZnIX8ReNWnbsl4rbQjuS+uci1KNkck=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.25.1 h1:Vxm9ZgTHgiKMhWxQYPE3UPEtkqrSUE3MNaf1c4YK3OU=
 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.25.1/go.mod h1:LA5Wi7UcSEu2/AAYRE7hgb2dcLhc10kziPXB78w7mpg=
-github.com/aws/aws-sdk-go-v2/service/iam v1.27.2 h1:Z3a5I5kKGsuVW4kbrtHVnLGUHpEpo19zFyo6dzP2WCM=
-github.com/aws/aws-sdk-go-v2/service/iam v1.27.2/go.mod h1:CYRyr95Q57xVvrcKJu3vw4jVVCZhmY1SyugM+EWXlzI=
 github.com/aws/aws-sdk-go-v2/service/iam v1.27.4 h1:W7aZ6WYk/R3kGhBbD6tAVwzYav8k0JQCGhEE+kXKl+k=
 github.com/aws/aws-sdk-go-v2/service/iam v1.27.4/go.mod h1:LklzfZoa7bL/NdhOzoaRtqSLGhu5j+GqE/9WoOQGFKY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.1/go.mod h1:GeUru+8VzrTXV/83XyMJ80KpH8xO89VPoUileyNQ+tc=
@@ -338,19 +310,13 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.3 h1:I0dcwWitE752hVSMrsLCxqNQ+UdEp3nACx2bYNMQq+k=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.3/go.mod h1:Seb8KNmD6kVTjwRjVEgOT5hPin6sq+v4C2ycJQDwuH8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.3/go.mod h1:wlY6SVjuwvh3TVRpTqdy4I1JpBFLX4UGeKZdWntaocw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.4 h1:rdovz3rEu0vZKbzoMYPTehp0E8veoE9AyfzqCr5Eeao=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.4/go.mod h1:aYCGNjyUCUelhofxlZyj63srdxWUSsBSGg5l6MCuXuE=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.3 h1:BKjwCJPnANbkwQ8vzSbaZDKawwagDubrH/z/c0X+kbQ=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.3/go.mod h1:Bm/v2IaN6rZ+Op7zX+bOUMdL4fsrYZiD0dsjLhNKwZc=
 github.com/aws/aws-sdk-go-v2/service/kms v1.16.3/go.mod h1:QuiHPBqlOFCi4LqdSskYYAWpQlx3PKmohy+rE2F+o5g=
-github.com/aws/aws-sdk-go-v2/service/kms v1.26.2 h1:cd6qixgKwsu4i1oT14brIYx9qZaXX/9CFrBncxYr7OY=
-github.com/aws/aws-sdk-go-v2/service/kms v1.26.2/go.mod h1:SBBCPcfsuNkvXnW4sDzoPNeow6xOaU6g2xTfj1dfxo4=
 github.com/aws/aws-sdk-go-v2/service/kms v1.26.4 h1:h7i9epxI6WCw4Mg0A2v6+zBgxlRYTuH/L+sBOMFKH3c=
 github.com/aws/aws-sdk-go-v2/service/kms v1.26.4/go.mod h1:N3++/sLV97B8Zliz7KRqNcojOX7iMBZWKiuit5FKtH0=
-github.com/aws/aws-sdk-go-v2/service/outposts v1.33.2 h1:BGKMmQ1+g4B+xa7XN4Y4/+2wFQamkkEvKqVANcNUvz0=
-github.com/aws/aws-sdk-go-v2/service/outposts v1.33.2/go.mod h1:05XXa0x5qP94PNvZV35LmnbC/gdfp3LsredHz6bX0h4=
 github.com/aws/aws-sdk-go-v2/service/outposts v1.33.4 h1:SEQCwls39YYqYUbM23R8FUUm0lJ9urL7EGuDSHMeSn4=
 github.com/aws/aws-sdk-go-v2/service/outposts v1.33.4/go.mod h1:/gRj71j9MfjKtN1hERMH6UNt/IqvDNaBanFvNr7+KDg=
 github.com/aws/aws-sdk-go-v2/service/pricing v1.17.0 h1:RQOMvPwte2H4ZqsiZmrla1crhBWDFnW8bZynkec5cGU=
@@ -361,22 +327,14 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.4/go.mod h1:PJc8s+lxyU
 github.com/aws/aws-sdk-go-v2/service/sns v1.17.4/go.mod h1:kElt+uCcXxcqFyc+bQqZPFD9DME/eC6oHBXvFzQ9Bcw=
 github.com/aws/aws-sdk-go-v2/service/sqs v1.18.3/go.mod h1:skmQo0UPvsjsuYYSYMVmrPc1HWCbHUJyrCEp+ZaLzqM=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.24.1/go.mod h1:NR/xoKjdbRJ+qx0pMR4mI+N/H1I1ynHwXnO6FowXJc0=
-github.com/aws/aws-sdk-go-v2/service/ssm v1.43.0 h1:hrbnozmShh4n0ar1Zk7Ol0ST1sep1ECGHLwbdbfAFRo=
-github.com/aws/aws-sdk-go-v2/service/ssm v1.43.0/go.mod h1:5tNnH3XNzW2Jo3TXQjKKH/Ivx7gRsz9nGcvGhq6YPRA=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.43.2 h1:IZq7BDqMNK06lAuReVTGzPGFcC81yaZvjuuOnst8EEk=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.43.2/go.mod h1:Iw3+XCa7ARZWsPiV3Zozf5Hb3gD7pHDLKu9Xcc4iwDM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.11.3/go.mod h1:7UQ/e69kU7LDPtY40OyoHYgRmgfGM4mgsLYtcObdveU=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.17.4 h1:WSMiDIMaDGyIiXwruNITU0IJF0d0foXwjxpxRylamqQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.17.4/go.mod h1:oA6VjNsLll2eVuUoF2D+CMyORgNzPEW/3PyUdq6WQjI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2 h1:sMAcO7VHVw28HTAdZpTULDzFirHOsVm/x25CxhUH0jA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.2 h1:GsrlsvTPBNxHvE3KBCwUMnR76MTO/6qnnO1ILSUOpTA=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.2/go.mod h1:hHL974p5auvXlZPIjJTblXJpbkfK4klBczlsEaMCGVY=
 github.com/aws/aws-sdk-go-v2/service/sts v1.16.3/go.mod h1:bfBj0iVmsUyUg4weDB4NxktD9rDGeKSVWnjTnwbx9b8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.2 h1:vwyiRTnXLqsak/6WAQ+uTRhVqKI6vxUQ0HJXjKij0zM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.2/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.25.5 h1:jwpmP8FnZPdpmJ8hkximoPQFGCUzfIekccwkxlfVfHQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.25.5/go.mod h1:feTnm2Tk/pJxdX+eooEsxvlvTWBvDm6CasRZ+JOs2IY=
 github.com/aws/smithy-go v1.11.2/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM=
@@ -611,8 +569,6 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
@@ -903,7 +859,6 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0
 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
-github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gophercloud/gophercloud v1.1.1 h1:MuGyqbSxiuVBqkPZ3+Nhbytk1xZxhmfCB2Rg1cJWFWM=
 github.com/gophercloud/gophercloud v1.1.1/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
@@ -1683,8 +1638,6 @@ github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlI
 github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
 github.com/vburenin/ifacemaker v1.2.1 h1:3Vq8B/bfBgjWTkv+jDg4dVL1KHt3k1K4lO7XRxYA2sk=
 github.com/vburenin/ifacemaker v1.2.1/go.mod h1:5WqrzX2aD7/hi+okBjcaEQJMg4lDGrpuEX3B8L4Wgrs=
-github.com/vektra/mockery/v2 v2.36.1 h1:F/2tEFFRWdHe36smr+e6YIiKzXTZVd0cCAUqG0GTw1s=
-github.com/vektra/mockery/v2 v2.36.1/go.mod h1:diB13hxXG6QrTR0ol2Rk8s2dRMftzvExSvPDKr+IYKk=
 github.com/vektra/mockery/v2 v2.38.0 h1:I0LBuUzZHqAU4d1DknW0DTFBPO6n8TaD38WL2KJf3yI=
 github.com/vektra/mockery/v2 v2.38.0/go.mod h1:diB13hxXG6QrTR0ol2Rk8s2dRMftzvExSvPDKr+IYKk=
 github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 h1:txplJASvd6b/hrE0s/Ixfpp2cuwH9IO9oZBAN9iYa4A=
@@ -1735,7 +1688,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 h1:+lm10QQTN
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
 gitlab.com/bosi/decorder v0.4.1 h1:VdsdfxhstabyhZovHafFw+9eJ6eU0d2CkFNJcZz/NU4=
 gitlab.com/bosi/decorder v0.4.1/go.mod h1:jecSqWUew6Yle1pCr2eLWTensJMmsxHsBwt+PVbkAqA=
 gitlab.com/digitalxero/go-conventional-commit v1.0.7 h1:8/dO6WWG+98PMhlZowt/YjuiKhqhGlOCwlIV8SqqGh8=
diff --git a/pkg/awsapi/generate/generate.go b/pkg/awsapi/generate/generate.go
index 26cbb142ae..7ca40f8caa 100644
--- a/pkg/awsapi/generate/generate.go
+++ b/pkg/awsapi/generate/generate.go
@@ -1,6 +1,5 @@
 package generate
 
-//go:generate ../../../build/scripts/generate-aws-interfaces.sh sts STS
 //go:generate ../../../build/scripts/generate-aws-interfaces.sh autoscaling ASG
 //go:generate ../../../build/scripts/generate-aws-interfaces.sh cloudwatchlogs CloudWatchLogs
 //go:generate ../../../build/scripts/generate-aws-interfaces.sh cloudformation CloudFormation
diff --git a/pkg/awsapi/sts.go b/pkg/awsapi/sts.go
index c94f294baa..4aa58bcbf6 100644
--- a/pkg/awsapi/sts.go
+++ b/pkg/awsapi/sts.go
@@ -1,321 +1,14 @@
-// Code generated by ifacemaker; DO NOT EDIT.
-
 package awsapi
 
 import (
 	"context"
 
-	. "github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
 )
 
 // STS provides an interface to the AWS STS service.
 type STS interface {
-	// Returns a set of temporary security credentials that you can use to access
-	// Amazon Web Services resources. These temporary credentials consist of an access
-	// key ID, a secret access key, and a security token. Typically, you use AssumeRole
-	// within your account or for cross-account access. For a comparison of AssumeRole
-	// with other API operations that produce temporary credentials, see Requesting
-	// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-	// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-	// in the IAM User Guide. Permissions The temporary security credentials created by
-	// AssumeRole can be used to make API calls to any Amazon Web Services service
-	// with the following exception: You cannot call the Amazon Web Services STS
-	// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
-	// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
-	// use for both inline and managed session policies can't exceed 2,048 characters.
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's
-	// identity-based policy and the session policies. You can use the role's temporary
-	// credentials in subsequent Amazon Web Services API calls to access resources in
-	// the account that owns the role. You cannot use session policies to grant more
-	// permissions than those allowed by the identity-based policy of the role that is
-	// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide. When you create a role, you create two policies: a role
-	// trust policy that specifies who can assume the role, and a permissions policy
-	// that specifies what can be done with the role. You specify the trusted principal
-	// that is allowed to assume the role in the role trust policy. To assume a role
-	// from a different account, your Amazon Web Services account must be trusted by
-	// the role. The trust relationship is defined in the role's trust policy when the
-	// role is created. That trust policy states which accounts are allowed to delegate
-	// that access to users in the account. A user who wants to access a role in a
-	// different account must also have permissions that are delegated from the account
-	// administrator. The administrator must attach a policy that allows the user to
-	// call AssumeRole for the ARN of the role in the other account. To allow a user
-	// to assume a role in the same account, you can do either of the following:
-	//   - Attach a policy to the user that allows the user to call AssumeRole (as long
-	//     as the role's trust policy trusts the account).
-	//   - Add the user as a principal directly in the role's trust policy.
-	//
-	// You can do either because the role’s trust policy acts as an IAM resource-based
-	// policy. When a resource-based policy grants access to a principal in the same
-	// account, no additional identity-based policy is required. For more information
-	// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
-	// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
-	// session. These tags are called session tags. For more information about session
-	// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide. An administrator must grant you the permissions necessary
-	// to pass session tags. The administrator can also create granular permissions to
-	// allow you to pass only specific session tags. For more information, see
-	// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-	// in the IAM User Guide. You can set the session tags as transitive. Transitive
-	// tags persist during role chaining. For more information, see Chaining Roles
-	// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-	// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
-	// multi-factor authentication (MFA) information when you call AssumeRole . This is
-	// useful for cross-account scenarios to ensure that the user that assumes the role
-	// has been authenticated with an Amazon Web Services MFA device. In that scenario,
-	// the trust policy of the role being assumed includes a condition that tests for
-	// MFA authentication. If the caller does not include valid MFA information, the
-	// request to assume the role is denied. The condition in a trust policy that tests
-	// for MFA authentication might look like the following example. "Condition":
-	// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
-	// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
-	// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
-	// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
-	// the user's hardware or virtual MFA device. The TokenCode is the time-based
-	// one-time password (TOTP) that the MFA device produces.
-	AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error)
-	// Returns a set of temporary security credentials for users who have been
-	// authenticated via a SAML authentication response. This operation provides a
-	// mechanism for tying an enterprise identity store or directory to role-based
-	// Amazon Web Services access without user-specific credentials or configuration.
-	// For a comparison of AssumeRoleWithSAML with the other API operations that
-	// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-	// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-	// in the IAM User Guide. The temporary security credentials returned by this
-	// operation consist of an access key ID, a secret access key, and a security
-	// token. Applications can use these temporary security credentials to sign calls
-	// to Amazon Web Services services. Session Duration By default, the temporary
-	// security credentials created by AssumeRoleWithSAML last for one hour. However,
-	// you can use the optional DurationSeconds parameter to specify the duration of
-	// your session. Your role session lasts for the duration that you specify, or
-	// until the time specified in the SAML authentication response's
-	// SessionNotOnOrAfter value, whichever is shorter. You can provide a
-	// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
-	// duration setting for the role. This setting can have a value from 1 hour to 12
-	// hours. To learn how to view the maximum value for your role, see View the
-	// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-	// in the IAM User Guide. The maximum session duration limit applies when you use
-	// the AssumeRole* API operations or the assume-role* CLI commands. However the
-	// limit does not apply when you use those operations to create a console URL. For
-	// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
-	// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
-	// limits your CLI or Amazon Web Services API role session to a maximum of one
-	// hour. When you use the AssumeRole API operation to assume a role, you can
-	// specify the duration of your role session with the DurationSeconds parameter.
-	// You can specify a parameter value of up to 43200 seconds (12 hours), depending
-	// on the maximum session duration setting for your role. However, if you assume a
-	// role using role chaining and provide a DurationSeconds parameter value greater
-	// than one hour, the operation fails. Permissions The temporary security
-	// credentials created by AssumeRoleWithSAML can be used to make API calls to any
-	// Amazon Web Services service with the following exception: you cannot call the
-	// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
-	// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
-	// use for both inline and managed session policies can't exceed 2,048 characters.
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's
-	// identity-based policy and the session policies. You can use the role's temporary
-	// credentials in subsequent Amazon Web Services API calls to access resources in
-	// the account that owns the role. You cannot use session policies to grant more
-	// permissions than those allowed by the identity-based policy of the role that is
-	// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
-	// Amazon Web Services security credentials. The identity of the caller is
-	// validated by using keys in the metadata document that is uploaded for the SAML
-	// provider entity for your identity provider. Calling AssumeRoleWithSAML can
-	// result in an entry in your CloudTrail logs. The entry includes the value in the
-	// NameID element of the SAML assertion. We recommend that you use a NameIDType
-	// that is not associated with any personally identifiable information (PII). For
-	// example, you could instead use the persistent identifier (
-	// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
-	// configure your IdP to pass attributes into your SAML assertion as session tags.
-	// Each session tag consists of a key name and an associated value. For more
-	// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
-	// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
-	// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-	// inline session policy, managed policy ARNs, and session tags into a packed
-	// binary format that has a separate limit. Your request can fail for this limit
-	// even if your plaintext meets the other requirements. The PackedPolicySize
-	// response element indicates by percentage how close the policies and tags for
-	// your request are to the upper size limit. You can pass a session tag with the
-	// same key as a tag that is attached to the role. When you do, session tags
-	// override the role's tags with the same key. An administrator must grant you the
-	// permissions necessary to pass session tags. The administrator can also create
-	// granular permissions to allow you to pass only specific session tags. For more
-	// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-	// in the IAM User Guide. You can set the session tags as transitive. Transitive
-	// tags persist during role chaining. For more information, see Chaining Roles
-	// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-	// in the IAM User Guide. SAML Configuration Before your application can call
-	// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
-	// issue the claims required by Amazon Web Services. Additionally, you must use
-	// Identity and Access Management (IAM) to create a SAML provider entity in your
-	// Amazon Web Services account that represents your identity provider. You must
-	// also create an IAM role that specifies this SAML provider in its trust policy.
-	// For more information, see the following resources:
-	//   - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
-	//     in the IAM User Guide.
-	//   - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
-	//     in the IAM User Guide.
-	//   - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
-	//     in the IAM User Guide.
-	//   - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
-	//     in the IAM User Guide.
-	AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error)
-	// Returns a set of temporary security credentials for users who have been
-	// authenticated in a mobile or web application with a web identity provider.
-	// Example providers include the OAuth 2.0 providers Login with Amazon and
-	// Facebook, or any OpenID Connect-compatible identity provider such as Google or
-	// Amazon Cognito federated identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
-	// . For mobile applications, we recommend that you use Amazon Cognito. You can use
-	// Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
-	// and the Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
-	// to uniquely identify a user. You can also supply the user with a consistent
-	// identity throughout the lifetime of an application. To learn more about Amazon
-	// Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
-	// in Amazon Cognito Developer Guide. Calling AssumeRoleWithWebIdentity does not
-	// require the use of Amazon Web Services security credentials. Therefore, you can
-	// distribute an application (for example, on mobile devices) that requests
-	// temporary security credentials without including long-term Amazon Web Services
-	// credentials in the application. You also don't need to deploy server-based proxy
-	// services that use long-term Amazon Web Services credentials. Instead, the
-	// identity of the caller is validated by using a token from the web identity
-	// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
-	// operations that produce temporary credentials, see Requesting Temporary
-	// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-	// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-	// in the IAM User Guide. The temporary security credentials returned by this API
-	// consist of an access key ID, a secret access key, and a security token.
-	// Applications can use these temporary security credentials to sign calls to
-	// Amazon Web Services service API operations. Session Duration By default, the
-	// temporary security credentials created by AssumeRoleWithWebIdentity last for
-	// one hour. However, you can use the optional DurationSeconds parameter to
-	// specify the duration of your session. You can provide a value from 900 seconds
-	// (15 minutes) up to the maximum session duration setting for the role. This
-	// setting can have a value from 1 hour to 12 hours. To learn how to view the
-	// maximum value for your role, see View the Maximum Session Duration Setting for
-	// a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
-	// in the IAM User Guide. The maximum session duration limit applies when you use
-	// the AssumeRole* API operations or the assume-role* CLI commands. However the
-	// limit does not apply when you use those operations to create a console URL. For
-	// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
-	// in the IAM User Guide. Permissions The temporary security credentials created by
-	// AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web
-	// Services service with the following exception: you cannot call the STS
-	// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
-	// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
-	// use for both inline and managed session policies can't exceed 2,048 characters.
-	// Passing policies to this operation returns new temporary credentials. The
-	// resulting session's permissions are the intersection of the role's
-	// identity-based policy and the session policies. You can use the role's temporary
-	// credentials in subsequent Amazon Web Services API calls to access resources in
-	// the account that owns the role. You cannot use session policies to grant more
-	// permissions than those allowed by the identity-based policy of the role that is
-	// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
-	// attributes into your web identity token as session tags. Each session tag
-	// consists of a key name and an associated value. For more information about
-	// session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
-	// tag keys can’t exceed 128 characters and the values can’t exceed 256 characters.
-	// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
-	// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
-	// inline session policy, managed policy ARNs, and session tags into a packed
-	// binary format that has a separate limit. Your request can fail for this limit
-	// even if your plaintext meets the other requirements. The PackedPolicySize
-	// response element indicates by percentage how close the policies and tags for
-	// your request are to the upper size limit. You can pass a session tag with the
-	// same key as a tag that is attached to the role. When you do, the session tag
-	// overrides the role tag with the same key. An administrator must grant you the
-	// permissions necessary to pass session tags. The administrator can also create
-	// granular permissions to allow you to pass only specific session tags. For more
-	// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-	// in the IAM User Guide. You can set the session tags as transitive. Transitive
-	// tags persist during role chaining. For more information, see Chaining Roles
-	// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
-	// in the IAM User Guide. Identities Before your application can call
-	// AssumeRoleWithWebIdentity , you must have an identity token from a supported
-	// identity provider and create a role that the application can assume. The role
-	// that your application assumes must trust the identity provider that is
-	// associated with the identity token. In other words, the identity provider must
-	// be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can
-	// result in an entry in your CloudTrail logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
-	// of the provided web identity token. We recommend that you avoid using any
-	// personally identifiable information (PII) in this field. For example, you could
-	// instead use a GUID or a pairwise identifier, as suggested in the OIDC
-	// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes)
-	// . For more information about how to use web identity federation and the
-	// AssumeRoleWithWebIdentity API, see the following resources:
-	//   - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
-	//     and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-	//     .
-	//   - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/)
-	//     . Walk through the process of authenticating through Login with Amazon,
-	//     Facebook, or Google, getting temporary security credentials, and then using
-	//     those credentials to make a request to Amazon Web Services.
-	//   - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
-	//     and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
-	//     . These toolkits contain sample apps that show how to invoke the identity
-	//     providers. The toolkits then show how to use the information from these
-	//     providers to get and use temporary security credentials.
-	//   - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications)
-	//     . This article discusses web identity federation and shows an example of how to
-	//     use web identity federation to get access to content in Amazon S3.
-	AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error)
-	// Decodes additional information about the authorization status of a request from
-	// an encoded message returned in response to an Amazon Web Services request. For
-	// example, if a user is not authorized to perform an operation that he or she has
-	// requested, the request returns a Client.UnauthorizedOperation response (an HTTP
-	// 403 response). Some Amazon Web Services operations additionally return an
-	// encoded message that can provide details about this authorization failure. Only
-	// certain Amazon Web Services operations return an encoded authorization message.
-	// The documentation for an individual operation indicates whether that operation
-	// returns an encoded message in addition to returning an HTTP code. The message is
-	// encoded because the details of the authorization status can contain privileged
-	// information that the user who requested the operation should not see. To decode
-	// an authorization status message, a user must be granted permissions through an
-	// IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
-	// to request the DecodeAuthorizationMessage ( sts:DecodeAuthorizationMessage )
-	// action. The decoded message includes the following type of information:
-	//   - Whether the request was denied due to an explicit deny or due to the
-	//     absence of an explicit allow. For more information, see Determining Whether a
-	//     Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
-	//     in the IAM User Guide.
-	//   - The principal who made the request.
-	//   - The requested action.
-	//   - The requested resource.
-	//   - The values of condition keys in the context of the user's request.
-	DecodeAuthorizationMessage(ctx context.Context, params *DecodeAuthorizationMessageInput, optFns ...func(*Options)) (*DecodeAuthorizationMessageOutput, error)
-	// Returns the account identifier for the specified access key ID. Access keys
-	// consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE ) and
-	// a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ).
-	// For more information about access keys, see Managing Access Keys for IAM Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
-	// in the IAM User Guide. When you pass an access key ID to this operation, it
-	// returns the ID of the Amazon Web Services account to which the keys belong.
-	// Access key IDs beginning with AKIA are long-term credentials for an IAM user or
-	// the Amazon Web Services account root user. Access key IDs beginning with ASIA
-	// are temporary credentials that are created using STS operations. If the account
-	// in the response belongs to you, you can sign in as the root user and review your
-	// root user access keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
-	// to learn which IAM user owns the keys. To learn who requested the temporary
-	// credentials for an ASIA access key, view the STS events in your CloudTrail logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
-	// in the IAM User Guide. This operation does not indicate the state of the access
-	// key. The key might be active, inactive, or deleted. Active keys might not have
-	// permissions to perform an operation. Providing a deleted access key might return
-	// an error that the key doesn't exist.
-	GetAccessKeyInfo(ctx context.Context, params *GetAccessKeyInfoInput, optFns ...func(*Options)) (*GetAccessKeyInfoOutput, error)
-	// Returns details about the IAM user or role whose credentials are used to call
+	// GetCallerIdentity returns details about the IAM user or role whose credentials are used to call
 	// the operation. No permissions are required to perform this operation. If an
 	// administrator attaches a policy to your identity that explicitly denies access
 	// to the sts:GetCallerIdentity action, you can still perform this operation.
@@ -323,120 +16,5 @@ type STS interface {
 	// access is denied. To view an example response, see I Am Not Authorized to
 	// Perform: iam:DeleteVirtualMFADevice (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
 	// in the IAM User Guide.
-	GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error)
-	// Returns a set of temporary security credentials (consisting of an access key
-	// ID, a secret access key, and a security token) for a user. A typical use is in a
-	// proxy application that gets temporary security credentials on behalf of
-	// distributed applications inside a corporate network. You must call the
-	// GetFederationToken operation using the long-term security credentials of an IAM
-	// user. As a result, this call is appropriate in contexts where those credentials
-	// can be safeguarded, usually in a server-based application. For a comparison of
-	// GetFederationToken with the other API operations that produce temporary
-	// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-	// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-	// in the IAM User Guide. Although it is possible to call GetFederationToken using
-	// the security credentials of an Amazon Web Services account root user rather than
-	// an IAM user that you create for the purpose of a proxy application, we do not
-	// recommend it. For more information, see Safeguard your root user credentials
-	// and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
-	// in the IAM User Guide. You can create a mobile-based or browser-based app that
-	// can authenticate users using a web identity provider like Login with Amazon,
-	// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
-	// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
-	// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
-	// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-	// in the IAM User Guide. Session duration The temporary credentials are valid for
-	// the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600
-	// seconds (36 hours). The default session duration is 43,200 seconds (12 hours).
-	// Temporary credentials obtained by using the root user credentials have a maximum
-	// duration of 3,600 seconds (1 hour). Permissions You can use the temporary
-	// credentials created by GetFederationToken in any Amazon Web Services service
-	// with the following exceptions:
-	//   - You cannot call any IAM operations using the CLI or the Amazon Web Services
-	//     API. This limitation does not apply to console sessions.
-	//   - You cannot call any STS operations except GetCallerIdentity .
-	//
-	// You can use temporary credentials for single sign-on (SSO) to the console. You
-	// must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// to this operation. You can pass a single JSON policy document to use as an
-	// inline session policy. You can also specify up to 10 managed policy Amazon
-	// Resource Names (ARNs) to use as managed session policies. The plaintext that you
-	// use for both inline and managed session policies can't exceed 2,048 characters.
-	// Though the session policy parameters are optional, if you do not pass a policy,
-	// then the resulting federated user session has no permissions. When you pass
-	// session policies, the session permissions are the intersection of the IAM user
-	// policies and the session policies that you pass. This gives you a way to further
-	// restrict the permissions for a federated user. You cannot use session policies
-	// to grant more permissions than those that are defined in the permissions policy
-	// of the IAM user. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
-	// in the IAM User Guide. For information about using GetFederationToken to create
-	// temporary security credentials, see GetFederationToken—Federation Through a
-	// Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken)
-	// . You can use the credentials to access a resource that has a resource-based
-	// policy. If that policy specifically references the federated user session in the
-	// Principal element of the policy, the session has the permissions allowed by the
-	// policy. These permissions are granted in addition to the permissions granted by
-	// the session policies. Tags (Optional) You can pass tag key-value pairs to your
-	// session. These are called session tags. For more information about session tags,
-	// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
-	// in the IAM User Guide. You can create a mobile-based or browser-based app that
-	// can authenticate users using a web identity provider like Login with Amazon,
-	// Facebook, Google, or an OpenID Connect-compatible identity provider. In this
-	// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/)
-	// or AssumeRoleWithWebIdentity . For more information, see Federation Through a
-	// Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
-	// in the IAM User Guide. An administrator must grant you the permissions necessary
-	// to pass session tags. The administrator can also create granular permissions to
-	// allow you to pass only specific session tags. For more information, see
-	// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
-	// in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is
-	// preserved. This means that you cannot have separate Department and department
-	// tag keys. Assume that the user that you are federating has the Department =
-	// Marketing tag and you pass the department = engineering session tag. Department
-	// and department are not saved as separate tags, and the session tag passed in
-	// the request takes precedence over the user tag.
-	GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error)
-	// Returns a set of temporary credentials for an Amazon Web Services account or
-	// IAM user. The credentials consist of an access key ID, a secret access key, and
-	// a security token. Typically, you use GetSessionToken if you want to use MFA to
-	// protect programmatic calls to specific Amazon Web Services API operations like
-	// Amazon EC2 StopInstances . MFA-enabled IAM users must call GetSessionToken and
-	// submit an MFA code that is associated with their MFA device. Using the temporary
-	// security credentials that the call returns, IAM users can then make programmatic
-	// calls to API operations that require MFA authentication. An incorrect MFA code
-	// causes the API to return an access denied error. For a comparison of
-	// GetSessionToken with the other API operations that produce temporary
-	// credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
-	// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
-	// in the IAM User Guide. No permissions are required for users to perform this
-	// operation. The purpose of the sts:GetSessionToken operation is to authenticate
-	// the user using MFA. You cannot use policies to control authentication
-	// operations. For more information, see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
-	// in the IAM User Guide. Session Duration The GetSessionToken operation must be
-	// called by using the long-term Amazon Web Services security credentials of an IAM
-	// user. Credentials that are created by IAM users are valid for the duration that
-	// you specify. This duration can range from 900 seconds (15 minutes) up to a
-	// maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
-	// hours). Credentials based on account credentials can range from 900 seconds (15
-	// minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. Permissions The
-	// temporary security credentials created by GetSessionToken can be used to make
-	// API calls to any Amazon Web Services service with the following exceptions:
-	//   - You cannot call any IAM API operations unless MFA authentication
-	//     information is included in the request.
-	//   - You cannot call any STS API except AssumeRole or GetCallerIdentity .
-	//
-	// The credentials that GetSessionToken returns are based on permissions
-	// associated with the IAM user whose credentials were used to call the operation.
-	// The temporary credentials have the same permissions as the IAM user. Although it
-	// is possible to call GetSessionToken using the security credentials of an Amazon
-	// Web Services account root user rather than an IAM user, we do not recommend it.
-	// If GetSessionToken is called using root user credentials, the temporary
-	// credentials have root user permissions. For more information, see Safeguard
-	// your root user credentials and don't use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
-	// in the IAM User Guide For more information about using GetSessionToken to
-	// create temporary credentials, see Temporary Credentials for Users in Untrusted
-	// Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
-	// in the IAM User Guide.
-	GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error)
+	GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
 }
-